Exemplo n.º 1
 function run(Contact $user, $qreq, $ssel)
     global $Conf;
     $o = cvtint($qreq->decision);
     $decision_map = $Conf->decision_map();
     if ($o === null || !isset($decision_map[$o])) {
         return Conf::msg_error("Bad decision value.");
     $result = Dbl::qe_raw($Conf->paperQuery($user, array("paperId" => $ssel->selection())));
     $success = $fails = array();
     while ($prow = PaperInfo::fetch($result, $user)) {
         if ($user->can_set_decision($prow, true)) {
             $success[] = $prow->paperId;
         } else {
             $fails[] = "#" . $prow->paperId;
     if (count($fails)) {
         Conf::msg_error("You cannot set paper decisions for " . pluralx($fails, "paper") . " " . commajoin($fails) . ".");
     if (count($success)) {
         Dbl::qe("update Paper set outcome={$o} where paperId ?a", $success);
         $Conf->update_paperacc_setting($o > 0);
         redirectSelf(array("atab" => "decide", "decision" => $o));
Exemplo n.º 2
function error_go($url, $message)
    if ($url === false) {
        $url = hoturl("index");
Exemplo n.º 3
function document_error($status, $msg)
    global $Conf;
    header("HTTP/1.1 {$status}");
    $Conf->header("Download", null, actionBar());
    $msg && Conf::msg_error($msg);
 function run(Contact $user, $qreq, $ssel)
     global $Conf, $Opt;
     // maybe download preferences for someone else
     $Rev = $user;
     if (($cid = cvtint($qreq->reviewer)) > 0 && $user->privChair) {
         if (!($Rev = Contact::find_by_id($cid))) {
             return Conf::msg_error("No such reviewer");
     if (!$Rev->isPC) {
         return self::EPERM;
     $q = $Conf->paperQuery($Rev, array("paperId" => $ssel->selection(), "topics" => 1, "reviewerPreference" => 1));
     $result = Dbl::qe_raw($q);
     $texts = array();
     while ($prow = PaperInfo::fetch($result, $Rev)) {
         $t = $prow->paperId . "," . CsvGenerator::quote($prow->title);
         if ($prow->conflictType > 0) {
             $t .= ",conflict";
         } else {
             $t .= "," . unparse_preference($prow);
         $t .= "\n";
         if ($this->extended) {
             if ($Rev->can_view_authors($prow, false)) {
                 $t .= prefix_word_wrap("#  Authors: ", $prow->pretty_text_author_list(), "#           ");
             $t .= prefix_word_wrap("# Abstract: ", rtrim($prow->abstract), "#           ");
             if ($prow->topicIds != "") {
                 $t .= prefix_word_wrap("#   Topics: ", $prow->unparse_topics_text(), "#           ");
             $t .= "\n";
         defappend($texts[$prow->paperId], $t);
     downloadCSV(join("", $ssel->reorder($texts)), ["paper", "title", "preference"], "revprefs");
 static function setReviewPreference($prow)
     global $Conf, $Me, $Error, $OK;
     $ajax = defval($_REQUEST, "ajax", false);
     if (!$Me->allow_administer($prow) || ($contactId = cvtint(@$_REQUEST["reviewer"])) <= 0) {
         $contactId = $Me->contactId;
     if (isset($_REQUEST["revpref"]) && ($v = parse_preference($_REQUEST["revpref"]))) {
         if (self::save_review_preferences(array(array($prow->paperId, $contactId, $v[0], $v[1])))) {
             $Conf->confirmMsg($ajax ? "Saved" : "Review preference saved.");
         } else {
             $Error["revpref"] = true;
         $v = unparse_preference($v);
     } else {
         $v = null;
         Conf::msg_error($ajax ? "Bad preference" : "Bad preference “" . htmlspecialchars($_REQUEST["revpref"]) . "”.");
         $Error["revpref"] = true;
     if ($ajax) {
         $Conf->ajaxExit(array("ok" => $OK && !@$Error["revpref"], "value" => $v));
Exemplo n.º 6
function handle_response()
    global $Conf, $Me, $prow, $crow;
    $rname = @trim($_REQUEST["response"]);
    $rnum = $Conf->resp_round_number($rname);
    if ($rnum === false && $rname) {
        return Conf::msg_error("No such response round “" . htmlspecialchars($rname) . "”.");
    $rnum = (int) $rnum;
    if ($crow && @(int) $crow->commentRound !== $rnum) {
        $Conf->warnMsg("Attempt to change response round ignored.");
        $rnum = @+$crow->commentRound;
    if (!($xcrow = $crow)) {
        $xcrow = (object) array("commentType" => COMMENTTYPE_RESPONSE, "commentRound" => $rnum);
    if ($whyNot = $Me->perm_respond($prow, $xcrow, true)) {
        return Conf::msg_error(whyNotText($whyNot, "respond to reviews for"));
    $text = @rtrim($_REQUEST["comment"]);
    if ($text === "" && !$crow) {
        return Conf::msg_error("Enter a response.");
    save_comment($text, true, $rnum);
 static function save_username(Contact $user, $username)
     global $Me;
     // does it contain odd characters?
     $username = trim((string) $username);
     if ($username === "") {
         if ($Me->privChair) {
             return $user->change_username("seascode", null);
         return Conf::msg_error("Empty username.");
     if (preg_match('_[@,;:~/\\[\\](){}\\<>&#=\\000-\\027]_', $username)) {
         return Conf::msg_error("The username “" . htmlspecialchars($username) . "” contains funny characters. Remove them.");
     // is it in use?
     $x = $user->conf->fetch_value("select contactId from ContactInfo where seascode_username=?", $username);
     if ($x && $x != $user->contactId) {
         return Conf::msg_error("That username is already in use.");
     // is it valid?
     $htopt = array("timeout" => 5, "ignore_errors" => true);
     $context = stream_context_create(array("http" => $htopt));
     $userurl = self::MAINURL . "~" . htmlspecialchars($username);
     $response_code = 509;
     if ($stream = fopen($userurl, "r", false, $context)) {
         if (($metadata = stream_get_meta_data($stream)) && ($w = get($metadata, "wrapper_data")) && is_array($w) && preg_match(',\\AHTTP/[\\d.]+\\s+(\\d+)\\s+(.+)\\z,', $w[0], $m)) {
             $response_code = (int) $m[1];
     if ($response_code == 404) {
         return Conf::msg_error("That username doesn’t appear to exist. Check your spelling.");
     } else {
         if ($response_code != 200) {
             return Conf::msg_error("Error contacting " . htmlspecialchars($userurl) . " (response code {$response_code}). Maybe try again?");
     return $user->change_username("seascode", $username);
Exemplo n.º 8
 function set_partner($pset, $partner)
     global $ConfSitePATH;
     $pset = is_object($pset) ? $pset->psetid : $pset;
     // does it contain odd characters?
     $partner = trim($partner);
     $pc = $this->conf->user_by_whatever($partner);
     if (!$pc && ($partner == "" || strcasecmp($partner, "none") == 0)) {
         $pc = $this;
     } else {
         if (!$pc || !$pc->contactId) {
             return Conf::msg_error("I can’t find someone with email/username " . htmlspecialchars($partner) . ". Check your spelling.");
     foreach ($this->links(LINK_PARTNER, $pset) as $link) {
         $this->conf->qe("delete from ContactLink where cid=? and type=? and pset=? and link=?", $link, LINK_BACKPARTNER, $pset, $this->contactId);
     if ($pc->contactId == $this->contactId) {
         return $this->clear_links(LINK_PARTNER, $pset);
     } else {
         return $this->set_link(LINK_PARTNER, $pset, $pc->contactId) && $this->conf->qe("insert into ContactLink set cid=?, type=?, pset=?, link=?", $pc->contactId, LINK_BACKPARTNER, $pset, $this->contactId);
Exemplo n.º 9
 public function report_errors()
     global $Conf;
     if (count($this->errors_)) {
         Conf::msg_error('Assignment errors: <div class="parseerr"><p>' . join("</p>\n<p>", $this->errors_html(true)) . '</p></div> Please correct these errors and try again.');
Exemplo n.º 10
 function __construct($contact, $type, $papersel, $newrev_since)
     global $Conf, $Now;
     $this->contact = $contact;
     $any_newpcrev = $any_lead = $any_shepherd = 0;
     if ($contact->is_manager()) {
         $this->defsel("s", "Contact authors of submitted papers");
         $this->defsel("unsub", "Contact authors of unsubmitted papers");
         $this->defsel("au", "All contact authors");
         // map "somedec:no"/"somedec:yes" to real decisions
         $result = Dbl::qe("select outcome, count(*) from Paper where timeSubmitted>0 group by outcome");
         $dec_pcount = edb_map($result);
         $dec_tcount = array(0 => 0, 1 => 0, -1 => 0);
         foreach ($dec_pcount as $dnum => $dcount) {
             $dec_tcount[$dnum > 0 ? 1 : ($dnum < 0 ? -1 : 0)] += $dcount;
         if ($type == "somedec:no" || $type == "somedec:yes") {
             $dmaxcount = -1;
             foreach ($dec_pcount as $dnum => $dcount) {
                 if (($type[8] == "n" ? $dnum < 0 : $dnum > 0) && $dcount > $dmaxcount && ($dname = $Conf->decision_name($dnum))) {
                     $type = "dec:{$dname}";
                     $dmaxcount = $dcount;
         $by_dec = array();
         foreach ($Conf->decision_map() as $dnum => $dname) {
             $k = "dec:{$dname}";
             if ($dnum && (@$dec_pcount[$dnum] > 0 || $type == $k)) {
                 $by_dec[$k] = "Contact authors of " . htmlspecialchars($dname) . " papers";
         if ($dec_tcount[1] > 0 || $type == "dec:yes") {
             $by_dec["dec:yes"] = "Contact authors of accept-class papers";
         if ($dec_tcount[-1] > 0 || $type == "dec:no") {
             $by_dec["dec:no"] = "Contact authors of reject-class papers";
         if ($dec_tcount[0] > 0 || $type == "dec:none") {
             $by_dec["dec:none"] = "Contact authors of undecided papers";
         if ($type == "dec:any") {
             $by_dec["dec:any"] = "Contact authors of decided papers";
         if (count($by_dec)) {
             $this->sel["bydec_group"] = array("optgroup", "Contact authors by decision");
             foreach ($by_dec as $k => $v) {
                 $this->defsel($k, $v);
             $this->sel["bydec_group_end"] = array("optgroup");
         $this->sel["rev_group"] = array("optgroup", "Reviewers");
         $this->defsel("rev", "Reviewers");
         $this->defsel("crev", "Reviewers with complete reviews");
         $this->defsel("uncrev", "Reviewers with incomplete reviews");
         $this->defsel("allcrev", "Reviewers with no incomplete reviews");
         $this->defsel("pcrev", "PC reviewers");
         $this->defsel("uncpcrev", "PC reviewers with incomplete reviews");
         // new assignments query
         // XXX this exposes information about PC review assignments
         // for conflicted papers to the chair; not worth worrying about
         $aq = "select PaperReview.paperId any_newpcrev from PaperReview";
         if (!$contact->privChair) {
             $aq .= " join Paper on (Paper.paperId=PaperReview.paperId and Paper.managerContactId=" . $contact->contactId . ")";
         $aq .= "\n\twhere reviewType>=" . REVIEW_PC . " and reviewSubmitted is null and reviewNeedsSubmit!=0 and timeRequested>timeRequestNotified limit 1";
         $bcq_manager = "";
         if (!$contact->privChair) {
             $bcq_manager = " and managerContactId=" . $contact->contactId;
         $q = "select any_newpcrev, any_lead, any_shepherd\n\tfrom ({$aq}) a\n\tleft join (select paperId any_lead from Paper where timeSubmitted>0 and leadContactId!=0{$bcq_manager} limit 1) b on (true)\n\tleft join (select paperId any_shepherd from Paper where timeSubmitted>0 and shepherdContactId!=0{$bcq_manager} limit 1) c on (true)";
         if ($row = Dbl::fetch_first_row($q)) {
             list($any_newpcrev, $any_lead, $any_shepherd) = $row;
         $this->defsel("newpcrev", "PC reviewers with new review assignments");
         $this->defsel("extrev", "External reviewers");
         $this->defsel("uncextrev", "External reviewers with incomplete reviews");
         $this->sel["rev_group_end"] = array("optgroup");
     $this->defsel_nm("myextrev", "Your requested reviewers");
     $this->defsel_nm("uncmyextrev", "Your requested reviewers with incomplete reviews");
     $this->sel["pc_group"] = array("optgroup", "Program committee");
     if ($contact->is_manager()) {
         if ($any_lead || $type == "lead") {
             $this->defsel("lead", "Discussion leads");
         if ($any_shepherd || $type == "shepherd") {
             $this->defsel("shepherd", "Shepherds");
     $this->defsel_nm("pc", "Program committee");
     foreach (pcTags() as $t) {
         if ($t != "pc") {
             $this->defsel_nm("pc:{$t}", "PC members tagged “{$t}”");
     $this->sel["pc_group_end"] = array("optgroup");
     if ($contact->privChair) {
         $this->defsel("all", "All users");
     if (isset($this->sel[$type])) {
         $this->type = $type;
     } else {
         if ($type == "myuncextrev" && isset($this->sel["uncmyextrev"])) {
             $this->type = "uncmyextrev";
         } else {
             $this->type = key($this->sel);
     $this->papersel = $papersel;
     if ($this->type == "newpcrev") {
         $t = @trim($newrev_since);
         if (preg_match(',\\A(?:|n/a|[(]?all[)]?|0)\\z,i', $t)) {
             $this->newrev_since = 0;
         } else {
             if (($this->newrev_since = $Conf->parse_time($t)) !== false) {
                 if ($this->newrev_since > $Now) {
                     $Conf->warnMsg("That time is in the future.");
             } else {
                 Conf::msg_error("Invalid date.");
                 $this->error = true;
Exemplo n.º 11
 static function save_clickthrough($user)
     global $Conf, $Now;
     $confirmed = false;
     if (@$_REQUEST["clickthrough_accept"] && @$_REQUEST["clickthrough_sha1"]) {
         $user->merge_and_save_data(array("clickthrough" => array($_REQUEST["clickthrough_sha1"] => $Now)));
         $confirmed = true;
     } else {
         if (@$_REQUEST["clickthrough_decline"]) {
             Conf::msg_error("You can’t continue until you accept these terms.");
     if (@$_REQUEST["ajax"]) {
         $Conf->ajaxExit(array("ok" => $confirmed));
Exemplo n.º 12
 public function table_html($listname, $options = array())
     global $Conf;
     if (!$this->_prepare()) {
         return null;
     if (isset($options["fold"])) {
         foreach ($options["fold"] as $n => $v) {
             $this->viewmap->{$n} = $v;
     if (isset($options["table_id"])) {
         $this->viewmap->table_id = $options["table_id"];
     // need tags for row coloring
     if ($this->contact->can_view_tags(null)) {
         $this->qopts["tags"] = 1;
     $this->table_type = $listname;
     // get column list, check sort
     $field_list = $this->_list_columns($listname);
     if (!$field_list) {
         Conf::msg_error("There is no paper list query named “" . htmlspecialchars($listname) . "”.");
         return null;
     $field_list = $this->_columns($field_list, true);
     $body_attr = $this->row_attr;
     $rows = $this->_rows($field_list);
     if ($rows === null) {
         return null;
     // return IDs if requested
     if (empty($rows)) {
         if ($altq = $this->search->alternate_query()) {
             $altqh = htmlspecialchars($altq);
             $url = $this->search->url_site_relative_raw($altq);
             if (substr($url, 0, 5) == "search") {
                 $altqh = "<a href=\"" . htmlspecialchars(Navigation::siteurl() . $url) . "\">" . $altqh . "</a>";
             return "No matching papers. Did you mean “{$altqh}”?";
         } else {
             return "No matching papers";
     // get field array
     $fieldDef = array();
     $ncol = $titlecol = 0;
     // folds: au:1, anonau:2, fullrow:3, aufull:4, force:5, rownum:6, [fields]
     $next_fold = 7;
     foreach ($field_list as $fdef) {
         if ($fdef->view != Column::VIEW_NONE) {
             $fieldDef[] = $fdef;
         if ($fdef->view != Column::VIEW_NONE && $fdef->foldable) {
             $fdef->foldable = $next_fold;
         if ($fdef->name == "title") {
             $titlecol = $ncol;
         if ($fdef->view == Column::VIEW_COLUMN && !$fdef->is_folded) {
     // count non-callout columns
     $skipcallout = 0;
     foreach ($fieldDef as $fdef) {
         if ($fdef->name != "id" && !isset($fdef->is_selector)) {
         } else {
     // create render state
     $rstate = new PaperListRenderState($ncol, $titlecol, $skipcallout);
     // collect row data
     $body = array();
     $lastheading = !empty($this->search->groupmap) ? -1 : -2;
     $need_render = false;
     foreach ($rows as $row) {
         if ($lastheading > -2) {
             $lastheading = $this->_check_heading($this->_row_thenval($row), $rstate, $rows, $lastheading, $body);
         $body[] = $this->_row_text($rstate, $row, $fieldDef);
         if ($this->need_render && !$need_render) {
             $Conf->footerScript('$(plinfo.render_needed)', 'plist_render_needed');
             $need_render = true;
         if ($this->need_render && $this->count % 16 == 15) {
             $body[count($body) - 1] .= "  <script>plinfo.render_needed()</script>\n";
             $this->need_render = false;
     if ($lastheading > -2 && $this->search->is_order_anno) {
         while ($lastheading + 1 < count($this->search->groupmap)) {
             $lastheading = $this->_check_heading($lastheading + 1, $rstate, $rows, $lastheading, $body);
     // header cells
     $colhead = "";
     $url = $this->search->url_site_relative_raw();
     if (!defval($options, "noheader")) {
         $colhead .= " <thead class=\"pltable\">\n  <tr class=\"pl_headrow\">";
         $ord = 0;
         $titleextra = $this->_make_title_header_extra($rstate, $fieldDef, get($options, "header_links"));
         foreach ($fieldDef as $fdef) {
             if ($fdef->view != Column::VIEW_COLUMN || $fdef->is_folded) {
             $colhead .= "<th class=\"pl " . $fdef->className;
             if ($fdef->foldable) {
                 $colhead .= " fx" . $fdef->foldable;
             $colhead .= "\">";
             if ($fdef->has_content) {
                 $colhead .= $this->_field_title($fdef, $ord);
             if ($titleextra && $fdef->className == "pl_title") {
                 $colhead .= $titleextra;
                 $titleextra = false;
             $colhead .= "</th>";
         $colhead .= "</tr>\n";
         if ($this->search->is_order_anno) {
             $colhead .= "  <tr class=\"pl_headrow pl_annorow\" data-anno-tag=\"{$this->search->is_order_anno}\">";
             if ($rstate->titlecol) {
                 $colhead .= "<td colspan=\"{$rstate->titlecol}\"></td>";
             $colhead .= "<td colspan=\"" . ($rstate->ncol - $rstate->titlecol) . "\"><a href=\"#\" onclick=\"return plinfo_tags.edit_anno(this)\">Annotate order</a></td></tr>\n";
         $colhead .= " </thead>\n";
     // table skeleton including fold classes
     $foldclasses = array();
     if ($this->foldable) {
         $foldclasses = $this->_analyze_folds($rstate, $fieldDef);
     $enter = "";
     if (self::$include_stash) {
         $enter .= Ht::take_stash();
     $enter .= "<table class=\"pltable plt_" . htmlspecialchars($listname);
     if (defval($options, "class")) {
         $enter .= " " . $options["class"];
     if ($this->listNumber) {
         $enter .= " has_hotcrp_list";
     if (!empty($foldclasses)) {
         $enter .= " " . join(" ", $foldclasses);
     if ($this->viewmap->table_id) {
         $enter .= "\" id=\"" . $this->viewmap->table_id;
     if (defval($options, "attributes")) {
         foreach ($options["attributes"] as $n => $v) {
             $enter .= "\" {$n}=\"" . htmlspecialchars($v);
     if ($this->search->is_order_anno) {
         $enter .= "\" data-order-tag=\"{$this->search->is_order_anno}";
     foreach ($body_attr as $k => $v) {
         $enter .= "\" {$k}=\"" . htmlspecialchars($v);
     if ($this->listNumber) {
         $enter .= '" data-hotcrp-list="' . $this->listNumber;
     $enter .= "\" data-fold=\"true\">\n";
     $exit = "</table>";
     // maybe make columns, maybe not
     $tbody_class = "pltable";
     if ($this->viewmap->columns && !empty($rstate->ids) && $this->_column_split($rstate, $colhead, $body)) {
         $enter = '<div class="plsplit_col_ctr_ctr"><div class="plsplit_col_ctr">' . $enter;
         $exit = $exit . "</div></div>";
         $ncol = $rstate->split_ncol;
         $tbody_class = "pltable_split";
     } else {
         $enter .= $colhead;
         $tbody_class .= $rstate->hascolors ? " pltable_colored" : "";
     // footer
     $foot = "";
     if ($this->viewmap->statistics && !$this->viewmap->columns) {
         $foot .= $this->_statistics_rows($rstate, $fieldDef);
     if ($fieldDef[0] instanceof SelectorPaperColumn && !defval($options, "nofooter")) {
         $foot .= $this->_footer($ncol, get_s($options, "footer_extra"));
     if ($foot) {
         $enter .= ' <tfoot' . ($rstate->hascolors ? ' class="pltable_colored"' : "") . ">\n" . $foot . " </tfoot>\n";
     // body
     $enter .= " <tbody class=\"{$tbody_class}\">\n";
     // header scripts to set up delegations
     if ($this->_header_script) {
         $enter .= '  <script>' . $this->_header_script . "</script>\n";
     // session variable to remember the list
     if ($this->listNumber) {
         $sl = $this->search->create_session_list_object($rstate->ids, self::_listDescription($listname), $this->sortdef());
         if (isset($this->qreq->sort)) {
             $url .= (strpos($url, "?") ? "&" : "?") . "sort=" . urlencode($this->qreq->sort);
         $sl->url = $url;
         if (get($options, "list_properties")) {
             foreach ($options["list_properties"] as $k => $v) {
                 $sl->{$k} = $v;
         SessionList::change($this->listNumber, $sl);
     foreach ($fieldDef as $fdef) {
         if ($fdef->has_content) {
             $this->any[$fdef->name] = true;
     if ($rstate->has_openau) {
         $this->any->openau = true;
     if ($rstate->has_anonau) {
         $this->any->anonau = true;
     $this->ids = $rstate->ids;
     return $enter . join("", $body) . " </tbody>\n" . $exit;
Exemplo n.º 13
function fileUploaded(&$var)
    global $Conf;
    if (!isset($var) || $var['error'] != UPLOAD_ERR_OK && !$Conf) {
        return false;
    switch ($var['error']) {
        case UPLOAD_ERR_OK:
            return is_uploaded_file($var['tmp_name']) || PHP_SAPI === "cli" && get($var, "tmp_name_safe");
        case UPLOAD_ERR_NO_FILE:
            return false;
        case UPLOAD_ERR_INI_SIZE:
        case UPLOAD_ERR_FORM_SIZE:
            Conf::msg_error("You tried to upload a file that’s too big for our system to accept.  The maximum size is " . ini_get("upload_max_filesize") . "B.");
            return false;
        case UPLOAD_ERR_PARTIAL:
            Conf::msg_error("You appear to have interrupted the upload process; I am not storing that file.");
            return false;
            Conf::msg_error("Internal upload error " . $var['error'] . "!");
            return false;
Exemplo n.º 14
 private function run()
     global $Conf, $Opt, $Me, $Error, $subjectPrefix, $mailer_options;
     $subject = trim(defval($_REQUEST, "subject", ""));
     if (substr($subject, 0, strlen($subjectPrefix)) != $subjectPrefix) {
         $subject = $subjectPrefix . $subject;
     $emailBody = $_REQUEST["emailBody"];
     $template = array("subject" => $subject, "body" => $emailBody);
     $rest = array("cc" => $_REQUEST["cc"], "reply-to" => $_REQUEST["replyto"], "no_error_quit" => true);
     $rest = array_merge($rest, $mailer_options);
     // test whether this mail is paper-sensitive
     $mailer = new HotCRPMailer($Me, null, $rest);
     $prep = $mailer->make_preparation($template, $rest);
     $paper_sensitive = preg_match('/%[A-Z0-9]+[(%]/', $prep->subject . $prep->body);
     $q = $this->recip->query($paper_sensitive);
     if (!$q) {
         return Conf::msg_error("Bad recipients value");
     $result = $Conf->qe($q);
     if (!$result) {
     $recipients = defval($_REQUEST, "recipients", "");
     if ($this->sending) {
         $q = "recipients='" . sqlq($recipients) . "', cc='" . sqlq($_REQUEST["cc"]) . "', replyto='" . sqlq($_REQUEST["replyto"]) . "', subject='" . sqlq($_REQUEST["subject"]) . "', emailBody='" . sqlq($_REQUEST["emailBody"]) . "'";
         if ($Conf->sversion >= 79) {
             $q .= ", q='" . sqlq($_REQUEST["q"]) . "', t='" . sqlq($_REQUEST["t"]) . "'";
         if ($log_result = Dbl::query_raw("insert into MailLog set {$q}")) {
             $this->mailid_text = " #" . $log_result->insert_id;
         $Me->log_activity("Sending mail{$this->mailid_text} \"{$subject}\"");
     } else {
         $rest["no_send"] = true;
     $mailer = new HotCRPMailer();
     $mailer->combination_type = $this->recip->combination_type($paper_sensitive);
     $fake_prep = new HotCRPMailPreparation();
     $fake_prep->fake = true;
     $last_prep = $fake_prep;
     $nrows_done = 0;
     $nrows_left = edb_nrows($result);
     $nwarnings = 0;
     $preperrors = array();
     $revinform = $recipients == "newpcrev" ? array() : null;
     while ($row = PaperInfo::fetch($result, $Me)) {
         $contact = new Contact($row);
         $rest["newrev_since"] = $this->recip->newrev_since;
         $mailer->reset($contact, $row, $rest);
         $prep = $mailer->make_preparation($template, $rest);
         if ($prep->errors) {
             foreach ($prep->errors as $lcfield => $hline) {
                 $reqfield = $lcfield == "reply-to" ? "replyto" : $lcfield;
                 $Error[$reqfield] = true;
                 $emsg = Mailer::$email_fields[$lcfield] . " destination isn’t a valid email list: <blockquote><tt>" . htmlspecialchars($hline) . "</tt></blockquote> Make sure email address are separated by commas; put names in \"quotes\" and email addresses in &lt;angle brackets&gt;.";
                 if (!isset($preperrors[$emsg])) {
                 $preperrors[$emsg] = true;
         } else {
             if ($this->process_prep($prep, $last_prep, $row)) {
                 if ((!$Me->privChair || @$Opt["chairHidePasswords"]) && !@$last_prep->sensitive) {
                     $srest = array_merge($rest, array("sensitivity" => "display"));
                     $mailer->reset($contact, $row, $srest);
                     $last_prep->sensitive = $mailer->make_preparation($template, $srest);
         if ($nwarnings != $mailer->nwarnings() || $nrows_done % 5 == 0) {
             $this->echo_mailinfo($nrows_done, $nrows_left);
         if ($nwarnings != $mailer->nwarnings()) {
             $nwarnings = $mailer->nwarnings();
             echo "<div id='foldmailwarn{$nwarnings}' class='hidden'><div class='warning'>", join("<br />", $mailer->warnings()), "</div></div>";
             $Conf->echoScript("\$\$('mailwarnings').innerHTML = \$\$('foldmailwarn{$nwarnings}').innerHTML;");
         if ($this->sending && $revinform !== null) {
             $revinform[] = "(paperId={$row->paperId} and contactId={$row->contactId})";
     $this->process_prep($fake_prep, $last_prep, (object) array("paperId" => -1));
     $this->echo_mailinfo($nrows_done, $nrows_left);
     if (!$this->started && !count($preperrors)) {
         return Conf::msg_error("No users match “" . $this->recip->unparse() . "” for that search.");
     } else {
         if (!$this->started) {
             return false;
         } else {
             if (!$this->sending) {
     if ($revinform) {
         $Conf->qe("update PaperReview set timeRequestNotified=" . time() . " where " . join(" or ", $revinform));
     echo "</div></form>";
     $Conf->echoScript("fold('mail', null);");
Exemplo n.º 15
 function sendAccountInfo($sendtype, $sensitive)
     global $Conf, $Opt;
     $rest = array();
     if ($sendtype == "create" && $this->prefer_contactdb_password()) {
         $template = "@activateaccount";
     } else {
         if ($sendtype == "create") {
             $template = "@createaccount";
         } else {
             if ($this->plaintext_password() && ($Opt["safePasswords"] <= 1 || $sendtype != "forgot")) {
                 $template = "@accountinfo";
             } else {
                 if ($this->contactDbId && $this->prefer_contactdb_password()) {
                     $capmgr = $Conf->capability_manager("U");
                 } else {
                     $capmgr = $Conf->capability_manager();
                 $rest["capability"] = $capmgr->create(CAPTYPE_RESETPASSWORD, array("user" => $this, "timeExpires" => time() + 259200));
                 $Conf->log("Created password reset " . substr($rest["capability"], 0, 8) . "...", $this);
                 $template = "@resetpassword";
     $mailer = new HotCRPMailer($this, null, $rest);
     $prep = $mailer->make_preparation($template, $rest);
     if ($prep->sendable || !$sensitive || get($Opt, "debugShowSensitiveEmail")) {
         return $template;
     } else {
         Conf::msg_error("Mail cannot be sent to " . htmlspecialchars($this->email) . " at this time.");
         return false;
Exemplo n.º 16
     unset($_REQUEST["fx"], $_REQUEST["fy"]);
     if ($field1) {
         $_REQUEST["fy"] = "avg(" . $field1->analyze()->abbreviation . ")";
     if ($field1 && $field2) {
         $_REQUEST["fx"] = "avg(" . $field2->analyze()->abbreviation . ")";
     } else {
         $_REQUEST["fx"] = "pid";
 $fg = null;
 if (@$_REQUEST["fx"] && @$_REQUEST["fy"]) {
     $fg = new FormulaGraph($_REQUEST["fx"], $_REQUEST["fy"]);
     if (count($fg->error_html)) {
         Conf::msg_error(join("<br/>", $fg->error_html));
 $queries = $styles = array();
 for ($i = 1; isset($_REQUEST["q{$i}"]); ++$i) {
     $q = trim($_REQUEST["q{$i}"]);
     $queries[] = $q === "" || $q === "(All)" ? "all" : $q;
     $styles[] = trim((string) @$_REQUEST["s{$i}"]);
 if (count($queries) == 0) {
     $queries[0] = "";
     $styles[0] = trim((string) @$_REQUEST["s0"]);
 while (count($queries) > 1 && $queries[count($queries) - 1] == $queries[count($queries) - 2]) {
Exemplo n.º 17
        $where[] = "action like " . Dbl::utf8ci("'%" . sqlq_for_like($m[0]) . "%'");
    $wheres[] = "(" . join(" or ", $where) . ")";
if (($count = cvtint(@$_REQUEST["n"])) <= 0) {
    Conf::msg_error("\"Show <i>n</i> records\" requires a number greater than 0.");
    $Eclass["n"] = " error";
    $count = $DEFAULT_COUNT;
$firstDate = false;
if ($_REQUEST["date"] == "") {
    $_REQUEST["date"] = "now";
if ($_REQUEST["date"] != "now" && isset($_REQUEST["search"])) {
    if (($firstDate = $Conf->parse_time($_REQUEST["date"])) === false) {
        Conf::msg_error("“" . htmlspecialchars($_REQUEST["date"]) . "” is not a valid date.");
        $Eclass["date"] = " error";
function searchbar()
    global $Conf, $Eclass, $page, $start, $count, $nrows, $maxNrows, $nlinks, $offset;
    echo Ht::form_div(hoturl("log"), array("method" => "get")), "<table id='searchform'><tr>\n  <td class='lxcaption", $Eclass['q'], "'>With <b>any</b> of the words</td>\n  <td class='lentry", $Eclass['q'], "'><input type='text' size='40' name='q' value=\"", htmlspecialchars(defval($_REQUEST, "q", "")), "\" /><span class='sep'></span></td>\n  <td rowspan='3'>", Ht::submit("search", "Search"), "</td>\n</tr><tr>\n  <td class='lxcaption", $Eclass['pap'], "'>Concerning paper(s)</td>\n  <td class='lentry", $Eclass['pap'], "'><input type='text' size='40' name='pap' value=\"", htmlspecialchars(defval($_REQUEST, "pap", "")), "\" /></td>\n</tr><tr>\n  <td class='lxcaption", $Eclass['acct'], "'>Concerning account(s)</td>\n  <td class='lentry'><input type='text' size='40' name='acct' value=\"", htmlspecialchars(defval($_REQUEST, "acct", "")), "\" /></td>\n</tr><tr>\n  <td class='lxcaption", $Eclass['n'], "'>Show</td>\n  <td class='lentry", $Eclass['n'], "'><input type='text' size='4' name='n' value=\"", htmlspecialchars($_REQUEST["n"]), "\" /> &nbsp;records at a time</td>\n</tr><tr>\n  <td class='lxcaption", $Eclass['date'], "'>Starting at</td>\n  <td class='lentry", $Eclass['date'], "'><input type='text' size='40' name='date' value=\"", htmlspecialchars($_REQUEST["date"]), "\" /></td>\n</tr></table></div></form>";
    if ($nrows > $count || $page > 1) {
        $urls = array();
        $_REQUEST["offset"] = $offset;
        foreach (array("q", "pap", "acct", "n", "offset") as $x) {
            if ($_REQUEST[$x]) {
                $urls[] = "{$x}=" . urlencode($_REQUEST[$x]);
                    $MergeError = "That password is incorrect.";
                } else {
                    if ($MiniMe->contactId == $Me->contactId) {
                        $Conf->confirmMsg("Accounts successfully merged.");
                    } else {
$Conf->header("Merge accounts", "mergeaccounts", actionBar());
if ($MergeError) {
} else {
    $Conf->infoMsg("You may have multiple accounts registered with the " . Conf::$gShortName . " conference; perhaps " . "multiple people asked you to review a paper using " . "different email addresses. " . "If you have been informed of multiple accounts, " . "enter the email address and the password " . "of the secondary account. This will merge all the information from " . "that account into this one. ");
echo "<form method='post' action=\"", hoturl_post("mergeaccounts"), "\" accept-charset='UTF-8'>\n";
// Try to prevent glasses interactions from screwing up merges
echo Ht::hidden("actas", $Me->contactId);

<table class='form'>

  <td class='caption'>Email</td>
  <td class='entry'><input type='text' name='email' size='50'
if (isset($_REQUEST["email"])) {
Exemplo n.º 19
function change_review_tokens()
    global $Conf, $Me;
    $cleared = $Me->change_review_token(false, false);
    $tokeninfo = array();
    foreach (preg_split('/\\s+/', $_REQUEST["token"]) as $x) {
        if ($x == "") {
            /* no complaints */
        } else {
            if (!($token = decode_token($x, "V"))) {
                Conf::msg_error("Invalid review token &ldquo;" . htmlspecialchars($x) . "&rdquo;.  Check your typing and try again.");
            } else {
                if ($Conf->session("rev_token_fail", 0) >= 5) {
                    Conf::msg_error("Too many failed attempts to use a review token.  <a href='" . hoturl("index", "signout=1") . "'>Sign out</a> and in to try again.");
                } else {
                    $result = Dbl::qe("select paperId from PaperReview where reviewToken=" . $token);
                    if ($row = edb_row($result)) {
                        $tokeninfo[] = "Review token “" . htmlspecialchars($x) . "” lets you review <a href='" . hoturl("paper", "p={$row['0']}") . "'>paper #" . $row[0] . "</a>.";
                        $Me->change_review_token($token, true);
                    } else {
                        Conf::msg_error("Review token “" . htmlspecialchars($x) . "” hasn’t been assigned.");
                        $nfail = $Conf->session("rev_token_fail", 0) + 1;
                        $Conf->save_session("rev_token_fail", $nfail);
    if ($cleared && !count($tokeninfo)) {
        $tokeninfo[] = "Review tokens cleared.";
    if (count($tokeninfo)) {
        $Conf->infoMsg(join("<br />\n", $tokeninfo));
Exemplo n.º 20
if (isset($_GET["upload"]) && check_post() && (isset($_POST["bulkentry"]) && $_POST["bulkentry"] || fileUploaded($_FILES["bulk"]))) {
    while (@ob_end_flush()) {
        /* do nothing */
    if (fileUploaded($_FILES["bulk"])) {
        $text = file_get_contents($_FILES["bulk"]["tmp_name"]);
        $filename = $_FILES["bulk"]["name"];
    } else {
        $text = $_POST["bulkentry"];
        $filename = "";
    if ($text === false) {
        Conf::msg_error("Internal error: cannot read file.");
    } else {
        $assignset = new AssignmentSet($Me, false);
        $defaults = assignment_defaults();
        $text = convert_to_utf8($text);
        $assignset->parse($text, $filename, $defaults, "keep_browser_alive");
        if ($assignset->has_errors()) {
        } else {
            if ($assignset->is_empty()) {
                $Conf->warnMsg("That assignment file makes no changes.");
            } else {
                $atype = $assignset->type_description();
                echo '<h3>Proposed ', $atype ? $atype . " " : "", 'assignment</h3>';
                $Conf->infoMsg("Select “Apply changes” if this looks OK. (You can always alter the assignment afterwards.)");
Exemplo n.º 21
 static function call($name, $subname, Contact $user, $qreq, $selection)
     $uf = null;
     if (isset(self::$byname[$name])) {
         $ufm = self::$byname[$name];
         if ((string) $subname !== "" && isset($ufm[$subname])) {
             $uf = $ufm[$subname];
         } else {
             if (isset($ufm[""])) {
                 $uf = $ufm[""];
     if (is_array($selection)) {
         $selection = new SearchSelection($selection);
     if (!$uf) {
         $error = "No such search action.";
     } else {
         if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
             $error = "Missing credentials.";
         } else {
             if ($uf[1] & SiteLoader::API_PAPER && $selection->is_empty()) {
                 $error = "No papers selected.";
             } else {
                 if (!$uf[0]->allow($user)) {
                     $error = "Permission error.";
                 } else {
                     $error = $uf[0]->run($user, $qreq, $selection);
     if (is_string($error) && $qreq->ajax) {
         json_exit(["ok" => false, "error" => $error]);
     } else {
         if (is_string($error)) {
     return $error;
Exemplo n.º 22
function update_paper($pj, $opj, $qreq, $action, $diffs)
    global $Conf, $Me, $Opt, $OK, $Error, $prow;
    // XXX lock tables
    $ps = new PaperStatus($Me);
    $saved = $ps->save_paper_json($pj);
    if (!$saved && !$prow && count($qreq->_FILES)) {
        $ps->set_error_html("paper", "<strong>Your uploaded files were ignored.</strong>");
    if (!get($pj, "collaborators") && $Conf->setting("sub_collab")) {
        $field = $Conf->setting("sub_pcconf") ? "Other conflicts" : "Potential conflicts";
        $ps->set_warning_html("collaborators", "Please enter the authors’ potential conflicts in the {$field} field. If none of the authors have potential conflicts, just enter “None”.");
    $Error = $ps->error_fields();
    if (!$saved) {
        $emsg = $ps->error_html();
        Conf::msg_error("There were errors in saving your paper. Please fix them and try again." . (count($emsg) ? "<ul><li>" . join("</li><li>", $emsg) . "</li></ul>" : ""));
        return false;
    // note differences in contacts
    $contacts = $ocontacts = [];
    foreach (get($pj, "contacts", []) as $v) {
        $contacts[] = strtolower(is_string($v) ? $v : $v->email);
    if ($opj && get($opj, "contacts")) {
        foreach ($opj->contacts as $v) {
            $ocontacts[] = strtolower($v->email);
    if (json_encode($contacts) !== json_encode($ocontacts)) {
        $diffs["contacts"] = true;
    // submit paper if no error so far
    $_REQUEST["paperId"] = $_GET["paperId"] = $qreq->paperId = $pj->pid;
    if ($action === "final") {
        $submitkey = "timeFinalSubmitted";
        $storekey = "finalPaperStorageId";
    } else {
        $submitkey = "timeSubmitted";
        $storekey = "paperStorageId";
    $wasSubmitted = $opj && get($opj, "submitted");
    if (get($pj, "submitted") || $Conf->can_pc_see_all_submissions()) {
    if ($wasSubmitted != get($pj, "submitted")) {
        $diffs["submission"] = 1;
    // confirmation message
    if ($action == "final") {
        $actiontext = "Updated final version of";
        $template = "@submitfinalpaper";
    } else {
        if (get($pj, "submitted") && !$wasSubmitted) {
            $actiontext = "Submitted";
            $template = "@submitpaper";
        } else {
            if (!$opj) {
                $actiontext = "Registered new";
                $template = "@registerpaper";
            } else {
                $actiontext = "Updated";
                $template = "@updatepaper";
    // additional information
    $notes = array();
    if ($action == "final") {
        if ($prow->{$submitkey} === null || $prow->{$submitkey} <= 0) {
            $notes[] = "The final version has not yet been submitted.";
        $deadline = $Conf->printableTimeSetting("final_soft", "span");
        if ($deadline != "N/A" && $Conf->deadlinesAfter("final_soft")) {
            $notes[] = "<strong>The deadline for submitting final versions was {$deadline}.</strong>";
        } else {
            if ($deadline != "N/A") {
                $notes[] = "You have until {$deadline} to make further changes.";
    } else {
        if (get($pj, "submitted")) {
            $notes[] = "You will receive email when reviews are available.";
        } else {
            if ($prow->size == 0 && !opt("noPapers")) {
                $notes[] = "The submission has not yet been uploaded.";
            } else {
                if ($Conf->setting("sub_freeze") > 0) {
                    $notes[] = "The submission has not yet been completed.";
                } else {
                    $notes[] = "The submission is marked as not ready for review.";
        $deadline = $Conf->printableTimeSetting("sub_update", "span");
        if ($deadline != "N/A" && ($prow->timeSubmitted <= 0 || $Conf->setting("sub_freeze") <= 0)) {
            $notes[] = "Further updates are allowed until {$deadline}.";
        $deadline = $Conf->printableTimeSetting("sub_sub", "span");
        if ($deadline != "N/A" && $prow->timeSubmitted <= 0) {
            $notes[] = "<strong>If the submission " . ($Conf->setting("sub_freeze") > 0 ? "is not completed" : "is not ready for review") . " by {$deadline}, it will not be considered.</strong>";
    $notes = join(" ", $notes);
    $webnotes = "";
    if (count($ps->error_html())) {
        $webnotes .= " <ul><li>" . join("</li><li>", $ps->error_html()) . "</li></ul>";
    if (!count($diffs)) {
        $Conf->warnMsg("There were no changes to submission #{$prow->paperId}. " . $notes . $webnotes);
        return true;
    // HTML confirmation
    if ($prow->{$submitkey} > 0) {
        $Conf->confirmMsg($actiontext . " submission #{$prow->paperId}. " . $notes . $webnotes);
    } else {
        $Conf->warnMsg($actiontext . " submission #{$prow->paperId}. " . $notes . $webnotes);
    // mail confirmation to all contact authors
    if (!$Me->privChair || $qreq->doemail > 0) {
        $options = array("infoNames" => 1);
        if ($Me->privChair && $prow->conflictType < CONFLICT_AUTHOR) {
            $options["adminupdate"] = true;
        if ($Me->privChair && isset($qreq->emailNote)) {
            $options["reason"] = $qreq->emailNote;
        if ($notes !== "") {
            $options["notes"] = preg_replace(",</?(?:span.*?|strong)>,", "", $notes) . "\n\n";
        HotCRPMailer::send_contacts($template, $prow, $options);
    // other mail confirmations
    if ($action == "final" && $OK && !count($Error)) {
        $prow->notify(WATCHTYPE_FINAL_SUBMIT, "final_submit_watch_callback", $Me);
    $Me->log_activity($actiontext, $prow->paperId);
    return true;
Exemplo n.º 23
function requestReview($email)
    global $Conf, $Me, $Error, $prow;
    $Them = Contact::create(array("name" => @$_REQUEST["name"], "email" => $email));
    if (!$Them) {
        if (trim($email) === "" || !validate_email($email)) {
            Conf::msg_error("“" . htmlspecialchars(trim($email)) . "” is not a valid email address.");
            $Error["email"] = true;
        } else {
            Conf::msg_error("Error while finding account for “" . htmlspecialchars(trim($email)) . ".”");
        return false;
    $reason = trim(defval($_REQUEST, "reason", ""));
    $round = $Conf->current_round();
    if (isset($_REQUEST["round"]) && $_REQUEST["round"] != "" && ($rname = $Conf->sanitize_round_name($_REQUEST["round"])) !== false) {
        $round = $Conf->round_number($rname, false);
    // look up the requester
    $Requester = $Me;
    if ($Conf->setting("extrev_chairreq")) {
        $result = Dbl::qe("select firstName, lastName, u.email, u.contactId from ReviewRequest rr join ContactInfo u on (u.contactId=rr.requestedBy) where paperId={$prow->paperId} and rr.email=?", $Them->email);
        if ($result && ($recorded_requester = Contact::fetch($result))) {
            $Requester = $recorded_requester;
    Dbl::qe_raw("lock tables PaperReview write, PaperReviewRefused write, ReviewRequest write, ContactInfo read, PaperConflict read, ActionLog write");
    // NB caller unlocks tables on error
    // check for outstanding review request
    if (!($result = requestReviewChecks(Text::user_html($Them), $Them->contactId))) {
        return $result;
    // at this point, we think we've succeeded.
    // store the review request
    $Me->assign_review($prow->paperId, $Them->contactId, REVIEW_EXTERNAL, ["mark_notify" => true, "requester_contact" => $Requester, "requested_email" => $Them->email, "round_number" => $round]);
    Dbl::qx_raw("unlock tables");
    // send confirmation email
    HotCRPMailer::send_to($Them, "@requestreview", $prow, array("requester_contact" => $Requester, "other_contact" => $Requester, "reason" => $reason));
    $Conf->confirmMsg("Created a request to review paper #{$prow->paperId}.");
    return true;
Exemplo n.º 24
 function make_preparation($template, $rest = array())
     global $Conf, $Opt;
     // look up template
     if (is_string($template) && $template[0] == "@") {
         $template = self::get_template(substr($template, 1));
     // add rest fields to template for expansion
     foreach (self::$email_fields as $lcfield => $field) {
         if (isset($rest[$lcfield])) {
             $template[$lcfield] = $rest[$lcfield];
     // expand the template
     $prep = $this->preparation = $this->create_preparation();
     $m = $this->expand($template);
     $this->preparation = null;
     $subject = MimeText::encode_header("Subject: ", $m["subject"]);
     $prep->subject = substr($subject, 9);
     $prep->body = $m["body"];
     // look up recipient; use preferredEmail if set
     $recipient = $this->recipient;
     if (!$recipient || !$recipient->email) {
         return Conf::msg_error("no email in Mailer::send");
     if (get($recipient, "preferredEmail")) {
         $recipient = (object) array("email" => $recipient->preferredEmail);
         foreach (array("firstName", "lastName", "name", "fullName") as $k) {
             if (get($this->recipient, $k)) {
                 $recipient->{$k} = $this->recipient->{$k};
     $prep->to = array(Text::user_email_to($recipient));
     $m["to"] = $prep->to[0];
     $prep->sendable = self::allow_send($recipient->email);
     // parse headers
     if (!get($Opt, "emailFromHeader")) {
         $Opt["emailFromHeader"] = MimeText::encode_email_header("From: ", $Opt["emailFrom"]);
     $prep->headers = array("from" => $Opt["emailFromHeader"] . MAILER_EOL, "subject" => $subject . MAILER_EOL, "to" => "");
     foreach (self::$email_fields as $lcfield => $field) {
         if (($text = get_s($m, $lcfield)) !== "" && $text !== "<none>") {
             if ($hdr = MimeText::encode_email_header($field . ": ", $text)) {
                 $prep->headers[$lcfield] = $hdr . MAILER_EOL;
             } else {
                 $prep->errors[$lcfield] = $text;
                 if (!get($rest, "no_error_quit")) {
                     Conf::msg_error("{$field} destination “<samp>" . htmlspecialchars($text) . "</samp>” isn't a valid email list.");
     $prep->headers["mime-version"] = "MIME-Version: 1.0" . MAILER_EOL;
     $prep->headers["content-type"] = "Content-Type: text/plain; charset=utf-8" . MAILER_EOL;
     if ($prep->errors && !get($rest, "no_error_quit")) {
         return false;
     } else {
         return $prep;
Exemplo n.º 25
 private static function create_account($user, $cdb_user)
     global $Conf, $email_class;
     // check for errors
     if ($user && $user->has_database_account() && $user->activity_at > 0) {
         $email_class = " error";
         return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . ". To retrieve your password, select “I forgot my password.”");
     } else {
         if ($cdb_user && $cdb_user->allow_contactdb_password() && $cdb_user->activity_at > 0) {
             $desc = opt("contactdb_description") ?: "HotCRP";
             $email_class = " error";
             return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . " on {$desc}. Sign in using your {$desc} password or select “I forgot my password.”");
         } else {
             if (!validate_email($_REQUEST["email"])) {
                 $email_class = " error";
                 return Conf::msg_error("“" . htmlspecialchars($_REQUEST["email"]) . "” is not a valid email address.");
     // create database account
     if (!$user || !$user->has_database_account()) {
         if (!($user = Contact::create($Conf, Contact::safe_registration($_REQUEST)))) {
             return Conf::msg_error($Conf->db_error_html(true, "while adding your account"));
     $user->sendAccountInfo("create", true);
     $msg = "Successfully created an account for " . htmlspecialchars($_REQUEST["email"]) . ".";
     // handle setup phase
     if ($Conf->setting("setupPhase", false)) {
         return self::first_user($user, $msg);
     if (Mailer::allow_send($user->email)) {
         $msg .= " A password has been emailed to you.  Return here when you receive it to complete the registration process.  If you don’t receive the email, check your spam folders and verify that you entered the correct address.";
     } else {
         if (opt("sendEmail")) {
             $msg .= " The email address you provided seems invalid.";
         } else {
             $msg .= " The conference system is not set up to mail passwords at this time.";
         $msg .= " Although an account was created for you, you need help to retrieve your password. Contact " . Text::user_html($Conf->site_contact()) . ".";
     if (isset($_REQUEST["password"]) && trim($_REQUEST["password"]) != "") {
         $msg .= " Note that the password you supplied on the login screen was ignored.";
     return null;
Exemplo n.º 26
        $Conf->qe("insert into PaperConflict (paperId, contactId, conflictType) values " . substr($ins, 2) . " on duplicate key update conflictType=greatest(conflictType,values(conflictType))");
    if ($del) {
        $Conf->qe("delete from PaperConflict where contactId={$reviewer} and (" . substr($del, 4) . ")");
    if ($Conf->setting("pcrev_assigntime") == $Now) {
        $Conf->confirmMsg("Assignments saved! You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>.");
    redirectSelf(["kind" => $qreq->kind]);
if ($qreq->update && $reviewer > 0 && check_post()) {
    saveAssignments($qreq, $reviewer);
} else {
    if ($qreq->update) {
        Conf::msg_error("You need to select a reviewer.");
$Conf->header("Assignments &nbsp;&#x2215;&nbsp; <strong>Manual</strong>", "assignpc", actionBar());
echo '<div class="psmode">', '<div class="papmode"><a href="', hoturl("autoassign"), '">Automatic</a></div>', '<div class="papmodex"><a href="', hoturl("manualassign"), '">Manual</a></div>', '<div class="papmode"><a href="', hoturl("bulkassign"), '">Bulk update</a></div>', '</div><hr class="c" />';
// Help list
echo "<div class='helpside'><div class='helpinside'>\nAssignment methods:\n<ul><li><a href='", hoturl("autoassign"), "'>Automatic</a></li>\n <li><a href='", hoturl("manualassign"), "' class='q'><strong>Manual by PC member</strong></a></li>\n <li><a href='", hoturl("assign"), "'>Manual by paper</a></li>\n <li><a href='", hoturl("bulkassign"), "'>Bulk update</a></li>\n</ul>\n<hr class='hr' />\n";
if ($qreq->kind == "a") {
    echo "Types of PC review:\n<dl><dt>" . review_type_icon(REVIEW_PRIMARY) . " Primary</dt><dd>Mandatory, may not be delegated</dd>\n  <dt>" . review_type_icon(REVIEW_SECONDARY) . " Secondary</dt><dd>Mandatory, may be delegated to external reviewers</dd>\n  <dt>" . review_type_icon(REVIEW_PC) . " Optional</dt><dd>May be declined</dd></dl>\n<hr class='hr' />\n";
echo "<dl><dt>Potential conflicts</dt><dd>Matches between PC member collaborators and paper authors, or between PC member and paper authors or collaborators</dd>\n";
if ($qreq->kind == "a") {
    echo "<dt>Preference</dt><dd><a href='", hoturl("reviewprefs"), "'>Review preference</a></dd>\n  <dt>Topic score</dt><dd>+4 per high interest paper topic, &minus;2 per low interest paper topic</dd>\n  <dt>Desirability</dt><dd>High values mean many PC members want to review the paper</dd>\n";
echo "</dl>\nClick a heading to sort.\n</div></div>";
if ($reviewer > 0) {
Exemplo n.º 27
 function run(Contact $user, $qreq, $ssel)
     global $Conf;
     $mt = $qreq->assignfn;
     $mpc = (string) $qreq->markpc;
     $pc = null;
     if ($mpc != "" && $mpc != "0") {
         $pc = Contact::find_by_email($mpc);
     if ($mt == "auto") {
         $t = in_array($qreq->t, array("acc", "s")) ? $qreq->t : "all";
         $q = join("+", $ssel->selection());
         go(hoturl("autoassign", "pap={$q}&t={$t}&q={$q}"));
     } else {
         if ($mt == "lead" || $mt == "shepherd") {
             if ($user->assign_paper_pc($ssel->selection(), $mt, $pc)) {
                 $Conf->confirmMsg(ucfirst(pluralx($ssel->selection(), $mt)) . " set.");
             } else {
                 if ($OK) {
                     $Conf->confirmMsg("No changes.");
         } else {
             if (!$pc) {
                 Conf::msg_error("“" . htmlspecialchars($mpc) . "” is not a PC member.");
             } else {
                 if ($mt == "conflict" || $mt == "unconflict") {
                     if ($mt == "conflict") {
                         Dbl::qe("insert into PaperConflict (paperId, contactId, conflictType) (select paperId, ?, ? from Paper where paperId" . $ssel->sql_predicate() . ") on duplicate key update conflictType=greatest(conflictType, values(conflictType))", $pc->contactId, CONFLICT_CHAIRMARK);
                         $user->log_activity("Mark conflicts with {$mpc}", $ssel->selection());
                     } else {
                         Dbl::qe("delete from PaperConflict where PaperConflict.conflictType<? and contactId=? and (paperId" . $ssel->sql_predicate() . ")", CONFLICT_AUTHOR, $pc->contactId);
                         $user->log_activity("Remove conflicts with {$mpc}", $ssel->selection());
                 } else {
                     if (substr($mt, 0, 6) == "assign" && ($asstype = substr($mt, 6)) && isset(ReviewForm::$revtype_names[$asstype])) {
                         Dbl::qe_raw("lock tables PaperConflict write, PaperReview write, PaperReviewRefused write, Paper write, ActionLog write, Settings write");
                         $result = Dbl::qe_raw("select Paper.paperId, reviewId, reviewType, reviewModified, conflictType from Paper left join PaperReview on (Paper.paperId=PaperReview.paperId and PaperReview.contactId=" . $pc->contactId . ") left join PaperConflict on (Paper.paperId=PaperConflict.paperId and PaperConflict.contactId=" . $pc->contactId . ") where Paper.paperId" . $ssel->sql_predicate());
                         $conflicts = array();
                         $assigned = array();
                         $nworked = 0;
                         while ($row = PaperInfo::fetch($result, $user)) {
                             if ($asstype && $row->conflictType > 0) {
                                 $conflicts[] = $row->paperId;
                             } else {
                                 if ($asstype && $row->reviewType >= REVIEW_PC && $asstype != $row->reviewType) {
                                     $assigned[] = $row->paperId;
                                 } else {
                                     $user->assign_review($row->paperId, $pc->contactId, $asstype);
                         if (count($conflicts)) {
                             Conf::msg_error("Some papers were not assigned because of conflicts (" . join(", ", $conflicts) . ").  If these conflicts are in error, remove them and try to assign again.");
                         if (count($assigned)) {
                             Conf::msg_error("Some papers were not assigned because the PC member already had an assignment (" . join(", ", $assigned) . ").");
                         if ($nworked) {
                             $Conf->confirmMsg($asstype == 0 ? "Unassigned reviews." : "Assigned reviews.");
                         Dbl::qe_raw("unlock tables");
Exemplo n.º 28
function make_qreq()
    $qreq = new Qobject();
    foreach ($_GET as $k => $v) {
        $qreq[$k] = $v;
    foreach ($_POST as $k => $v) {
        $qreq[$k] = $v;
    // $_FILES requires special processing since we want error messages.
    $qreq->_FILES = new Qobject();
    $errors = [];
    foreach ($_FILES as $f => $finfo) {
        if (($e = $finfo["error"]) == UPLOAD_ERR_OK) {
            if (is_uploaded_file($finfo["tmp_name"])) {
                $qreq->_FILES[$f] = $finfo;
        } else {
            if ($err = uploaded_file_error($finfo)) {
                $errors[] = $err;
    if (count($errors) && Conf::$g) {
        Conf::msg_error("<div class=\"parseerr\"><p>" . join("</p>\n<p>", $errors) . "</p></div>");
    return $qreq;
Exemplo n.º 29
    error_go(false, "That password reset code refers to a user who no longer exists. Either create a new account or contact the conference administrator.");
// don't show information about the current user, if there is one
$Me = new Contact();
$password_class = "";
if (isset($_POST["go"]) && check_post()) {
    $_POST["password"] = trim(get_s($_POST, "password"));
    $_POST["password2"] = trim(get_s($_POST, "password2"));
    if ($_POST["password"] == "") {
        Conf::msg_error("You must enter a password.");
    } else {
        if ($_POST["password"] !== $_POST["password2"]) {
            Conf::msg_error("The two passwords you entered did not match.");
        } else {
            if (!Contact::valid_password($_POST["password"])) {
                Conf::msg_error("Invalid password.");
            } else {
                $flags = 0;
                if ($_POST["password"] === get($_POST, "autopassword")) {
                    $flags |= Contact::CHANGE_PASSWORD_PLAINTEXT;
                $Acct->change_password(null, $_POST["password"], $flags);
                if (!$iscdb || !($log_acct = $Conf->user_by_email($Acct->email))) {
                    $log_acct = $Acct;
                $log_acct->log_activity("Password reset via " . substr($resetcap, 0, 8) . "...");
                $Conf->confirmMsg("Your password has been changed. You may now sign in to the conference site.");
                $Conf->save_session("password_reset", (object) array("time" => $Now, "email" => $Acct->email, "password" => $_POST["password"]));
Exemplo n.º 30
 public function report()
     $msgs = array();
     $any_errors = false;
     foreach ($this->errmsg as $m) {
         if ($m && $m !== true && $m !== 1) {
             $msgs[] = $any_errors = $m;
     foreach ($this->warnmsg as $m) {
         if ($m && $m !== true && $m !== 1) {
             $msgs[] = "Warning: " . $m;
     $mt = '<div class="multimessage"><div>' . join('</div><div>', $msgs) . '</div></div>';
     if (count($msgs) && $any_errors) {
     } else {
         if (count($msgs)) {
     $this->warnings_reported = true;