function exit_f() { $filename = $this->get("filename"); if (!$filename) { exit("Ajax目标文件不能为空!"); } $ajax_file = $this->dir_phpok . "ajax/" . $this->app_id . "_" . $filename . ".php"; if (!file_exists($ajax_file)) { $ajax_file = $this->dir_root . "ajax/" . $this->app_id . "_" . $filename . ".php"; if (!file_exists($ajax_file)) { exit("Ajax文件:" . $ajax_file . "不存在"); } } $rs = (include $ajax_file); if (!$rs) { json_exit("反回异常"); } if (!is_array($rs) && !is_object($rs)) { exit($rs); } if (is_array($rs)) { exit($rs["content"]); } if (is_object($rs)) { exit($rs->content); } exit("ok"); }
function initialize_user() { global $Conf, $Me; // load current user $Me = null; $trueuser = get($_SESSION, "trueuser"); if ($trueuser && $trueuser->email) { $Me = $Conf->user_by_email($trueuser->email); } if (!$Me) { $Me = new Contact($trueuser); } $Me = $Me->activate(); // redirect if disabled if ($Me->disabled) { if (Navigation::page() === "api") { json_exit(["ok" => false, "error" => "Your account is disabled."]); } else { if (Navigation::page() !== "index") { Navigation::redirect_site(hoturl_site_relative("index")); } } } // if bounced through login, add post data if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) { $lb = $_SESSION["login_bounce"]; if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) { foreach ($lb[3] as $k => $v) { if (!isset($_REQUEST[$k])) { $_REQUEST[$k] = $_GET[$k] = $v; } } $_REQUEST["after_login"] = 1; } unset($_SESSION["login_bounce"]); } // set $_SESSION["addrs"] if ($_SERVER["REMOTE_ADDR"] && (!is_array(get($_SESSION, "addrs")) || get($_SESSION["addrs"], 0) !== $_SERVER["REMOTE_ADDR"])) { $as = array($_SERVER["REMOTE_ADDR"]); if (is_array(get($_SESSION, "addrs"))) { foreach ($_SESSION["addrs"] as $a) { if ($a !== $_SERVER["REMOTE_ADDR"] && count($as) < 5) { $as[] = $a; } } } $_SESSION["addrs"] = $as; } }
function get_user_list($content) { $content = explode(",", $content); $list = array(); foreach ($content as $key => $value) { $value = intval($value); if ($value) { $list[] = $value; } } $list = array_unique($list); $content = implode(",", $list); if (!$content) { json_exit("ok"); } $condition = "u.id IN(" . $content . ")"; $rslist = $this->model("user")->get_list($condition, 0, 999); if ($rslist) { json_exit($rslist, true); } json_exit("ok"); }
function save_grades($pset, $info, $values, $isauto) { if ($info->is_handout_commit()) { json_exit(["ok" => false, "error" => "This is a handout commit."]); } $grades = array(); foreach ($pset->grades as $ge) { if (isset($values[$ge->name])) { $g = trim($values[$ge->name]); if ($g === "") { $g = null; } else { if (preg_match('_\\A(?:0|[1-9]\\d*)\\z_', $g)) { $g = intval($g); } else { if (preg_match('_\\A(?:0||[1-9]\\d*)(?:\\.\\d*)?\\z_', $g)) { $g = floatval($g); } else { continue; } } } if (isset($values["old;" . $ge->name])) { $old_grade = $info->current_grade_entry($ge->name); if ((string) $old_grade != trim($values["old;" . $ge->name]) && $old_grade !== $g) { json_exit(["ok" => false, "error" => "Someone else updated this grade concurrently—please reload."]); } } $grades[$ge->name] = $g; } } $key = $isauto ? "autogrades" : "grades"; if (!empty($grades)) { $info->update_current_info([$key => $grades]); } return $grades; }
function json_fail($code, $msg = "", $cond = true) { if ($cond) { json_exit(array("code" => $code, "msg" => $msg)); } }
static function track_api($qreq, $user) { if (!$user->privChair || !check_post()) { json_exit(array("ok" => false)); } // argument: IDENTIFIER LISTNUM [POSITION] -OR- stop if ($qreq->track === "stop") { self::clear(); return; } // check tracker_start_at to ignore concurrent updates if (($start_at = $qreq->tracker_start_at) && ($tracker = self::lookup())) { $time = $tracker->position_at; if (isset($tracker->start_at)) { $time = $tracker->start_at; } if ($time > $start_at) { return; } } // actually track $args = preg_split('/\\s+/', $qreq->track); if (count($args) >= 2 && ($xlist = SessionList::lookup($args[1])) && str_starts_with($xlist->listid, "p/")) { $position = null; if (count($args) >= 3 && ctype_digit($args[2])) { $position = array_search((int) $args[2], $xlist->ids); } self::update($xlist, $args[0], $position); } }
} else { if ($method == "POST") { $idea = Idea::create($jsonData); $idea->save(); link_header(JSON_ROOT . '/ideas/', 'invalidates'); json_exit($idea->id); } } json_error(405, "Invalid method: {$method}", $method); } else { if ($params = matchUriTemplate('/{id}')) { $idea = Idea::open($params->id); if ($method == "GET") { json_exit($idea, SCHEMA_ROOT . '/idea'); } else { if ($method == "PUT") { $idea->put($jsonData); link_header(JSON_ROOT . '/ideas/', 'invalidates'); json_exit($idea, SCHEMA_ROOT . '/idea'); } else { if ($method == "DELETE") { $idea->delete(); link_header(JSON_ROOT . '/ideas/', 'invalidates'); json_exit("deleted"); } } } json_error(405, "Invalid method: {$method}", $method); } } json_error(404);
if (!$newPaper) { loadRows(); } // paper actions if (isset($_REQUEST["setrevpref"]) && $prow && check_post()) { PaperActions::setReviewPreference($prow); loadRows(); } if (isset($_REQUEST["setfollow"]) && $prow && check_post()) { PaperActions::set_follow($prow); loadRows(); } if ($prow && isset($_GET["m"]) && $_GET["m"] === "api" && isset($_GET["fn"]) && isset(SiteLoader::$api_map[$_GET["fn"]])) { $Qreq = make_qreq(); SiteLoader::call_api($Qreq->fn, $Me, $Qreq, $prow); json_exit(["ok" => false, "error" => "Internal error."]); } // check paper action if (isset($_REQUEST["checkformat"]) && $prow && $Conf->setting("sub_banal")) { $ajax = defval($_REQUEST, "ajax", 0); $cf = new CheckFormat(); $dt = HotCRPDocument::parse_dtype(@$_REQUEST["dt"]); if ($dt === null) { $dt = @$_REQUEST["final"] ? DTYPE_FINAL : DTYPE_SUBMISSION; } if ($Conf->setting("sub_banal{$dt}")) { $format = $Conf->setting_data("sub_banal{$dt}", ""); } else { $format = $Conf->setting_data("sub_banal", ""); } $status = $cf->analyzePaper($prow->paperId, $dt, $format);
public function apply() { $options = $this->app->get_options(); list($action) = use_request_params(array("action")); if ($action === "get") { $response = array(); if (array_key_exists("options", $_REQUEST)) { use_request_params("options"); $response["options"] = $this->app->get_options(); } if (array_key_exists("types", $_REQUEST)) { use_request_params("types"); $response["types"] = $this->app->get_types(); } if (array_key_exists("langs", $_REQUEST)) { use_request_params("langs"); $response["langs"] = $this->app->get_l10n_list(); } if (array_key_exists("l10n", $_REQUEST)) { list($iso_codes) = use_request_params("l10nCodes", "l10n"); $iso_codes = explode(":", $iso_codes); $response["l10n"] = $this->app->get_l10n($iso_codes); } if (array_key_exists("checks", $_REQUEST)) { use_request_params("checks"); $response["checks"] = $this->app->get_server_checks(); } if (array_key_exists("server", $_REQUEST)) { use_request_params("server"); $response["server"] = $this->app->get_server_details(); } if (array_key_exists("custom", $_REQUEST)) { list($abs_href) = use_optional_request_params("customHref", "custom"); $response["custom"] = $this->app->get_customizations($abs_href); } if (array_key_exists("entries", $_REQUEST)) { list($abs_href, $what) = use_optional_request_params("entriesHref", "entriesWhat", "entries"); $what = is_numeric($what) ? intval($what, 10) : 1; $response["entries"] = $this->app->get_entries($abs_href, $what); } if (count($_REQUEST)) { $response["unused"] = $_REQUEST; } json_exit($response); } else { if ($action === "getThumbHref") { if (!$options["thumbnails"]["enabled"]) { json_fail(1, "thumbnails disabled"); } normalized_require_once("/server/php/inc/Thumb.php"); if (!Thumb::is_supported()) { json_fail(2, "thumbnails not supported"); } list($type, $src_abs_href, $mode, $width, $height) = use_request_params(array("type", "href", "mode", "width", "height")); $thumb = new Thumb($this->app); $thumb_href = $thumb->thumb($type, $src_abs_href, $mode, $width, $height); if ($thumb_href === null) { json_fail(3, "thumbnail creation failed"); } json_exit(array("absHref" => $thumb_href)); } else { if ($action === "createArchive") { json_fail(1, "downloads disabled", !$options["download"]["enabled"]); list($execution, $format, $hrefs) = use_request_params(array("execution", "format", "hrefs")); normalized_require_once("/server/php/inc/Archive.php"); $archive = new Archive($this->app); $hrefs = explode(":", trim($hrefs)); $target = $archive->create($execution, $format, $hrefs); if (!is_string($target)) { json_fail($target, "package creation failed"); } json_exit(array("id" => basename($target), "size" => filesize($target))); } else { if ($action === "getArchive") { json_fail(1, "downloads disabled", !$options["download"]["enabled"]); list($id, $as) = use_request_params(array("id", "as")); json_fail(2, "file not found", !preg_match("/^package-/", $id)); $target = $this->app->get_cache_abs_path() . "/" . $id; json_fail(3, "file not found", !file_exists($target)); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($target)); header("Content-Disposition: attachment; filename=\"{$as}\""); header("Connection: close"); register_shutdown_function("delete_tempfile", $target); readfile($target); } else { if ($action === "upload") { list($href) = use_request_params(array("href")); json_fail(1, "wrong HTTP method", strtolower($_SERVER["REQUEST_METHOD"]) !== "post"); json_fail(2, "something went wrong", !array_key_exists("userfile", $_FILES)); $userfile = $_FILES["userfile"]; json_fail(3, "something went wrong [" . $userfile["error"] . "]", $userfile["error"] !== 0); json_fail(4, "folders not supported", file_get_contents($userfile["tmp_name"]) === "null"); $upload_dir = $this->app->get_abs_path($href); $code = $this->app->get_http_code($href); json_fail(5, "upload dir no h5ai folder or ignored", $code !== App::$MAGIC_SEQUENCE || $this->app->is_ignored($upload_dir)); $dest = $upload_dir . "/" . utf8_encode($userfile["name"]); json_fail(6, "already exists", file_exists($dest)); json_fail(7, "can't move uploaded file", !move_uploaded_file($userfile["tmp_name"], $dest)); json_exit(); } else { if ($action === "delete") { json_fail(1, "deletion disabled", !$options["delete"]["enabled"]); list($hrefs) = use_request_params(array("hrefs")); $hrefs = explode(":", trim($hrefs)); $errors = array(); foreach ($hrefs as $href) { $d = normalize_path(dirname($href), true); $n = basename($href); $code = $this->app->get_http_code($d); if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) { $abs_path = $this->app->get_abs_path($href); if (!unlink($abs_path)) { $errors[] = $href; } } } if (count($errors)) { json_fail(2, "deletion failed for some"); } else { json_exit(); } } else { if ($action === "rename") { json_fail(1, "renaming disabled", !$options["rename"]["enabled"]); list($href, $name) = use_request_params(array("href", "name")); $d = normalize_path(dirname($href), true); $n = basename($href); $code = $this->app->get_http_code($d); if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) { $abs_path = $this->app->get_abs_path($href); $folder = normalize_path(dirname($abs_path)); if (!rename($abs_path, $folder . "/" . $name)) { json_fail(2, "renaming failed"); } } json_exit(); } } } } } } } }
private function on_getThumbHref() { json_fail(1, "thumbnails disabled", !$this->options["thumbnails"]["enabled"]); json_fail(2, "thumbnails not supported", !HAS_PHP_JPG); $type = use_request_param("type"); $src_url = use_request_param("href"); $mode = use_request_param("mode"); $width = use_request_param("width"); $height = use_request_param("height"); $thumb = new Thumb($this->app); $thumb_url = $thumb->thumb($type, $src_url, $mode, $width, $height); json_fail(3, "thumbnail creation failed", $thumb_url === null); json_exit(array("absHref" => $thumb_url)); }
header("Connection: close"); readfile($target); } else { if ($action === "getchecks") { $php = version_compare(PHP_VERSION, "5.2.1") >= 0; $archive = class_exists("PharData"); $gd = false; if (function_exists("gd_info")) { $gdinfo = gd_info(); $gd = array_key_exists("JPG Support", $gdinfo) && $gdinfo["JPG Support"] || array_key_exists("JPEG Support", $gdinfo) && $gdinfo["JPEG Support"]; } $cache = is_writable($h5ai->getH5aiAbsPath() . "/cache"); $temp = is_writable(sys_get_temp_dir()); $tar = preg_match("/tar\$/", `which tar`) > 0; $zip = preg_match("/zip\$/", `which zip`) > 0; $convert = preg_match("/convert\$/", `which convert`) > 0; $ffmpeg = preg_match("/ffmpeg\$/", `which ffmpeg`) > 0; $du = preg_match("/du\$/", `which du`) > 0; json_exit(array("php" => $php, "cache" => $cache, "thumbs" => $gd, "temp" => $temp, "archive" => $archive, "tar" => $tar, "zip" => $zip, "convert" => $convert, "ffmpeg" => $ffmpeg, "du" => $du)); } else { if ($action === "getentries") { list($href, $content) = check_keys(array("href", "content")); $content = intval($content, 10); json_exit(array("entries" => $h5ai->getEntries($href, $content))); } else { json_fail(100, "unsupported action"); } } } } }
public function sort_f() { $sort = $this->get('sort'); if (!$sort || !is_array($sort)) { $this->json(P_Lang('更新排序失败')); } foreach ($sort as $key => $value) { $key = intval($key); $value = intval($value); $this->model('currency')->update_sort($key, $value); } json_exit(P_Lang('更新排序成功'), true); }
static function setpref_api($user, $qreq, $prow) { global $Conf; $cid = $user->contactId; if ($user->allow_administer($prow) && $qreq->reviewer && ($x = cvtint($qreq->reviewer)) > 0) { $cid = $x; } if ($v = parse_preference($qreq->pref)) { if (PaperActions::save_review_preferences([[$prow->paperId, $cid, $v[0], $v[1]]])) { $j = ["ok" => true, "response" => "Saved"]; } else { $j = ["ok" => false]; } $j["value"] = unparse_preference($v); } else { $j = ["ok" => false, "error" => "Bad preference"]; } json_exit($j); }
$when = $from; $rows = array(); $rf = ReviewForm::get(); foreach ($entries as $which => $xr) { if ($xr->isComment) { $rows[] = CommentInfo::unparse_flow_entry($xr, $Me, ""); $when = $xr->timeModified; } else { $rows[] = $rf->reviewFlowEntry($Me, $xr, ""); $when = $xr->reviewSubmitted; } } json_exit(["ok" => true, "from" => (int) $from, "to" => (int) $when - 1, "rows" => $rows]); } else { if ($qreq->fn === "events") { json_exit(["ok" => false]); } } if ($qreq->fn === "searchcompletion") { $s = new PaperSearch($Me, ""); $Conf->ajaxExit(array("ok" => true, "searchcompletion" => $s->search_completion())); } // from here on: `status` and `track` requests if ($qreq->fn === "track") { MeetingTracker::track_api($qreq, $Me); } // may fall through to act like `status` $j = $Me->my_deadlines($Conf->paper); if ($qreq->conflist && $Me->has_email() && ($cdb = Contact::contactdb())) { $j->conflist = array(); $result = Dbl::ql($cdb, "select c.confid, siteclass, shortName, url\n from Roles r join Conferences c on (c.confid=r.confid)\n join ContactInfo u on (u.contactDbId=r.contactDbId)\n where u.email=? order by r.updated_at desc", $Me->email);
static function call($name, $subname, Contact $user, $qreq, $selection) { $uf = null; if (isset(self::$byname[$name])) { $ufm = self::$byname[$name]; if ((string) $subname !== "" && isset($ufm[$subname])) { $uf = $ufm[$subname]; } else { if (isset($ufm[""])) { $uf = $ufm[""]; } } } if (is_array($selection)) { $selection = new SearchSelection($selection); } if (!$uf) { $error = "No such search action."; } else { if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) { $error = "Missing credentials."; } else { if ($uf[1] & SiteLoader::API_PAPER && $selection->is_empty()) { $error = "No papers selected."; } else { if (!$uf[0]->allow($user)) { $error = "Permission error."; } else { $error = $uf[0]->run($user, $qreq, $selection); } } } } if (is_string($error) && $qreq->ajax) { json_exit(["ok" => false, "error" => $error]); } else { if (is_string($error)) { Conf::msg_error($error); } } return $error; }
json_error(404, "User not found", $params->userId); } } if ($method == "GET") { json_exit($user->get(), SCHEMA_ROOT . '/user'); } else { if ($method == "PUT") { $user->put($jsonData); $user->save(); json_exit($user->get(), SCHEMA_ROOT . '/user'); } } json_error(405, "Invalid method: {$method}", $method); } else { if ($params = matchUriTemplate('/{username}/password')) { $user = User::open($params->username); if ($method == "PUT" || $method == "POST") { if (!$user->checkPassword($jsonData->oldPassword)) { json_error(403, "Incorrect password"); } $user->setPassword($jsonData->password); $user->save(); json_exit($user->get(), SCHEMA_ROOT . '/user'); } json_error(405, "Invalid method: {$method}", $method); } } } } } json_error(404);
public static function call_api($fn, $user, $qreq, $prow) { // XXX precondition: $user->can_view_paper($prow) || !$prow if (isset(SiteLoader::$api_map[$fn])) { $uf = SiteLoader::$api_map[$fn]; if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) { json_exit(["ok" => false, "error" => "Missing credentials."]); } if ($uf[1] & SiteLoader::API_PAPER && !$prow) { json_exit(["ok" => false, "error" => "No such paper."]); } call_user_func($uf[0], $user, $qreq, $prow); return true; } return false; }
} if (isset($_SERVER["REMOTE_ADDR"])) { $suffix .= ", host " . $_SERVER["REMOTE_ADDR"]; } error_log("JS error: {$url}{$errormsg}{$suffix}"); if ($stacktext = $qreq->stack) { $stack = array(); foreach (explode("\n", $stacktext) as $line) { $line = trim($line); if ($line === "" || $line === $errormsg || "Uncaught {$line}" === $errormsg) { continue; } if (preg_match('/\\Aat (\\S+) \\((\\S+)\\)/', $line, $m)) { $line = $m[1] . "@" . $m[2]; } else { if (substr($line, 0, 1) === "@") { $line = substr($line, 1); } else { if (substr($line, 0, 3) === "at ") { $line = substr($line, 3); } } } $stack[] = $line; } error_log("JS error: {$url}via " . join(" ", $stack)); } } json_exit(["ok" => true]); } $Conf->ajaxExit(["ok" => false]);
private function on_new_folder() { $h5ai_path = ''; $filename = ''; json_fail(1, "folder creation disabled", !$this->options["new_folder"]["enabled"]); $href = use_request_param("href"); $name = use_request_param("name"); $d = normalize_path(dirname($href), true); $n = basename($href); if ($this->app->is_managed_url($d) && !$this->app->is_hidden($n)) { $path = $this->app->to_path($href); $folder = normalize_path(dirname($path)); if (!mkdir($path . "/" . $name)) { json_fail(2, "folder creation failed" . " PATH: {$path} | FOLDER: {$folder} | NAME: {$name}"); } $filename = $path . "/" . $name . "/" . ".htaccess"; $h5ai_path = "DirectoryIndex " . INDEX_HREF; if (!($handle = fopen($filename, 'w'))) { json_fail(3, "Cannot open file ({$filename})"); } if (fwrite($handle, $h5ai_path) === FALSE) { json_fail(3, "Cannot write to file ({$filename})"); } fclose($handle); } json_exit("Success, wrote ( {$h5ai_path} ) to file ( {$filename} ). {$href}/{$name}"); }