function exit_f()
{
$filename = $this->get("filename");
if (!$filename) {
exit("Ajax目标文件不能为空!");
}
$ajax_file = $this->dir_phpok . "ajax/" . $this->app_id . "_" . $filename . ".php";
if (!file_exists($ajax_file)) {
$ajax_file = $this->dir_root . "ajax/" . $this->app_id . "_" . $filename . ".php";
if (!file_exists($ajax_file)) {
exit("Ajax文件:" . $ajax_file . "不存在");
}
}
$rs = (include $ajax_file);
if (!$rs) {
json_exit("反回异常");
}
if (!is_array($rs) && !is_object($rs)) {
exit($rs);
}
if (is_array($rs)) {
exit($rs["content"]);
}
if (is_object($rs)) {
exit($rs->content);
}
exit("ok");
}
function initialize_user()
{
global $Conf, $Me;
// load current user
$Me = null;
$trueuser = get($_SESSION, "trueuser");
if ($trueuser && $trueuser->email) {
$Me = $Conf->user_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// redirect if disabled
if ($Me->disabled) {
if (Navigation::page() === "api") {
json_exit(["ok" => false, "error" => "Your account is disabled."]);
} else {
if (Navigation::page() !== "index") {
Navigation::redirect_site(hoturl_site_relative("index"));
}
}
}
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
// set $_SESSION["addrs"]
if ($_SERVER["REMOTE_ADDR"] && (!is_array(get($_SESSION, "addrs")) || get($_SESSION["addrs"], 0) !== $_SERVER["REMOTE_ADDR"])) {
$as = array($_SERVER["REMOTE_ADDR"]);
if (is_array(get($_SESSION, "addrs"))) {
foreach ($_SESSION["addrs"] as $a) {
if ($a !== $_SERVER["REMOTE_ADDR"] && count($as) < 5) {
$as[] = $a;
}
}
}
$_SESSION["addrs"] = $as;
}
}
function get_user_list($content)
{
$content = explode(",", $content);
$list = array();
foreach ($content as $key => $value) {
$value = intval($value);
if ($value) {
$list[] = $value;
}
}
$list = array_unique($list);
$content = implode(",", $list);
if (!$content) {
json_exit("ok");
}
$condition = "u.id IN(" . $content . ")";
$rslist = $this->model("user")->get_list($condition, 0, 999);
if ($rslist) {
json_exit($rslist, true);
}
json_exit("ok");
}
function save_grades($pset, $info, $values, $isauto)
{
if ($info->is_handout_commit()) {
json_exit(["ok" => false, "error" => "This is a handout commit."]);
}
$grades = array();
foreach ($pset->grades as $ge) {
if (isset($values[$ge->name])) {
$g = trim($values[$ge->name]);
if ($g === "") {
$g = null;
} else {
if (preg_match('_\\A(?:0|[1-9]\\d*)\\z_', $g)) {
$g = intval($g);
} else {
if (preg_match('_\\A(?:0||[1-9]\\d*)(?:\\.\\d*)?\\z_', $g)) {
$g = floatval($g);
} else {
continue;
}
}
}
if (isset($values["old;" . $ge->name])) {
$old_grade = $info->current_grade_entry($ge->name);
if ((string) $old_grade != trim($values["old;" . $ge->name]) && $old_grade !== $g) {
json_exit(["ok" => false, "error" => "Someone else updated this grade concurrently—please reload."]);
}
}
$grades[$ge->name] = $g;
}
}
$key = $isauto ? "autogrades" : "grades";
if (!empty($grades)) {
$info->update_current_info([$key => $grades]);
}
return $grades;
}
function json_fail($code, $msg = "", $cond = true)
{
if ($cond) {
json_exit(array("code" => $code, "msg" => $msg));
}
}
static function track_api($qreq, $user)
{
if (!$user->privChair || !check_post()) {
json_exit(array("ok" => false));
}
// argument: IDENTIFIER LISTNUM [POSITION] -OR- stop
if ($qreq->track === "stop") {
self::clear();
return;
}
// check tracker_start_at to ignore concurrent updates
if (($start_at = $qreq->tracker_start_at) && ($tracker = self::lookup())) {
$time = $tracker->position_at;
if (isset($tracker->start_at)) {
$time = $tracker->start_at;
}
if ($time > $start_at) {
return;
}
}
// actually track
$args = preg_split('/\\s+/', $qreq->track);
if (count($args) >= 2 && ($xlist = SessionList::lookup($args[1])) && str_starts_with($xlist->listid, "p/")) {
$position = null;
if (count($args) >= 3 && ctype_digit($args[2])) {
$position = array_search((int) $args[2], $xlist->ids);
}
self::update($xlist, $args[0], $position);
}
}
} else {
if ($method == "POST") {
$idea = Idea::create($jsonData);
$idea->save();
link_header(JSON_ROOT . '/ideas/', 'invalidates');
json_exit($idea->id);
}
}
json_error(405, "Invalid method: {$method}", $method);
} else {
if ($params = matchUriTemplate('/{id}')) {
$idea = Idea::open($params->id);
if ($method == "GET") {
json_exit($idea, SCHEMA_ROOT . '/idea');
} else {
if ($method == "PUT") {
$idea->put($jsonData);
link_header(JSON_ROOT . '/ideas/', 'invalidates');
json_exit($idea, SCHEMA_ROOT . '/idea');
} else {
if ($method == "DELETE") {
$idea->delete();
link_header(JSON_ROOT . '/ideas/', 'invalidates');
json_exit("deleted");
}
}
}
json_error(405, "Invalid method: {$method}", $method);
}
}
json_error(404);
if (!$newPaper) {
loadRows();
}
// paper actions
if (isset($_REQUEST["setrevpref"]) && $prow && check_post()) {
PaperActions::setReviewPreference($prow);
loadRows();
}
if (isset($_REQUEST["setfollow"]) && $prow && check_post()) {
PaperActions::set_follow($prow);
loadRows();
}
if ($prow && isset($_GET["m"]) && $_GET["m"] === "api" && isset($_GET["fn"]) && isset(SiteLoader::$api_map[$_GET["fn"]])) {
$Qreq = make_qreq();
SiteLoader::call_api($Qreq->fn, $Me, $Qreq, $prow);
json_exit(["ok" => false, "error" => "Internal error."]);
}
// check paper action
if (isset($_REQUEST["checkformat"]) && $prow && $Conf->setting("sub_banal")) {
$ajax = defval($_REQUEST, "ajax", 0);
$cf = new CheckFormat();
$dt = HotCRPDocument::parse_dtype(@$_REQUEST["dt"]);
if ($dt === null) {
$dt = @$_REQUEST["final"] ? DTYPE_FINAL : DTYPE_SUBMISSION;
}
if ($Conf->setting("sub_banal{$dt}")) {
$format = $Conf->setting_data("sub_banal{$dt}", "");
} else {
$format = $Conf->setting_data("sub_banal", "");
}
$status = $cf->analyzePaper($prow->paperId, $dt, $format);
public function apply()
{
$options = $this->app->get_options();
list($action) = use_request_params(array("action"));
if ($action === "get") {
$response = array();
if (array_key_exists("options", $_REQUEST)) {
use_request_params("options");
$response["options"] = $this->app->get_options();
}
if (array_key_exists("types", $_REQUEST)) {
use_request_params("types");
$response["types"] = $this->app->get_types();
}
if (array_key_exists("langs", $_REQUEST)) {
use_request_params("langs");
$response["langs"] = $this->app->get_l10n_list();
}
if (array_key_exists("l10n", $_REQUEST)) {
list($iso_codes) = use_request_params("l10nCodes", "l10n");
$iso_codes = explode(":", $iso_codes);
$response["l10n"] = $this->app->get_l10n($iso_codes);
}
if (array_key_exists("checks", $_REQUEST)) {
use_request_params("checks");
$response["checks"] = $this->app->get_server_checks();
}
if (array_key_exists("server", $_REQUEST)) {
use_request_params("server");
$response["server"] = $this->app->get_server_details();
}
if (array_key_exists("custom", $_REQUEST)) {
list($abs_href) = use_optional_request_params("customHref", "custom");
$response["custom"] = $this->app->get_customizations($abs_href);
}
if (array_key_exists("entries", $_REQUEST)) {
list($abs_href, $what) = use_optional_request_params("entriesHref", "entriesWhat", "entries");
$what = is_numeric($what) ? intval($what, 10) : 1;
$response["entries"] = $this->app->get_entries($abs_href, $what);
}
if (count($_REQUEST)) {
$response["unused"] = $_REQUEST;
}
json_exit($response);
} else {
if ($action === "getThumbHref") {
if (!$options["thumbnails"]["enabled"]) {
json_fail(1, "thumbnails disabled");
}
normalized_require_once("/server/php/inc/Thumb.php");
if (!Thumb::is_supported()) {
json_fail(2, "thumbnails not supported");
}
list($type, $src_abs_href, $mode, $width, $height) = use_request_params(array("type", "href", "mode", "width", "height"));
$thumb = new Thumb($this->app);
$thumb_href = $thumb->thumb($type, $src_abs_href, $mode, $width, $height);
if ($thumb_href === null) {
json_fail(3, "thumbnail creation failed");
}
json_exit(array("absHref" => $thumb_href));
} else {
if ($action === "createArchive") {
json_fail(1, "downloads disabled", !$options["download"]["enabled"]);
list($execution, $format, $hrefs) = use_request_params(array("execution", "format", "hrefs"));
normalized_require_once("/server/php/inc/Archive.php");
$archive = new Archive($this->app);
$hrefs = explode(":", trim($hrefs));
$target = $archive->create($execution, $format, $hrefs);
if (!is_string($target)) {
json_fail($target, "package creation failed");
}
json_exit(array("id" => basename($target), "size" => filesize($target)));
} else {
if ($action === "getArchive") {
json_fail(1, "downloads disabled", !$options["download"]["enabled"]);
list($id, $as) = use_request_params(array("id", "as"));
json_fail(2, "file not found", !preg_match("/^package-/", $id));
$target = $this->app->get_cache_abs_path() . "/" . $id;
json_fail(3, "file not found", !file_exists($target));
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($target));
header("Content-Disposition: attachment; filename=\"{$as}\"");
header("Connection: close");
register_shutdown_function("delete_tempfile", $target);
readfile($target);
} else {
if ($action === "upload") {
list($href) = use_request_params(array("href"));
json_fail(1, "wrong HTTP method", strtolower($_SERVER["REQUEST_METHOD"]) !== "post");
json_fail(2, "something went wrong", !array_key_exists("userfile", $_FILES));
$userfile = $_FILES["userfile"];
json_fail(3, "something went wrong [" . $userfile["error"] . "]", $userfile["error"] !== 0);
json_fail(4, "folders not supported", file_get_contents($userfile["tmp_name"]) === "null");
$upload_dir = $this->app->get_abs_path($href);
$code = $this->app->get_http_code($href);
json_fail(5, "upload dir no h5ai folder or ignored", $code !== App::$MAGIC_SEQUENCE || $this->app->is_ignored($upload_dir));
$dest = $upload_dir . "/" . utf8_encode($userfile["name"]);
json_fail(6, "already exists", file_exists($dest));
json_fail(7, "can't move uploaded file", !move_uploaded_file($userfile["tmp_name"], $dest));
json_exit();
} else {
if ($action === "delete") {
json_fail(1, "deletion disabled", !$options["delete"]["enabled"]);
list($hrefs) = use_request_params(array("hrefs"));
$hrefs = explode(":", trim($hrefs));
$errors = array();
foreach ($hrefs as $href) {
$d = normalize_path(dirname($href), true);
$n = basename($href);
$code = $this->app->get_http_code($d);
if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) {
$abs_path = $this->app->get_abs_path($href);
if (!unlink($abs_path)) {
$errors[] = $href;
}
}
}
if (count($errors)) {
json_fail(2, "deletion failed for some");
} else {
json_exit();
}
} else {
if ($action === "rename") {
json_fail(1, "renaming disabled", !$options["rename"]["enabled"]);
list($href, $name) = use_request_params(array("href", "name"));
$d = normalize_path(dirname($href), true);
$n = basename($href);
$code = $this->app->get_http_code($d);
if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) {
$abs_path = $this->app->get_abs_path($href);
$folder = normalize_path(dirname($abs_path));
if (!rename($abs_path, $folder . "/" . $name)) {
json_fail(2, "renaming failed");
}
}
json_exit();
}
}
}
}
}
}
}
}
private function on_getThumbHref()
{
json_fail(1, "thumbnails disabled", !$this->options["thumbnails"]["enabled"]);
json_fail(2, "thumbnails not supported", !HAS_PHP_JPG);
$type = use_request_param("type");
$src_url = use_request_param("href");
$mode = use_request_param("mode");
$width = use_request_param("width");
$height = use_request_param("height");
$thumb = new Thumb($this->app);
$thumb_url = $thumb->thumb($type, $src_url, $mode, $width, $height);
json_fail(3, "thumbnail creation failed", $thumb_url === null);
json_exit(array("absHref" => $thumb_url));
}
header("Connection: close");
readfile($target);
} else {
if ($action === "getchecks") {
$php = version_compare(PHP_VERSION, "5.2.1") >= 0;
$archive = class_exists("PharData");
$gd = false;
if (function_exists("gd_info")) {
$gdinfo = gd_info();
$gd = array_key_exists("JPG Support", $gdinfo) && $gdinfo["JPG Support"] || array_key_exists("JPEG Support", $gdinfo) && $gdinfo["JPEG Support"];
}
$cache = is_writable($h5ai->getH5aiAbsPath() . "/cache");
$temp = is_writable(sys_get_temp_dir());
$tar = preg_match("/tar\$/", `which tar`) > 0;
$zip = preg_match("/zip\$/", `which zip`) > 0;
$convert = preg_match("/convert\$/", `which convert`) > 0;
$ffmpeg = preg_match("/ffmpeg\$/", `which ffmpeg`) > 0;
$du = preg_match("/du\$/", `which du`) > 0;
json_exit(array("php" => $php, "cache" => $cache, "thumbs" => $gd, "temp" => $temp, "archive" => $archive, "tar" => $tar, "zip" => $zip, "convert" => $convert, "ffmpeg" => $ffmpeg, "du" => $du));
} else {
if ($action === "getentries") {
list($href, $content) = check_keys(array("href", "content"));
$content = intval($content, 10);
json_exit(array("entries" => $h5ai->getEntries($href, $content)));
} else {
json_fail(100, "unsupported action");
}
}
}
}
}
public function sort_f()
{
$sort = $this->get('sort');
if (!$sort || !is_array($sort)) {
$this->json(P_Lang('更新排序失败'));
}
foreach ($sort as $key => $value) {
$key = intval($key);
$value = intval($value);
$this->model('currency')->update_sort($key, $value);
}
json_exit(P_Lang('更新排序成功'), true);
}
static function setpref_api($user, $qreq, $prow)
{
global $Conf;
$cid = $user->contactId;
if ($user->allow_administer($prow) && $qreq->reviewer && ($x = cvtint($qreq->reviewer)) > 0) {
$cid = $x;
}
if ($v = parse_preference($qreq->pref)) {
if (PaperActions::save_review_preferences([[$prow->paperId, $cid, $v[0], $v[1]]])) {
$j = ["ok" => true, "response" => "Saved"];
} else {
$j = ["ok" => false];
}
$j["value"] = unparse_preference($v);
} else {
$j = ["ok" => false, "error" => "Bad preference"];
}
json_exit($j);
}
$when = $from;
$rows = array();
$rf = ReviewForm::get();
foreach ($entries as $which => $xr) {
if ($xr->isComment) {
$rows[] = CommentInfo::unparse_flow_entry($xr, $Me, "");
$when = $xr->timeModified;
} else {
$rows[] = $rf->reviewFlowEntry($Me, $xr, "");
$when = $xr->reviewSubmitted;
}
}
json_exit(["ok" => true, "from" => (int) $from, "to" => (int) $when - 1, "rows" => $rows]);
} else {
if ($qreq->fn === "events") {
json_exit(["ok" => false]);
}
}
if ($qreq->fn === "searchcompletion") {
$s = new PaperSearch($Me, "");
$Conf->ajaxExit(array("ok" => true, "searchcompletion" => $s->search_completion()));
}
// from here on: `status` and `track` requests
if ($qreq->fn === "track") {
MeetingTracker::track_api($qreq, $Me);
}
// may fall through to act like `status`
$j = $Me->my_deadlines($Conf->paper);
if ($qreq->conflist && $Me->has_email() && ($cdb = Contact::contactdb())) {
$j->conflist = array();
$result = Dbl::ql($cdb, "select c.confid, siteclass, shortName, url\n from Roles r join Conferences c on (c.confid=r.confid)\n join ContactInfo u on (u.contactDbId=r.contactDbId)\n where u.email=? order by r.updated_at desc", $Me->email);
static function call($name, $subname, Contact $user, $qreq, $selection)
{
$uf = null;
if (isset(self::$byname[$name])) {
$ufm = self::$byname[$name];
if ((string) $subname !== "" && isset($ufm[$subname])) {
$uf = $ufm[$subname];
} else {
if (isset($ufm[""])) {
$uf = $ufm[""];
}
}
}
if (is_array($selection)) {
$selection = new SearchSelection($selection);
}
if (!$uf) {
$error = "No such search action.";
} else {
if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
$error = "Missing credentials.";
} else {
if ($uf[1] & SiteLoader::API_PAPER && $selection->is_empty()) {
$error = "No papers selected.";
} else {
if (!$uf[0]->allow($user)) {
$error = "Permission error.";
} else {
$error = $uf[0]->run($user, $qreq, $selection);
}
}
}
}
if (is_string($error) && $qreq->ajax) {
json_exit(["ok" => false, "error" => $error]);
} else {
if (is_string($error)) {
Conf::msg_error($error);
}
}
return $error;
}
json_error(404, "User not found", $params->userId);
}
}
if ($method == "GET") {
json_exit($user->get(), SCHEMA_ROOT . '/user');
} else {
if ($method == "PUT") {
$user->put($jsonData);
$user->save();
json_exit($user->get(), SCHEMA_ROOT . '/user');
}
}
json_error(405, "Invalid method: {$method}", $method);
} else {
if ($params = matchUriTemplate('/{username}/password')) {
$user = User::open($params->username);
if ($method == "PUT" || $method == "POST") {
if (!$user->checkPassword($jsonData->oldPassword)) {
json_error(403, "Incorrect password");
}
$user->setPassword($jsonData->password);
$user->save();
json_exit($user->get(), SCHEMA_ROOT . '/user');
}
json_error(405, "Invalid method: {$method}", $method);
}
}
}
}
}
json_error(404);
public static function call_api($fn, $user, $qreq, $prow)
{
// XXX precondition: $user->can_view_paper($prow) || !$prow
if (isset(SiteLoader::$api_map[$fn])) {
$uf = SiteLoader::$api_map[$fn];
if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
json_exit(["ok" => false, "error" => "Missing credentials."]);
}
if ($uf[1] & SiteLoader::API_PAPER && !$prow) {
json_exit(["ok" => false, "error" => "No such paper."]);
}
call_user_func($uf[0], $user, $qreq, $prow);
return true;
}
return false;
}
}
if (isset($_SERVER["REMOTE_ADDR"])) {
$suffix .= ", host " . $_SERVER["REMOTE_ADDR"];
}
error_log("JS error: {$url}{$errormsg}{$suffix}");
if ($stacktext = $qreq->stack) {
$stack = array();
foreach (explode("\n", $stacktext) as $line) {
$line = trim($line);
if ($line === "" || $line === $errormsg || "Uncaught {$line}" === $errormsg) {
continue;
}
if (preg_match('/\\Aat (\\S+) \\((\\S+)\\)/', $line, $m)) {
$line = $m[1] . "@" . $m[2];
} else {
if (substr($line, 0, 1) === "@") {
$line = substr($line, 1);
} else {
if (substr($line, 0, 3) === "at ") {
$line = substr($line, 3);
}
}
}
$stack[] = $line;
}
error_log("JS error: {$url}via " . join(" ", $stack));
}
}
json_exit(["ok" => true]);
}
$Conf->ajaxExit(["ok" => false]);
private function on_new_folder()
{
$h5ai_path = '';
$filename = '';
json_fail(1, "folder creation disabled", !$this->options["new_folder"]["enabled"]);
$href = use_request_param("href");
$name = use_request_param("name");
$d = normalize_path(dirname($href), true);
$n = basename($href);
if ($this->app->is_managed_url($d) && !$this->app->is_hidden($n)) {
$path = $this->app->to_path($href);
$folder = normalize_path(dirname($path));
if (!mkdir($path . "/" . $name)) {
json_fail(2, "folder creation failed" . " PATH: {$path} | FOLDER: {$folder} | NAME: {$name}");
}
$filename = $path . "/" . $name . "/" . ".htaccess";
$h5ai_path = "DirectoryIndex " . INDEX_HREF;
if (!($handle = fopen($filename, 'w'))) {
json_fail(3, "Cannot open file ({$filename})");
}
if (fwrite($handle, $h5ai_path) === FALSE) {
json_fail(3, "Cannot write to file ({$filename})");
}
fclose($handle);
}
json_exit("Success, wrote ( {$h5ai_path} ) to file ( {$filename} ). {$href}/{$name}");
}
