echo Ht::form_div(hoturl_post("bulkassign", ["saveassignment" => 1, "assigntypes" => join(" ", $atypes), "assignpids" => join(" ", $apids)])); $assignset->echo_unparse_display(); echo '<div class="g"></div>', '<div class="aahc"><div class="aa">', Ht::submit("Apply changes"), ' ', Ht::submit("cancel", "Cancel"), Ht::hidden("default_action", $defaults["action"]), Ht::hidden("rev_roundtag", $defaults["round"]), Ht::hidden("file", $text), Ht::hidden("assignment_size_estimate", $csv_lineno), Ht::hidden("filename", $filename), Ht::hidden("requestreview_notify", req("requestreview_notify")), Ht::hidden("requestreview_subject", req("requestreview_subject")), Ht::hidden("requestreview_body", req("requestreview_body")), Ht::hidden("bulkentry", req("bulkentry")), '</div></div></div></form>', "\n"; $Conf->footer(); exit; } } } } if (isset($_REQUEST["saveassignment"]) && check_post() && isset($_POST["file"]) && get($_POST, "assignment_size_estimate") >= 1000) { complete_assignment("keep_browser_alive"); finish_browser_alive(); } echo Ht::form_div(hoturl_post("bulkassign", "upload=1"), array("divstyle" => "margin-top:1em")); // Upload echo '<div class="f-contain"><div class="f-i"><div class="f-e">', Ht::textarea("bulkentry", req_s("bulkentry"), ["rows" => 1, "cols" => 80, "placeholder" => "Enter assignments"]), '</div></div></div>'; echo '<div class="g"><strong>OR</strong> ', '<input type="file" name="bulk" accept="text/plain,text/csv" size="30" /></div>'; echo '<div id="foldoptions" class="lg foldc fold2o">', 'By default, assign ', Ht::select("default_action", array("primary" => "primary reviews", "secondary" => "secondary reviews", "pcreview" => "optional PC reviews", "review" => "external reviews", "conflict" => "PC conflicts", "lead" => "discussion leads", "shepherd" => "shepherds", "tag" => "add tags", "settag" => "replace tags", "preference" => "reviewer preferences"), defval($_REQUEST, "default_action", "primary"), array("id" => "tsel", "onchange" => "fold(\"options\",this.value!=\"review\");fold(\"options\",!/^(?:primary|secondary|(?:pc)?review)\$/.test(this.value),2)")); $rev_rounds = $Conf->round_selector_options(); if (count($rev_rounds) > 1) { echo '<span class="fx2"> in round ', Ht::select("rev_roundtag", $rev_rounds, $_REQUEST["rev_roundtag"] ?: "unnamed"), '</span>'; } else { if (!get($rev_rounds, "unnamed")) { echo '<span class="fx2"> in round ', $Conf->current_round_name(), '</span>'; } } echo '<div class="g"></div>', "\n"; $requestreview_template = $null_mailer->expand_template("requestreview"); echo Ht::hidden("requestreview_subject", $requestreview_template["subject"]); if (isset($_REQUEST["requestreview_body"])) { $t = $_REQUEST["requestreview_body"];
private static function login() { global $Conf, $Now, $email_class, $password_class; $external_login = $Conf->external_login(); // In all cases, we need to look up the account information // to determine if the user is registered if (!isset($_REQUEST["email"]) || ($_REQUEST["email"] = trim($_REQUEST["email"])) == "") { $email_class = " error"; if ($Conf->opt("ldapLogin")) { return Conf::msg_error("Enter your LDAP username."); } else { return Conf::msg_error("Enter your email address."); } } // Check for the cookie if (isset($_SESSION["testsession"])) { /* Session cookie set */ } else { if (!isset($_REQUEST["testsession"])) { // set a cookie to test that their browser supports cookies $_SESSION["testsession"] = true; $url = "testsession=1"; foreach (array("email", "password", "action", "go", "signin") as $a) { if (isset($_REQUEST[$a])) { $url .= "&{$a}=" . urlencode($_REQUEST[$a]); } } Navigation::redirect("?" . $url); } else { return Conf::msg_error("You appear to have disabled cookies in your browser, but this site needs to set cookies to function. Google has <a href='http://www.google.com/cookies.html'>an informative article on how to enable them</a>."); } } // do LDAP login before validation, since we might create an account if ($Conf->opt("ldapLogin")) { $_REQUEST["action"] = "login"; if (!self::ldap_login()) { return null; } } // look up user in our database if (strpos($_REQUEST["email"], "@") === false) { self::unquote_double_quoted_request(); } $user = $Conf->user_by_whatever($_REQUEST["email"]); // look up or create user in contact database $cdb_user = null; if (opt("contactdb_dsn")) { if ($user) { $cdb_user = $user->contactdb_user(); } else { $cdb_user = Contact::contactdb_find_by_email($_REQUEST["email"]); } } // create account if requested if ($_REQUEST["action"] == "new") { if (!($user = self::create_account($user, $cdb_user))) { return null; } $_REQUEST["password"] = $user->password_plaintext; } // auto-create account if external login if (!$user && $external_login) { $reg = Contact::safe_registration($_REQUEST); $reg->no_validate_email = true; if (!($user = Contact::create($Conf, $reg))) { return Conf::msg_error($Conf->db_error_html(true, "while adding your account")); } if ($Conf->setting("setupPhase", false)) { return self::first_user($user, $msg); } } // if no user found, then fail if (!$user && (!$cdb_user || !$cdb_user->allow_contactdb_password())) { $email_class = " error"; return Conf::msg_error("No account for " . htmlspecialchars($_REQUEST["email"]) . ". Did you enter the correct email address?"); } // if user disabled, then fail if ($user && $user->disabled) { return Conf::msg_error("Your account is disabled. Contact the site administrator for more information."); } // maybe reset password $xuser = $user ?: $cdb_user; if ($_REQUEST["action"] == "forgot") { $worked = $xuser->sendAccountInfo("forgot", true); if ($worked == "@resetpassword") { $Conf->confirmMsg("A password reset link has been emailed to " . htmlspecialchars($_REQUEST["email"]) . ". When you receive that email, follow its instructions to create a new password."); } else { if ($worked) { $Conf->confirmMsg("Your password has been emailed to " . htmlspecialchars($_REQUEST["email"]) . ". When you receive that email, return here to sign in."); $Conf->log("Sent password", $xuser); } } return null; } // check password if (!$external_login) { if (($password = trim(req_s("password"))) === "") { $password_class = " error"; return Conf::msg_error("Enter your password. If you’ve forgotten it, enter your email address and use the “I forgot my password” option."); } if (!$xuser->check_password($password)) { $password_class = " error"; return Conf::msg_error("That password doesn’t match. If you’ve forgotten your password, enter your email address and use the “I forgot my password” option."); } } // mark activity $xuser->mark_login(); // activate and redirect $user = $xuser->activate(); unset($_SESSION["testsession"]); $_SESSION["trueuser"] = (object) array("email" => $user->email); $Conf->save_session("freshlogin", true); $Conf->save_session("password_reset", null); if (isset($_REQUEST["go"])) { $where = $_REQUEST["go"]; } else { if (isset($_SESSION["login_bounce"]) && $_SESSION["login_bounce"][0] == $Conf->dsn) { $where = $_SESSION["login_bounce"][1]; } else { $where = hoturl("index"); } } go($where); exit; }
function ldapLoginAction() { global $Conf, $Opt; if (!preg_match('/\\A\\s*(\\S+)\\s+(\\d+\\s+)?([^*]+)\\*(.*?)\\s*\\z/s', $Opt["ldapLogin"], $m)) { return Conf::msg_error("Internal error: <code>\$Opt[\"ldapLogin\"]</code> syntax error; expected “<code><i>LDAP-URL</i> <i>distinguished-name</i></code>”, where <code><i>distinguished-name</i></code> contains a <code>*</code> character to be replaced by the user's email address. Logins will fail until this error is fixed."); } // connect to the LDAP server if ($m[2] == "") { $ldapc = @ldap_connect($m[1]); } else { $ldapc = @ldap_connect($m[1], (int) $m[2]); } if (!$ldapc) { return Conf::msg_error("Internal error: ldap_connect. Logins disabled until this error is fixed."); } @ldap_set_option($ldapc, LDAP_OPT_PROTOCOL_VERSION, 3); $qemail = addcslashes(req_s("email"), ',=+<>#;\\"'); $dn = $m[3] . $qemail . $m[4]; $success = @ldap_bind($ldapc, $dn, req_s("password")); if (!$success && @ldap_errno($ldapc) == 2) { @ldap_set_option($ldapc, LDAP_OPT_PROTOCOL_VERSION, 2); $success = @ldap_bind($ldapc, $dn, req_s("password")); } if (!$success) { return ldapLoginBindFailure($ldapc); } // use LDAP information to prepopulate the database with names // add the additional filter key if set if (isset($Opt["ldap_addlFilterKey"])) { $sr = @ldap_search($ldapc, $dn, "(cn=*)", array("sn", "givenname", "cn", "mail", "telephonenumber", $Opt["ldap_addlFilterKey"])); } else { $sr = @ldap_search($ldapc, $dn, "(cn=*)", array("sn", "givenname", "cn", "mail", "telephonenumber")); } if ($sr) { $e = @ldap_get_entries($ldapc, $sr); $e = $e["count"] == 1 ? $e[0] : array(); if (isset($e["cn"]) && $e["cn"]["count"] == 1) { list($_REQUEST["firstName"], $_REQUEST["lastName"]) = Text::split_name($e["cn"][0]); } if (isset($e["sn"]) && $e["sn"]["count"] == 1) { $_REQUEST["lastName"] = $e["sn"][0]; } if (isset($e["givenname"]) && $e["givenname"]["count"] == 1) { $_REQUEST["firstName"] = $e["givenname"][0]; } if (isset($e["mail"]) && $e["mail"]["count"] == 1) { $_REQUEST["preferredEmail"] = $e["mail"][0]; } if (isset($e["telephonenumber"]) && $e["telephonenumber"]["count"] == 1) { $_REQUEST["voicePhoneNumber"] = $e["telephonenumber"][0]; } } // additional filter key set? if (isset($Opt["ldap_addlFilterKey"])) { // only pass, if key exists in LDAP query, has one value, and the value matches //if (!(isset($e[$Opt["ldap_addlFilterKey"]]))) { // return $Conf->errorMsg(" Filter key : '".$Opt["ldap_addlFilterKey"]."' not found in ldap search. " . var_dump(array_keys($e))); //} //if (!($e[$Opt["ldap_addlFilterKey"]]["count"] == 1)) { // return $Conf->errorMsg("Found wrong number of entries for key: " . $e[$Opt["ldap_addlFilterKey"]]["count"]); //} if (!(isset($e[$Opt["ldap_addlFilterKey"]]) && $e[$Opt["ldap_addlFilterKey"]]["count"] == 1 && $e[$Opt["ldap_addlFilterKey"]][0] == $Opt["ldap_addlFilterValue"])) { return $Conf->errorMsg($Opt["ldap_addlFilterErrMsg"]); } } // set default affiliation if (isset($Opt["ldap_def_affiliation"])) { $_REQUEST["affiliation"] = $Opt["ldap_def_affiliation"]; } // stick in no collaborators by default (avoids setting popping up all the time) if (isset($Opt["ldap_def_collab"])) { $_REQUEST["collaborators"] = $Opt["ldap_def_collab"]; } ldap_close($ldapc); return true; }