Esempio n. 1
0
 static function call($name, $subname, Contact $user, $qreq, $selection)
 {
     $uf = null;
     if (isset(self::$byname[$name])) {
         $ufm = self::$byname[$name];
         if ((string) $subname !== "" && isset($ufm[$subname])) {
             $uf = $ufm[$subname];
         } else {
             if (isset($ufm[""])) {
                 $uf = $ufm[""];
             }
         }
     }
     if (is_array($selection)) {
         $selection = new SearchSelection($selection);
     }
     if (!$uf) {
         $error = "No such search action.";
     } else {
         if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
             $error = "Missing credentials.";
         } else {
             if ($uf[1] & SiteLoader::API_PAPER && $selection->is_empty()) {
                 $error = "No papers selected.";
             } else {
                 if (!$uf[0]->allow($user)) {
                     $error = "Permission error.";
                 } else {
                     $error = $uf[0]->run($user, $qreq, $selection);
                 }
             }
         }
     }
     if (is_string($error) && $qreq->ajax) {
         json_exit(["ok" => false, "error" => $error]);
     } else {
         if (is_string($error)) {
             Conf::msg_error($error);
         }
     }
     return $error;
 }
Esempio n. 2
0
function check_login()
{
    $username = check_post("username");
    $password = check_post("password");
    $remember = check_post("remember");
    if (!$username || !$password) {
        return false;
    }
    include '../bbdd/bbdd.php';
    foreach ($users as $user) {
        if ($username == $user["username"] && $password == $user["password"]) {
            /*Pregunto si queremos cookies*/
            if ($remember) {
                setcookie("login", $username, strtotime("+15 days"), "/");
            }
            session_start();
            $_SESSION["username"] = $username;
            header("location:profile.php");
            exit;
        }
    }
    echo "No existe el usuario y/o contraseña";
    return false;
}
Esempio n. 3
0
function check_login()
{
    $username = check_post('username');
    $password = check_post('password');
    $remember = check_post('remember');
    if (!$username || !$password) {
        return false;
    }
    include '../bbdd/bbdd.php';
    foreach ($users as $user) {
        if ($username == $user['username'] && $password == $user['password']) {
            /* Pregunto si queremos cookies */
            if ($remember) {
                setcookie('login', $username, strtotime('+15 days'), '/');
            }
            session_start();
            $_SESSION['username'] = $username;
            header('Location:profile.php');
            exit;
        }
    }
    echo "No existe el usuario y/o contraseña";
    return false;
}
Esempio n. 4
0
 public static function loginHandle()
 {
     if (check_post('cc_login_uname', 'cc_login_passwd', 'cc_login_login')) {
         // for security, we don't want session fixation :(
         session_regenerate_id();
         $_SESSION['uname'] = $_POST['cc_login_uname'];
         $_SESSION['pword'] = hash('whirlpool', $_POST['cc_login_passwd']);
         $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
         $_SESSION['last_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
         if (self::checkSession()) {
             //var_dump(TH_PUB_ADMIN);exit();
             if ($_POST['cc_login_remember'] == "yes") {
                 $host = $_SERVER['HTTP_HOST'];
                 if (substr($host, 0, 4) == "www.") {
                     $host = substr($host, 3);
                 }
                 setcookie('ln', self::packCookie(), time() + 60 * 60 * 24 * 30 * 12);
             }
             cc_redirect(TH_PUB_ADMIN, true);
         } else {
             Filters::bind('post_output_login', 'Users::outputError');
         }
     }
 }
Esempio n. 5
0
global $User, $Pset, $Info, $Commit;
$User = $Me;
if (isset($_REQUEST["u"]) && (!$Me->isPC || !($User = ContactView::prepare_user($_REQUEST["u"])))) {
    redirectSelf(array("u" => null));
}
assert($User == $Me || $Me->isPC);
assert($Me->privChair);
if (@$_POST["enable"] && check_post()) {
    UserActions::enable(array($User->contactId), $Me);
    redirectSelf();
}
if (@$_POST["disable"] && check_post()) {
    UserActions::disable(array($User->contactId), $Me);
    redirectSelf();
}
if (@$_POST["update"] && check_post()) {
    $ck = $cv = array();
    $roles = 0;
    if (@$_POST["pctype"] === "chair") {
        $roles |= Contact::ROLE_CHAIR | Contact::ROLE_PC;
    } else {
        if (@$_POST["pctype"] === "pc") {
            $roles |= Contact::ROLE_PC;
        }
    }
    if (@$_POST["sysadmin"]) {
        $roles |= Contact::ROLE_ADMIN;
    }
    $ck[] = "roles={$roles}";
    Dbl::qe_apply("update ContactInfo set " . join($ck, ",") . " where contactId=" . $User->contactId, $cv);
    redirectSelf();
Esempio n. 6
0
        //    echo $query;
        $lng_id_query = mysql_query($query, $GLOBALS["link"]) or die("" . $query . " <br> " . mysql_error($GLOBALS["link"]));
        $lng_id = mysql_fetch_assoc($lng_id_query);
        for ($i = 1; $i <= 4; $i++) {
            echo "<img src=\"assets/images/" . ($lng_id["cena" . $i] > 0 ? "checked" : "unchecked") . ".png\">";
        }
        echo "</td>";
        echo "<td><img src=\"assets/images/" . (file_exists("../docs/products/{$pol['id']}.3ds") ? "checked" : "unchecked") . ".png\"></td>";
        echo "<td><img src=\"assets/images/" . (file_exists("../docs/products/{$pol['id']}.max") ? "checked" : "unchecked") . ".png\"></td>";
        echo "</tr>";
    }
    echo "\r\n  </tbody>\r\n</table>\r\n";
}
if ($action == "edit") {
    if ($_POST[submit]) {
        $id = check_post($_POST[id]);
        $zobraz = check_sql($zobraz);
        if (is_numeric($id) and is_numeric($zobraz) and is_numeric($rodic)) {
            $query = "UPDATE " . PREFIX . "{$table} SET vyrobok=\"{$vyrobok}\", zobraz={$zobraz}, druh={$druh}, seria={$seria}, popis_serie={$popis_serie},\r\n                    farby=\"{$farby}\", rozmer=\"{$rozmer}\", hmotnost={$hmotnost}, parent={$rodic}, novinka={$novinka} \r\n                    WHERE id={$id}";
            //echo $query;
            $result_menu = mysql_query($query, $GLOBALS[link]) or die("SQL nebol uspesne napojeny<br>" . $query . " <br> " . mysql_error($GLOBALS[link]));
            // ---------- uprava cien vyrobku
            $query = "SELECT id FROM " . PREFIX . "vyrobky_ceny WHERE id_vyrobky={$id}";
            $lng_id_query = mysql_query($query, $GLOBALS["link"]) or die("" . $query . " <br> " . mysql_error($GLOBALS["link"]));
            $lng_id = mysql_num_rows($lng_id_query);
            if ($lng_id > 0) {
                $query = "UPDATE " . PREFIX . "vyrobky_ceny SET cena1={$cena1}, cena2={$cena2}, cena3={$cena3}, cena4={$cena4}\r\n                        WHERE id_vyrobky={$id}";
                echo $query;
                $result_menu = mysql_query($query, $GLOBALS[link]) or die("SQL nebol uspesne napojeny<br>" . $query . " <br> " . mysql_error($GLOBALS[link]));
            } else {
                $query = "INSERT INTO " . PREFIX . "vyrobky_ceny (id, id_vyrobky, cena1, cena2, cena3,  cena4) \r\n                        VALUES ( '', {$id}, '{$cena1}', '{$cena2}', '{$cena3}', '{$cena4}')";
Esempio n. 7
0
        Dbl::qe_raw("delete from ReviewRequest where paperId={$prow->paperId} and email='" . sqlq($email) . "'");
        if (($reqId = Contact::id_by_email($email)) > 0) {
            Dbl::qe_raw("insert into PaperReviewRefused (paperId, contactId, requestedBy, reason) values ({$prow->paperId}, {$reqId}, {$Requester->contactId}, 'request denied by chair')");
        }
        // send anticonfirmation email
        HotCRPMailer::send_to($Requester, "@denyreviewrequest", $prow, array("reviewer_contact" => (object) array("fullName" => trim(defval($_REQUEST, "name", "")), "email" => $email)));
        $Conf->confirmMsg("Proposed reviewer denied.");
    } else {
        Conf::msg_error("No one has proposed that " . htmlspecialchars($email) . " review this paper.");
    }
    Dbl::qx_raw("unlock tables");
    unset($_REQUEST["email"], $_GET["email"], $_POST["email"]);
    unset($_REQUEST["name"], $_GET["name"], $_POST["name"]);
}
// add primary or secondary reviewer
if (isset($_REQUEST["addpc"]) && $Me->allow_administer($prow) && check_post()) {
    if (($pcid = cvtint(@$_REQUEST["pcid"])) <= 0) {
        Conf::msg_error("Enter a PC member.");
    } else {
        if (($pctype = cvtint(@$_REQUEST["pctype"])) == REVIEW_PRIMARY || $pctype == REVIEW_SECONDARY || $pctype == REVIEW_PC) {
            $Me->assign_review($prow->paperId, $pcid, $pctype);
            $Conf->update_rev_tokens_setting(false);
        }
    }
    loadRows();
}
// paper table
$paperTable = new PaperTable($prow, make_qreq(), "assign");
$paperTable->initialize(false, false);
confHeader();
// begin form and table
Esempio n. 8
0
    if (get($_POST, "anonymous") === "yes") {
        $o->anonymous = true;
    } else {
        $o->anonymous = $old_pset->anonymous ? false : null;
    }
    save_config_overrides($psetkey, $o, $json);
}
if ($Me->privChair && check_post() && get($_GET, "reconfig")) {
    reconfig();
}
// check global system settings
if ($Me->privChair) {
    require_once "adminhome.php";
}
// Enable users
if ($Me->privChair && check_post() && isset($_GET["enable_user"])) {
    if ($_GET["enable_user"] == "college") {
        $users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and not extension"));
    } else {
        if ($_GET["enable_user"] == "extension") {
            $users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and extension"));
        } else {
            if ($_GET["enable_user"] == "pc") {
                $users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PC . ")!=0"));
            } else {
                $users = edb_first_columns(Dbl::qe("select contactId from ContactInfo where email like ?", $_GET["enable_user"]));
            }
        }
    }
    if (!count($users)) {
        $Conf->warnMsg("No users match.");
Esempio n. 9
0
            $kiosk_keys[$kj->show_papers ? 1 : 0] = $k;
        }
    }
    for ($i = 0; $i <= 1; ++$i) {
        if (!$kiosk_keys[$i]) {
            $key = hotcrp_random_password();
            $kiosks[$key] = (object) array("update_at" => $Now, "show_papers" => !!$i);
            $kiosk_keys[$i] = $kchange = $key;
        }
    }
    // save kiosks
    if ($kchange) {
        $Conf->save_setting("__tracker_kiosk", 1, $kiosks);
    }
}
if ($Me->privChair && isset($_POST["signout_to_kiosk"]) && check_post()) {
    LoginHelper::logout(false);
    $Me->change_capability("tracker_kiosk", $kiosk_keys[@$_POST["buzzer_showpapers"] ? 1 : 0]);
    redirectSelf();
}
function kiosk_lookup($key)
{
    global $Conf, $Now;
    $kiosks = (array) ($Conf->setting_json("__tracker_kiosk") ?: array());
    if (@$kiosks[$key] && $kiosks[$key]->update_at >= $Now - 604800) {
        return $kiosks[$key];
    }
    return null;
}
$kiosk = null;
if (!$Me->has_email() && !$Me->capability("tracker_kiosk") && ($key = Navigation::path_component(0)) && ($kiosk = kiosk_lookup($key))) {
Esempio n. 10
0
 public static function call_api($fn, $user, $qreq, $prow)
 {
     // XXX precondition: $user->can_view_paper($prow) || !$prow
     if (isset(SiteLoader::$api_map[$fn])) {
         $uf = SiteLoader::$api_map[$fn];
         if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
             json_exit(["ok" => false, "error" => "Missing credentials."]);
         }
         if ($uf[1] & SiteLoader::API_PAPER && !$prow) {
             json_exit(["ok" => false, "error" => "No such paper."]);
         }
         call_user_func($uf[0], $user, $qreq, $prow);
         return true;
     }
     return false;
 }
Esempio n. 11
0
 $groestl_power = check_post($_POST["groestl_power"], $groestl_power);
 $qubit_power = check_post($_POST["qubit_power"], $qubit_power);
 $sha_hardware = check_post($_POST["sha_hardware"], $sha_hardware);
 $scrypt_hardware = check_post($_POST["scrypt_hardware"], $scrypt_hardware);
 $skein_hardware = check_post($_POST["skein_hardware"], $skein_hardware);
 $groestl_hardware = check_post($_POST["groestl_hardware"], $groestl_hardware);
 $qubit_hardware = check_post($_POST["qubit_hardware"], $qubit_hardware);
 $sha_poolfee = check_post($_POST["sha_poolfee"], $sha_poolfee);
 $scrypt_poolfee = check_post($_POST["scrypt_poolfee"], $scrypt_poolfee);
 $skein_poolfee = check_post($_POST["skein_poolfee"], $skein_poolfee);
 $groestl_poolfee = check_post($_POST["groestl_poolfee"], $groestl_poolfee);
 $qubit_poolfee = check_post($_POST["qubit_poolfee"], $qubit_poolfee);
 $power_cost = check_post($_POST["power_cost"], $power_cost);
 $myr_price = check_post($_POST["myr_price"], $myr_price);
 $btc_price = check_post($_POST["btc_price"], $btc_price);
 $coins_per_block = check_post($_POST["coins_per_block"], $coins_per_block);
 $results = calculate();
 if (search_ip_address($user_array, $ip) >= 0) {
     update_user($ip, $sha_hashrate, $scrypt_hashrate, $skein_hashrate, $groestl_hashrate, $qubit_hashrate, $sha_power, $scrypt_power, $skein_power, $groestl_power, $qubit_power, $sha_hardware, $scrypt_hardware, $skein_hardware, $groestl_hardware, $qubit_hardware, $sha_poolfee, $scrypt_poolfee, $skein_poolfee, $groestl_poolfee, $qubit_poolfee, $power_cost);
 } else {
     add_user($ip, $sha_hashrate, $scrypt_hashrate, $skein_hashrate, $groestl_hashrate, $qubit_hashrate, $sha_power, $scrypt_power, $skein_power, $groestl_power, $qubit_power, $sha_hardware, $scrypt_hardware, $skein_hardware, $groestl_hardware, $qubit_hardware, $sha_poolfee, $scrypt_poolfee, $skein_poolfee, $groestl_poolfee, $qubit_poolfee, $power_cost);
 }
 if ($_POST["clear"]) {
     $diff = get_avg_diffs($avg);
     $average_string = "(24 hr average)";
     $sha_diff = number_format($diff[0], 2, '.', '');
     $scrypt_diff = number_format($diff[1], 2, '.', '');
     $skein_diff = number_format($diff[2], 2, '.', '');
     $groestl_diff = number_format($diff[3], 2, '.', '');
     $qubit_diff = number_format($diff[4], 2, '.', '');
     $sha_hashrate = "";
Esempio n. 12
0
        }
    }
    // Double-encoding bugs found?
    if ($Conf->setting("bug_doubleencoding")) {
        $m[] = "Double-encoded URLs have been detected. Incorrect uses of Apache’s <code>mod_rewrite</code>, and other middleware, can encode URL parameters twice. This can cause problems, for instance when users log in via links in email. (“<code>a@b.com</code>” should be encoded as “<code>a%40b.com</code>”; a double encoding will produce “<code>a%2540b.com</code>”.) HotCRP has tried to compensate, but you really should fix the problem. For <code>mod_rewrite</code> add <a href='http://httpd.apache.org/docs/current/mod/mod_rewrite.html'>the <code>[NE]</code> option</a> to the relevant RewriteRule. <a href=\"" . hoturl_post("index", "clearbug=doubleencoding") . "\">(Clear&nbsp;this&nbsp;message)</a>";
    }
    // Unnotified reviews?
    if ($Conf->setting("pcrev_assigntime", 0) > $Conf->setting("pcrev_informtime", 0)) {
        $assigntime = $Conf->setting("pcrev_assigntime");
        $result = $Conf->qe("select paperId from PaperReview where reviewType>" . REVIEW_PC . " and timeRequested>timeRequestNotified and reviewSubmitted is null and reviewNeedsSubmit!=0 limit 1");
        if (edb_nrows($result)) {
            $m[] = "PC review assignments have changed. You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>. <a href=\"" . hoturl_post("index", "clearnewpcrev={$assigntime}") . "\">(Clear&nbsp;this&nbsp;message)</a>";
        } else {
            $Conf->save_setting("pcrev_informtime", $assigntime);
        }
    }
    if (count($m)) {
        $Conf->warnMsg("<div>" . join('</div><div style="margin-top:0.5em">', $m) . "</div>");
    }
}
assert($Me->privChair);
if (isset($_REQUEST["clearbug"]) && check_post()) {
    $Conf->save_setting("bug_" . $_REQUEST["clearbug"], null);
}
if (isset($_REQUEST["clearnewpcrev"]) && ctype_digit($_REQUEST["clearnewpcrev"]) && check_post() && $Conf->setting("pcrev_informtime", 0) <= $_REQUEST["clearnewpcrev"]) {
    $Conf->save_setting("pcrev_informtime", $_REQUEST["clearnewpcrev"]);
}
if (isset($_REQUEST["clearbug"]) || isset($_REQUEST["clearnewpcrev"])) {
    redirectSelf(array("clearbug" => null, "clearnewpcrev" => null));
}
admin_home_messages();
Esempio n. 13
0
        }
    }
    // update trueuser
    if (strcasecmp($_SESSION["trueuser"]->email, $new_user->email)) {
        $_SESSION["trueuser"] = (object) ["email" => $new_user->email];
    }
    if ($MergeError == "") {
        $Conf->confirmMsg("Merged account " . htmlspecialchars($old_user->email) . ".");
        $new_user->log_activity("Merged account {$old_user->email}");
        go(hoturl("index"));
    } else {
        $new_user->log_activity("Merged account {$old_user->email} with errors");
        $MergeError .= $Conf->db_error_html(true);
    }
}
if (isset($_REQUEST["merge"]) && check_post()) {
    if (!$_REQUEST["email"]) {
        $MergeError = "Enter an email address to merge.";
    } else {
        if (!$_REQUEST["password"]) {
            $MergeError = "Enter the password of the account to merge.";
        } else {
            $MiniMe = Contact::find_by_email($_REQUEST["email"]);
            if (!$MiniMe) {
                $MergeError = "No account for " . htmlspecialchars($_REQUEST["email"]) . " exists.  Did you enter the correct email address?";
            } else {
                if (!$MiniMe->check_password($_REQUEST["password"])) {
                    $MergeError = "That password is incorrect.";
                } else {
                    if ($MiniMe->contactId == $Me->contactId) {
                        $Conf->confirmMsg("Accounts successfully merged.");
Esempio n. 14
0
                        $nfail = $Conf->session("rev_token_fail", 0) + 1;
                        $Conf->save_session("rev_token_fail", $nfail);
                    }
                }
            }
        }
    }
    if ($cleared && !count($tokeninfo)) {
        $tokeninfo[] = "Review tokens cleared.";
    }
    if (count($tokeninfo)) {
        $Conf->infoMsg(join("<br />\n", $tokeninfo));
    }
    redirectSelf();
}
if (isset($_REQUEST["token"]) && check_post() && !$Me->is_empty()) {
    change_review_tokens();
}
if (isset($_REQUEST["cleartokens"])) {
    $Me->change_review_token(false, false);
}
if ($Me->privChair) {
    require_once "adminhome.php";
}
$title = $Me->is_empty() || isset($_REQUEST["signin"]) ? "Sign in" : "Home";
$Conf->header($title, "home", actionBar());
$xsep = " <span class='barsep'>·</span> ";
if ($Me->privChair) {
    echo "<div id='clock_drift_container'></div>";
}
// Sidebar
Esempio n. 15
0
                $Conf->warnMsg("That assignment file makes no changes.");
            } else {
                $atype = $assignset->type_description();
                echo '<h3>Proposed ', $atype ? $atype . " " : "", 'assignment</h3>';
                $Conf->infoMsg("Select “Apply changes” if this looks OK. (You can always alter the assignment afterwards.)");
                list($atypes, $apids) = $assignset->types_and_papers(true);
                echo Ht::form_div(hoturl_post("bulkassign", ["saveassignment" => 1, "assigntypes" => join(" ", $atypes), "assignpids" => join(" ", $apids)]));
                $assignset->echo_unparse_display();
                echo '<div class="g"></div>', '<div class="aahc"><div class="aa">', Ht::submit("Apply changes"), ' &nbsp;', Ht::submit("cancel", "Cancel"), Ht::hidden("default_action", $defaults["action"]), Ht::hidden("rev_roundtag", $defaults["round"]), Ht::hidden("file", $text), Ht::hidden("assignment_size_estimate", $csv_lineno), Ht::hidden("filename", $filename), Ht::hidden("requestreview_notify", req("requestreview_notify")), Ht::hidden("requestreview_subject", req("requestreview_subject")), Ht::hidden("requestreview_body", req("requestreview_body")), Ht::hidden("bulkentry", req("bulkentry")), '</div></div></div></form>', "\n";
                $Conf->footer();
                exit;
            }
        }
    }
}
if (isset($_REQUEST["saveassignment"]) && check_post() && isset($_POST["file"]) && get($_POST, "assignment_size_estimate") >= 1000) {
    complete_assignment("keep_browser_alive");
    finish_browser_alive();
}
echo Ht::form_div(hoturl_post("bulkassign", "upload=1"), array("divstyle" => "margin-top:1em"));
// Upload
echo '<div class="f-contain"><div class="f-i"><div class="f-e">', Ht::textarea("bulkentry", req_s("bulkentry"), ["rows" => 1, "cols" => 80, "placeholder" => "Enter assignments"]), '</div></div></div>';
echo '<div class="g"><strong>OR</strong> &nbsp;', '<input type="file" name="bulk" accept="text/plain,text/csv" size="30" /></div>';
echo '<div id="foldoptions" class="lg foldc fold2o">', 'By default, assign&nbsp; ', Ht::select("default_action", array("primary" => "primary reviews", "secondary" => "secondary reviews", "pcreview" => "optional PC reviews", "review" => "external reviews", "conflict" => "PC conflicts", "lead" => "discussion leads", "shepherd" => "shepherds", "tag" => "add tags", "settag" => "replace tags", "preference" => "reviewer preferences"), defval($_REQUEST, "default_action", "primary"), array("id" => "tsel", "onchange" => "fold(\"options\",this.value!=\"review\");fold(\"options\",!/^(?:primary|secondary|(?:pc)?review)\$/.test(this.value),2)"));
$rev_rounds = $Conf->round_selector_options();
if (count($rev_rounds) > 1) {
    echo '<span class="fx2">&nbsp; in round &nbsp;', Ht::select("rev_roundtag", $rev_rounds, $_REQUEST["rev_roundtag"] ?: "unnamed"), '</span>';
} else {
    if (!get($rev_rounds, "unnamed")) {
        echo '<span class="fx2">&nbsp; in round ', $Conf->current_round_name(), '</span>';
    }
Esempio n. 16
0
     }
     if ($MST['vmobile'] && $MG['vmobile']) {
         $V['vmobile'] or dheader('validate.php?action=mobile&itemid=1');
     }
     if ($MST['vtruename'] && $MG['vtruename']) {
         $V['vtruename'] or dheader('validate.php?action=truename&itemid=1');
     }
     if ($MST['vcompany'] && $MG['vcompany']) {
         $V['vcompany'] or dheader('validate.php?action=company&itemid=1');
     }
 }
 if ($_credit < 0 && $MST['credit_less'] && $action == 'add') {
     dheader('credit.php?action=less');
 }
 if ($submit) {
     check_post() or dalert($L['bad_data']);
     //safe
     $BANWORD = cache_read('banword.php');
     if ($BANWORD && isset($post)) {
         $keys = array('title', 'tag', 'introduce', 'content');
         foreach ($keys as $v) {
             if (isset($post[$v])) {
                 $post[$v] = banword($BANWORD, $post[$v]);
             }
         }
     }
 }
 $MYMODS = array();
 if (isset($MG['moduleids']) && $MG['moduleids']) {
     $MYMODS = explode(',', $MG['moduleids']);
 }
Esempio n. 17
0
        if (count($changedn)) {
            $Conf->confirmMsg("Changes saved.");
        } else {
            $Conf->warnMsg("No changes.");
        }
        $sv->report();
        redirectSelf();
    } else {
        SettingGroup::crosscheck($sv, $Group);
        $sv->report();
    }
}
if (isset($_REQUEST["update"]) && check_post()) {
    do_setting_update($Sv);
}
if (isset($_REQUEST["cancel"]) && check_post()) {
    redirectSelf();
}
if (!$Sv->warnings_reported) {
    SettingGroup::crosscheck($Sv, $Group);
    $Sv->report();
}
$Conf->header("Settings &nbsp;&#x2215;&nbsp; <strong>" . SettingGroup::$all[$Group]->description . "</strong>", "settings", actionBar());
$Conf->echoScript("");
// clear out other script references
echo $Conf->make_script_file("scripts/settings.js"), "\n";
echo Ht::form(hoturl_post("settings", "group={$Group}"), array("id" => "settingsform"));
echo '<div class="leftmenu_menucontainer"><div class="leftmenu_list">';
foreach (SettingGroup::all() as $g) {
    if ($g->name === $Group) {
        echo '<div class="leftmenu_item_on">', $g->description, '</div>';
Esempio n. 18
0
        $pj = PaperStatus::clone_json($opj);
        PaperSaver::replace_contacts($pj, $Qreq);
        if ($ps->save_paper_json($pj, $opj)) {
            redirectSelf();
        } else {
            Conf::msg_error("<ul><li>" . join("</li><li>", $ps->error_html()) . "</li></ul>");
            $Error = $ps->error_fields();
        }
    } else {
        Conf::msg_error(whyNotText(array("permission" => 1), "update contacts for"));
    }
    // use request?
    $useRequest = true;
}
// delete action
if ($Qreq->delete && check_post()) {
    if ($newPaper) {
        $Conf->confirmMsg("Paper deleted.");
    } else {
        if (!$Me->privChair) {
            Conf::msg_error("Only the program chairs can permanently delete papers. Authors can withdraw papers, which is effectively the same.");
        } else {
            // mail first, before contact info goes away
            if (!$Me->privChair || $Qreq->doemail > 0) {
                HotCRPMailer::send_contacts("@deletepaper", $prow, array("reason" => (string) $Qreq->emailNote, "infoNames" => 1));
            }
            // XXX email self?
            $error = false;
            $tables = array('Paper', 'PaperStorage', 'PaperComment', 'PaperConflict', 'PaperReview', 'PaperReviewPreference', 'PaperTopic', 'PaperTag', "PaperOption");
            foreach ($tables as $table) {
                $result = Dbl::qe_raw("delete from {$table} where paperId={$prow->paperId}");
Esempio n. 19
0
}
// save tab width, wdiff
if (isset($_REQUEST["tab"]) && ctype_digit($_REQUEST["tab"]) && $_REQUEST["tab"] >= 1 && $_REQUEST["tab"] <= 16) {
    $tab = (int) $_REQUEST["tab"];
    $tab = $tab == 4 ? null : $tab;
    $Info->update_commit_info(array("tabwidth" => $tab));
} else {
    if (isset($_REQUEST["tab"]) && ($_REQUEST["tab"] == "" || $_REQUEST["tab"] == "none")) {
        $Info->update_commit_info(array("tabwidth" => null));
    }
}
if (isset($_REQUEST["wdiff"])) {
    $Info->update_commit_info(array("wdiff" => (int) $_REQUEST["wdiff"] != 0));
}
// save run settings
if ($Me->isPC && $Me != $User && isset($_REQUEST["saverunsettings"]) && check_post()) {
    $x = req("runsettings");
    if (empty($x)) {
        $x = null;
    }
    $Info->update_commit_info(array("runsettings" => $x), true);
    if (isset($_REQUEST["ajax"])) {
        $Conf->ajaxExit(array("ok" => true, "runsettings" => $x));
    }
}
// check for new commit
if ($User && $Info->repo) {
    Contact::check_repo($Info->repo, 30);
}
$Conf->header(htmlspecialchars($Pset->title), "home");
$xsep = " <span class='barsep'>&nbsp;·&nbsp;</span> ";
Esempio n. 20
0
            $Me->assign_review($row->paperId, $reviewer, $type, array("round_number" => $round_number));
        }
    }
    if ($ins) {
        $Conf->qe("insert into PaperConflict (paperId, contactId, conflictType) values " . substr($ins, 2) . " on duplicate key update conflictType=greatest(conflictType,values(conflictType))");
    }
    if ($del) {
        $Conf->qe("delete from PaperConflict where contactId={$reviewer} and (" . substr($del, 4) . ")");
    }
    $Conf->update_rev_tokens_setting(false);
    if ($Conf->setting("pcrev_assigntime") == $Now) {
        $Conf->confirmMsg("Assignments saved! You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>.");
    }
    redirectSelf(["kind" => $qreq->kind]);
}
if ($qreq->update && $reviewer > 0 && check_post()) {
    saveAssignments($qreq, $reviewer);
} else {
    if ($qreq->update) {
        Conf::msg_error("You need to select a reviewer.");
    }
}
$Conf->header("Assignments &nbsp;&#x2215;&nbsp; <strong>Manual</strong>", "assignpc", actionBar());
echo '<div class="psmode">', '<div class="papmode"><a href="', hoturl("autoassign"), '">Automatic</a></div>', '<div class="papmodex"><a href="', hoturl("manualassign"), '">Manual</a></div>', '<div class="papmode"><a href="', hoturl("bulkassign"), '">Bulk update</a></div>', '</div><hr class="c" />';
// Help list
echo "<div class='helpside'><div class='helpinside'>\nAssignment methods:\n<ul><li><a href='", hoturl("autoassign"), "'>Automatic</a></li>\n <li><a href='", hoturl("manualassign"), "' class='q'><strong>Manual by PC member</strong></a></li>\n <li><a href='", hoturl("assign"), "'>Manual by paper</a></li>\n <li><a href='", hoturl("bulkassign"), "'>Bulk update</a></li>\n</ul>\n<hr class='hr' />\n";
if ($qreq->kind == "a") {
    echo "Types of PC review:\n<dl><dt>" . review_type_icon(REVIEW_PRIMARY) . " Primary</dt><dd>Mandatory, may not be delegated</dd>\n  <dt>" . review_type_icon(REVIEW_SECONDARY) . " Secondary</dt><dd>Mandatory, may be delegated to external reviewers</dd>\n  <dt>" . review_type_icon(REVIEW_PC) . " Optional</dt><dd>May be declined</dd></dl>\n<hr class='hr' />\n";
}
echo "<dl><dt>Potential conflicts</dt><dd>Matches between PC member collaborators and paper authors, or between PC member and paper authors or collaborators</dd>\n";
if ($qreq->kind == "a") {
Esempio n. 21
0
 function escape()
 {
     global $Conf;
     if (get($_REQUEST, "ajax")) {
         if ($this->is_empty()) {
             $Conf->ajaxExit(array("ok" => 0, "loggedout" => 1));
         } else {
             $Conf->ajaxExit(array("ok" => 0, "error" => "You don’t have permission to access that page."));
         }
     }
     if ($this->is_empty()) {
         // Preserve post values across session expiration.
         $x = array();
         if (Navigation::path()) {
             $x["__PATH__"] = preg_replace(",^/+,", "", Navigation::path());
         }
         if (get($_REQUEST, "anchor")) {
             $x["anchor"] = $_REQUEST["anchor"];
         }
         $url = selfHref($x, array("raw" => true, "site_relative" => true));
         $_SESSION["login_bounce"] = array($Conf->dsn, $url, Navigation::page(), $_POST);
         if (check_post()) {
             error_go(false, "You’ve been logged out due to inactivity, so your changes have not been saved. After logging in, you may submit them again.");
         } else {
             error_go(false, "You must sign in to access that page.");
         }
     } else {
         error_go(false, "You don’t have permission to access that page.");
     }
 }
Esempio n. 22
0
 static function track_api($qreq, $user)
 {
     if (!$user->privChair || !check_post()) {
         json_exit(array("ok" => false));
     }
     // argument: IDENTIFIER LISTNUM [POSITION] -OR- stop
     if ($qreq->track === "stop") {
         self::clear();
         return;
     }
     // check tracker_start_at to ignore concurrent updates
     if (($start_at = $qreq->tracker_start_at) && ($tracker = self::lookup())) {
         $time = $tracker->position_at;
         if (isset($tracker->start_at)) {
             $time = $tracker->start_at;
         }
         if ($time > $start_at) {
             return;
         }
     }
     // actually track
     $args = preg_split('/\\s+/', $qreq->track);
     if (count($args) >= 2 && ($xlist = SessionList::lookup($args[1])) && str_starts_with($xlist->listid, "p/")) {
         $position = null;
         if (count($args) >= 3 && ctype_digit($args[2])) {
             $position = array_search((int) $args[2], $xlist->ids);
         }
         self::update($xlist, $args[0], $position);
     }
 }
Esempio n. 23
0
        $_REQUEST["cc"] = Text::user_email_to(Contact::site_contact());
    }
}
if (isset($_REQUEST["replyto"]) && $Me->privChair) {
    $_REQUEST["replyto"] = simplify_whitespace($_REQUEST["replyto"]);
} else {
    $_REQUEST["replyto"] = defval($Opt, "emailReplyTo", "");
}
// Check or send
if (defval($_REQUEST, "loadtmpl") || defval($_REQUEST, "cancel") || defval($_REQUEST, "psearch")) {
    /* do nothing */
} else {
    if (defval($_REQUEST, "send") && !$recip->error && check_post()) {
        MailSender::send($recip);
    } else {
        if ((@$_REQUEST["check"] || @$_REQUEST["group"] || @$_REQUEST["ungroup"]) && !$recip->error && check_post()) {
            MailSender::check($recip);
        }
    }
}
if (isset($_REQUEST["monreq"])) {
    $plist = new PaperList(new PaperSearch($Me, ["t" => "req", "q" => ""]), ["list" => true, "foldable" => true]);
    $ptext = $plist->table_html("reqrevs", ["header_links" => true, "table_id" => "foldpl"]);
    if ($plist->count == 0) {
        $Conf->infoMsg("You have not requested any external reviews.  <a href='", hoturl("index"), "'>Return home</a>");
    } else {
        echo "<h2>Requested reviews</h2>\n\n", $ptext, "<div class='info'>";
        if ($plist->any->need_review) {
            echo "Some of your requested external reviewers have not completed their reviews.  To send them an email reminder, check the text below and then select &ldquo;Prepare mail.&rdquo;  You’ll get a chance to review the emails and select specific reviewers to remind.";
        } else {
            echo "All of your requested external reviewers have completed their reviews.  <a href='", hoturl("index"), "'>Return home</a>";
Esempio n. 24
0
    echo $base;
    echo "\n";
    echo "<pre>\n";
    print "Raw GET Parameters:\n\n";
    foreach ($_GET as $key => $value) {
        print "{$key}={$value}\n";
    }
    print "Raw POST Parameters:\n\n";
    foreach ($_POST as $key => $value) {
        print "{$key}={$value}\n";
    }
    echo "\n";
    return;
}
// Lets check to see if we have any excess parameters
$badpost = check_post();
if (count($badpost) > 0) {
    echo "<p><b>Note unexpected POST values ignored:</b>\n";
    foreach ($badpost as $key => $val) {
        echo ' ' . $val;
    }
    echo "</p>\n";
}
// Now we have a valid, signed request - lets run the tests
$context_id = $_REQUEST['context_id'];
$user_id = $_REQUEST['user_id'];
$roles = $_REQUEST['roles'];
$resource_link_title = $_REQUEST["resource_link_title"];
$resource_link_description = $_REQUEST["resource_link_description"];
// Resource Link information
if (isset($resource_link_title)) {
Esempio n. 25
0
session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE);
/*header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past*/
require '../dv-config.php';
require DEV_PATH . '/classes/db.class.v2.php';
require DEV_PATH . '/functions/global.php';
$GET_ID = empty($_GET['id']) ? '' : $_GET['id'];
$GET_MODE = empty($_GET['mode']) ? '' : $_GET['mode'];
define('Q_VERSION', '0.1');
$type = array("R" => '1 Resuscitation', "E" => '2 Emergency', "U" => '3 Urgency', "S" => '4 Semi-Urgency', "N" => '5 Non-Urgency');
if (check_post($_POST, array('em_date', 'em_type'))) {
    if (!empty($_POST['em_id'])) {
        $sql = 'UPDATE ' . TB_PREFIX . '7days SET
        em_date = :date,
        em_type = :type,
        em_sex = :sex,
        em_admit = :admit,
        em_dead = :dead,
        em_record = :record
        WHERE em_id=:id';
    } else {
        $sql = 'INSERT INTO ' . TB_PREFIX . '7days VALUES (:id,:date,:type,:sex,:admit,:dead,:record)';
    }
    $arr = array('id' => $_POST['em_id'], 'date' => $_POST['em_date'], 'type' => $_POST['em_type'], 'sex' => $_POST['em_sex'], 'admit' => $_POST['em_admit'], 'dead' => $_POST['em_dead'], 'record' => date("Y-m-d H:i:s"));
    if (CON::updateDB($arr, $sql)) {
        $jsExt .= 'swal({title: "All done!", text: "บันทึกสำเร็จ", timer: 2000, showConfirmButton: false, type: "success"});';
Esempio n. 26
0
    echo '<div class="clear"></div>', "\n";
    $Conf->footer();
    exit;
}
// repo
$Info = user_pset_info();
$Repo = $Info->repo;
$RecentCommits = $Info->recent_commits();
// can we run this?
if (!$Repo) {
    quit("No repository to run");
} else {
    if (!$Info->commit()) {
        quit("No commit to run");
    } else {
        if ($Qreq->run === null || !check_post()) {
            quit("Permission error");
        } else {
            if (!$Info->can_view_repo_contents) {
                quit("Unconfirmed repository");
            }
        }
    }
}
// extract request info
$Queueid = cvtint($Qreq->get("queueid", -1));
$checkt = cvtint($Qreq->get("check"));
$Offset = cvtint($Qreq->get("offset", -1));
// maybe eval
function runner_eval($runner, $info, $answer)
{
Esempio n. 27
0
 $data['title_alias'] = iaSanitize::convertStr($data['title_alias']);
 // check for duplicate title_alias in case a new album is added or title_alias has been updated
 if (!isset($item['title_alias']) || isset($item['title_alias']) && $data['title_alias'] != $item['title_alias']) {
     if ($iaAlbum->existsAlias($data['title_alias'])) {
         $error = true;
         $messages[] = iaLanguage::get('album_already_exists');
     }
 }
 if (!$error) {
     $iaCore->startHook("phpAdminBeforeAlbumSubmit");
     if (!empty($_POST['artist'])) {
         $artist_info = $iaArtist->getArtistByTitle($_POST['artist']);
         $data['id_artist'] = $artist_info['id'];
         $data['artist_alias'] = $artist_info['title_alias'];
     }
     $data['status'] = check_post('status');
     if ('add' == $pageAction) {
         $iaCore->startHook("phpAdminBeforeAlbumAdd");
         $data['id'] = $iaAlbum->insert($data);
         // implement common hook for all items
         $iaCore->startHook('phpAddItemAfterAll', array('type' => 'admin', 'listing' => $data['id'], 'item' => 'albums', 'data' => $data, 'old' => $item));
         $iaView->setMessages(iaLanguage::get('album_added'), 'success');
         $url = IA_ADMIN_URL . 'manage/albums/';
         $goto = array('add' => $url . 'add/', 'list' => $url, 'stay' => $url . 'edit/?id=' . $data['id']);
         $iaCore->post_goto($goto);
     } elseif ('edit' == $pageAction) {
         $data['id'] = $item['id'];
         $iaCore->startHook("phpAdminBeforeAlbumUpdate");
         $iaAlbum->update($data);
         $messages = iaLanguage::get('changes_saved');
     }
Esempio n. 28
0
    echo '<div class="clear"></div>', "\n";
    $Conf->footer();
    exit;
}
// repo
$Info = user_pset_info();
$Repo = $Info->repo;
$RecentCommits = $Info->recent_commits();
// can we run this?
if (!$Repo) {
    quit("No repository to run");
} else {
    if (!$Info->commit()) {
        quit("No commit to run");
    } else {
        if (!isset($_REQUEST["run"]) || !check_post()) {
            quit("Permission error");
        } else {
            if (!$Info->can_view_repo_contents && !$Me->isPC) {
                quit("Unconfirmed repository");
            }
        }
    }
}
// extract request info
$Queueid = cvtint(defval($_REQUEST, "queueid", -1));
$checkt = cvtint(defval($_REQUEST, "check"));
$Offset = cvtint(defval($_REQUEST, "offset", -1));
// maybe eval
function runner_eval($runner, $info, $answer)
{
Esempio n. 29
0
$capdata = $capmgr->check($resetcap);
if (!$capdata || $capdata->capabilityType != CAPTYPE_RESETPASSWORD) {
    error_go(false, "That password reset code has expired, or you didn’t enter it correctly.");
}
if ($iscdb) {
    $Acct = Contact::contactdb_find_by_id($capdata->contactId);
} else {
    $Acct = Contact::find_by_id($capdata->contactId);
}
if (!$Acct) {
    error_go(false, "That password reset code refers to a user who no longer exists. Either create a new account or contact the conference administrator.");
}
// don't show information about the current user, if there is one
$Me = new Contact();
$password_class = "";
if (isset($_POST["go"]) && check_post()) {
    $_POST["password"] = trim(get_s($_POST, "password"));
    $_POST["password2"] = trim(get_s($_POST, "password2"));
    if ($_POST["password"] == "") {
        Conf::msg_error("You must enter a password.");
    } else {
        if ($_POST["password"] !== $_POST["password2"]) {
            Conf::msg_error("The two passwords you entered did not match.");
        } else {
            if (!Contact::valid_password($_POST["password"])) {
                Conf::msg_error("Invalid password.");
            } else {
                $flags = 0;
                if ($_POST["password"] === get($_POST, "autopassword")) {
                    $flags |= Contact::CHANGE_PASSWORD_PLAINTEXT;
                }
Esempio n. 30
0
<?php

session_start();
include "setting.php";
if (!check_post()) {
    print "フォームは全て記入してください。";
    exit;
}
$check = check_inputs();
if ($check != '') {
    print $check;
    exit;
}
$login_name = $_POST["login_name"];
$pwd = $_POST["pwd"];
$sex = getSex($_POST["sex"]);
$hashpwd = password_hash($pwd, PASSWORD_DEFAULT);
$db = new mydb();
if (check_exist_user($db, $login_name) == true) {
    $query = "INSERT INTO member (login_name,pwd,sex) VALUES(\$1, \$2, \$3)";
    $result = $db->query($query, array($login_name, $hashpwd, $sex));
    if ($result == false) {
        print "登録に失敗しました。";
    } else {
        $query = "select id from member where login_name=\$1";
        $result = $db->query($query, array($login_name), "getid");
        $row = pg_fetch_assoc($result, 0);
        regist_success($login_name, $row['id']);
    }
} else {
    print "指定されたユーザー名は利用できません。";