if (!isset($_REQUEST["subject"])) {
$_REQUEST["subject"] = $null_mailer->expand($mailTemplates["genericmailtool"]["subject"]);
}
if (!isset($_REQUEST["emailBody"])) {
$_REQUEST["emailBody"] = $null_mailer->expand($mailTemplates["genericmailtool"]["body"]);
}
if (substr($_REQUEST["subject"], 0, strlen($subjectPrefix)) == $subjectPrefix) {
$_REQUEST["subject"] = substr($_REQUEST["subject"], strlen($subjectPrefix));
}
if (isset($_REQUEST["cc"]) && $Me->privChair) {
$_REQUEST["cc"] = simplify_whitespace($_REQUEST["cc"]);
} else {
if (isset($Opt["emailCc"])) {
$_REQUEST["cc"] = $Opt["emailCc"] ? $Opt["emailCc"] : "";
} else {
$_REQUEST["cc"] = Text::user_email_to(Contact::site_contact());
}
}
if (isset($_REQUEST["replyto"]) && $Me->privChair) {
$_REQUEST["replyto"] = simplify_whitespace($_REQUEST["replyto"]);
} else {
$_REQUEST["replyto"] = defval($Opt, "emailReplyTo", "");
}
// Check or send
if (defval($_REQUEST, "loadtmpl") || defval($_REQUEST, "cancel") || defval($_REQUEST, "psearch")) {
/* do nothing */
} else {
if (defval($_REQUEST, "send") && !$recip->error && check_post()) {
MailSender::send($recip);
} else {
if ((@$_REQUEST["check"] || @$_REQUEST["group"] || @$_REQUEST["ungroup"]) && !$recip->error && check_post()) {
<?php
// assign.php -- HotCRP per-paper assignment/conflict management page
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "src/initweb.php";
require_once "src/papertable.php";
require_once "src/reviewtable.php";
if ($Me->is_empty()) {
$Me->escape();
}
$Me->set_forceShow(true);
$Error = array();
// ensure site contact exists before locking tables
Contact::site_contact();
// header
function confHeader()
{
global $paperTable;
PaperTable::do_header($paperTable, "assign", "assign");
}
function errorMsgExit($msg)
{
confHeader();
$msg && Conf::msg_error($msg);
Conf::$g->footer();
exit;
}
// grab paper row
function loadRows()
{
function expandvar($what, $isbool = false)
{
global $Opt;
$len = strlen($what);
// generic expansions: OPT, URLENC
if ($len > 7 && substr($what, 0, 5) == "%OPT(" && substr($what, $len - 2) == ")%") {
$inner = "%" . substr($what, 5, $len - 7) . "%";
$yes = $this->expandvar($inner, true);
if ($isbool) {
return $yes;
} else {
if ($yes) {
return $this->expandvar($inner, false);
} else {
return $yes === null ? $what : "";
}
}
}
if ($len > 10 && substr($what, 0, 8) == "%URLENC(" && substr($what, $len - 2) == ")%") {
$inner = "%" . substr($what, 8, $len - 10) . "%";
$yes = $this->expandvar($inner, true);
if ($isbool) {
return $yes;
} else {
if ($yes) {
return urlencode($this->expandvar($inner, false));
} else {
return $yes === null ? $what : "";
}
}
}
// expansions that do not require a recipient
if ($what == "%CONFNAME%") {
$t = Conf::$gLongName;
if (Conf::$gShortName && Conf::$gShortName != Conf::$gLongName) {
$t .= " (" . Conf::$gShortName . ")";
}
return $t;
}
if ($what == "%CONFSHORTNAME%") {
return Conf::$gShortName;
}
if ($what == "%CONFLONGNAME%") {
return Conf::$gLongName;
}
if ($what == "%SIGNATURE%") {
return get($Opt, "emailSignature") ?: "- " . Conf::$gShortName . " Submissions";
}
if ($what == "%ADMIN%" || $what == "%SITECONTACT%") {
return $this->expand_user(Contact::site_contact(), "CONTACT");
}
if ($what == "%ADMINNAME%") {
return $this->expand_user(Contact::site_contact(), "NAME");
}
if ($what == "%ADMINEMAIL%" || $what == "%SITEEMAIL%") {
return $this->expand_user(Contact::site_contact(), "EMAIL");
}
if ($what == "%URL%") {
return $Opt["paperSite"];
} else {
if ($len > 7 && substr($what, 0, 5) == "%URL(" && substr($what, $len - 2) == ")%") {
$a = preg_split('/\\s*,\\s*/', substr($what, 5, $len - 7));
for ($i = 0; $i < count($a); ++$i) {
$a[$i] = $this->expand($a[$i], "urlpart");
$a[$i] = preg_replace('/\\&(?=\\&|\\z)/', "", $a[$i]);
}
return hoturl_absolute_nodefaults($a[0], isset($a[1]) ? $a[1] : "");
}
}
if ($what == "%PHP%") {
return Navigation::php_suffix();
}
if (preg_match('/\\A%(CONTACT|NAME|EMAIL|FIRST|LAST)%\\z/', $what, $m)) {
if ($this->recipient) {
if ($this->preparation) {
$this->preparation->preparation_owner = $this->recipient->email;
}
return $this->expand_user($this->recipient, $m[1]);
} else {
if ($isbool) {
return false;
}
}
}
if ($what == "%LOGINNOTICE%") {
if (get($Opt, "disableCapabilities")) {
return $this->expand(get($Opt, "mailtool_loginNotice", " To sign in, either click the link below or paste it into your web browser's location field.\n\n%LOGINURL%"), $isbool);
} else {
return "";
}
}
if ($what == "%REASON%" || $what == "%ADMINUPDATE%" || $what == "%NOTES%") {
$which = strtolower(substr($what, 1, strlen($what) - 2));
$value = $this->{$which};
if ($value === null && !$this->recipient) {
return $isbool ? null : $what;
} else {
if ($what == "%ADMINUPDATE%") {
return $value ? "An administrator performed this update. " : "";
} else {
return $value === null ? "" : $value;
}
}
}
$result = $this->expandvar_generic($what, $isbool);
if ($result !== self::EXPANDVAR_CONTINUE) {
return $result;
}
// exit if no recipient
$external_password = isset($Opt["ldapLogin"]) || isset($Opt["httpAuthLogin"]);
if (!$this->recipient) {
if ($isbool && $what == "%PASSWORD%" && $external_password) {
return false;
} else {
return $isbool ? null : $what;
}
}
// expansions that require a recipient
if ($what == "%LOGINURL%" || $what == "%LOGINURLPARTS%" || $what == "%PASSWORD%") {
$password = false;
if (!$external_password) {
$pwd_plaintext = $this->recipient->plaintext_password();
if ($pwd_plaintext && !$this->sensitivity) {
$password = $pwd_plaintext;
} else {
if ($pwd_plaintext && $this->sensitivity === "display") {
$password = "******";
}
}
}
$loginparts = "";
if (!isset($Opt["httpAuthLogin"])) {
$loginparts = "email=" . urlencode($this->recipient->email);
if ($password) {
$loginparts .= "&password="******"%LOGINURL%") {
return $Opt["paperSite"] . ($loginparts ? "/?" . $loginparts : "/");
} else {
if ($what == "%LOGINURLPARTS%") {
return $loginparts;
} else {
return $isbool || $password ? $password : "";
}
}
}
if ($what == "%CAPABILITY%") {
return $isbool || $this->capability ? $this->capability : "";
}
$result = $this->expandvar_recipient($what, $isbool);
if ($result !== self::EXPANDVAR_CONTINUE) {
return $result;
}
// fallback
if ($isbool) {
return false;
} else {
$this->_unexpanded[$what] = true;
return $what;
}
}
function admin_home_messages()
{
global $Opt, $Conf;
$m = array();
$errmarker = "<span class=\"error\">Error:</span> ";
if (preg_match("/^(?:[1-4]\\.|5\\.[012])/", phpversion())) {
$m[] = $errmarker . "HotCRP requires PHP version 5.3 or higher. You are running PHP version " . htmlspecialchars(phpversion()) . ".";
}
if (get_magic_quotes_gpc()) {
$m[] = $errmarker . "The PHP <code>magic_quotes_gpc</code> feature is on, which is a bad idea. Check that your Web server is using HotCRP’s <code>.htaccess</code> file. You may also want to disable <code>magic_quotes_gpc</code> in your <code>php.ini</code> configuration file.";
}
if (get_magic_quotes_runtime()) {
$m[] = $errmarker . "The PHP <code>magic_quotes_runtime</code> feature is on, which is a bad idea. Check that your Web server is using HotCRP’s <code>.htaccess</code> file. You may also want to disable <code>magic_quotes_runtime</code> in your <code>php.ini</code> configuration file.";
}
if (defined("JSON_HOTCRP")) {
$m[] = "Your PHP was built without JSON functionality. HotCRP is using its built-in replacements; the native functions would be faster.";
}
if ((int) $Opt["globalSessionLifetime"] < $Opt["sessionLifetime"]) {
$m[] = "PHP’s systemwide <code>session.gc_maxlifetime</code> setting, which is " . htmlspecialchars($Opt["globalSessionLifetime"]) . " seconds, is less than HotCRP’s preferred session expiration time, which is " . $Opt["sessionLifetime"] . " seconds. You should update <code>session.gc_maxlifetime</code> in the <code>php.ini</code> file or users may be booted off the system earlier than you expect.";
}
if (!function_exists("imagecreate")) {
$m[] = $errmarker . "This PHP installation lacks support for the GD library, so HotCRP cannot generate score charts (as backup for browsers that don’t support <canvas>). You should update your PHP installation. For example, on Ubuntu Linux, install the <code>php5-gd</code> package.";
}
$result = $Conf->qx("show variables like 'max_allowed_packet'");
$max_file_size = ini_get_bytes("upload_max_filesize");
if (($row = edb_row($result)) && $row[1] < $max_file_size && !@$Opt["dbNoPapers"]) {
$m[] = $errmarker . "MySQL’s <code>max_allowed_packet</code> setting, which is " . htmlspecialchars($row[1]) . " bytes, is less than the PHP upload file limit, which is {$max_file_size} bytes. You should update <code>max_allowed_packet</code> in the system-wide <code>my.cnf</code> file or the system may not be able to handle large papers.";
}
// Conference names
if (@$Opt["shortNameDefaulted"]) {
$m[] = "<a href=\"" . hoturl("settings", "group=msg") . "\">Set the conference abbreviation</a> to a short name for your conference, such as “OSDI ’14”.";
} else {
if (simplify_whitespace($Opt["shortName"]) != $Opt["shortName"]) {
$m[] = "The <a href=\"" . hoturl("settings", "group=msg") . "\">conference abbreviation</a> setting has a funny value. To fix it, remove leading and trailing spaces, use only space characters (no tabs or newlines), and make sure words are separated by single spaces (never two or more).";
}
}
$site_contact = Contact::site_contact();
if (!$site_contact->email || $site_contact->email == "*****@*****.**") {
$m[] = "<a href=\"" . hoturl("settings", "group=msg") . "\">Set the conference contact’s name and email</a> so submitters can reach someone if things go wrong.";
}
// Backwards compatibility
if (@$Conf->setting_data("clickthrough_submit")) {
// delete 12/2014
$m[] = "You need to recreate the <a href=\"" . hoturl("settings", "group=msg") . "\">clickthrough submission terms</a>.";
}
// Weird URLs?
foreach (array("conferenceSite", "paperSite") as $k) {
if (isset($Opt[$k]) && $Opt[$k] && !preg_match('`\\Ahttps?://(?:[-.~\\w:/?#\\[\\]@!$&\'()*+,;=]|%[0-9a-fA-F][0-9a-fA-F])*\\z`', $Opt[$k])) {
$m[] = $errmarker . "The <code>\$Opt[\"{$k}\"]</code> setting, ‘<code>" . htmlspecialchars($Opt[$k]) . "</code>’, is not a valid URL. Edit the <code>conf/options.php</code> file to fix this problem.";
}
}
// Double-encoding bugs found?
if ($Conf->setting("bug_doubleencoding")) {
$m[] = "Double-encoded URLs have been detected. Incorrect uses of Apache’s <code>mod_rewrite</code>, and other middleware, can encode URL parameters twice. This can cause problems, for instance when users log in via links in email. (“<code>a@b.com</code>” should be encoded as “<code>a%40b.com</code>”; a double encoding will produce “<code>a%2540b.com</code>”.) HotCRP has tried to compensate, but you really should fix the problem. For <code>mod_rewrite</code> add <a href='http://httpd.apache.org/docs/current/mod/mod_rewrite.html'>the <code>[NE]</code> option</a> to the relevant RewriteRule. <a href=\"" . hoturl_post("index", "clearbug=doubleencoding") . "\">(Clear this message)</a>";
}
// Unnotified reviews?
if ($Conf->setting("pcrev_assigntime", 0) > $Conf->setting("pcrev_informtime", 0)) {
$assigntime = $Conf->setting("pcrev_assigntime");
$result = $Conf->qe("select paperId from PaperReview where reviewType>" . REVIEW_PC . " and timeRequested>timeRequestNotified and reviewSubmitted is null and reviewNeedsSubmit!=0 limit 1");
if (edb_nrows($result)) {
$m[] = "PC review assignments have changed. You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>. <a href=\"" . hoturl_post("index", "clearnewpcrev={$assigntime}") . "\">(Clear this message)</a>";
} else {
$Conf->save_setting("pcrev_informtime", $assigntime);
}
}
if (count($m)) {
$Conf->warnMsg("<div>" . join('</div><div style="margin-top:0.5em">', $m) . "</div>");
}
}
function admin_home_messages()
{
global $Opt, $Conf;
$m = array();
$errmarker = "<span class=\"error\">Error:</span> ";
if (preg_match("/^(?:[1-4]\\.|5\\.[0123])/", phpversion())) {
$m[] = $errmarker . "HotCRP requires PHP version 5.4 or higher. You are running PHP version " . htmlspecialchars(phpversion()) . ".";
}
if (get_magic_quotes_gpc()) {
$m[] = $errmarker . "The PHP <code>magic_quotes_gpc</code> feature is on, which is a bad idea. Check that your Web server is using HotCRP’s <code>.htaccess</code> file. You may also want to disable <code>magic_quotes_gpc</code> in your <code>php.ini</code> configuration file.";
}
if (get_magic_quotes_runtime()) {
$m[] = $errmarker . "The PHP <code>magic_quotes_runtime</code> feature is on, which is a bad idea. Check that your Web server is using HotCRP’s <code>.htaccess</code> file. You may also want to disable <code>magic_quotes_runtime</code> in your <code>php.ini</code> configuration file.";
}
if (defined("JSON_HOTCRP")) {
$m[] = "Your PHP was built without JSON functionality. HotCRP is using its built-in replacements; the native functions would be faster.";
}
if ((int) $Opt["globalSessionLifetime"] < $Opt["sessionLifetime"]) {
$m[] = "PHP’s systemwide <code>session.gc_maxlifetime</code> setting, which is " . htmlspecialchars($Opt["globalSessionLifetime"]) . " seconds, is less than HotCRP’s preferred session expiration time, which is " . $Opt["sessionLifetime"] . " seconds. You should update <code>session.gc_maxlifetime</code> in the <code>php.ini</code> file or users may be booted off the system earlier than you expect.";
}
if (!function_exists("imagecreate") && $Conf->setting("__gd_required")) {
$m[] = $errmarker . "This PHP installation lacks support for the GD library, so HotCRP can’t generate backup score charts for old browsers. Some of your users require this backup. You should update your PHP installation. For example, on Ubuntu Linux, install the <code>php" . PHP_MAJOR_VERSION . "-gd</code> package.";
}
$result = Dbl::qx_raw("show variables like 'max_allowed_packet'");
$max_file_size = ini_get_bytes("upload_max_filesize");
if (($row = edb_row($result)) && $row[1] < $max_file_size && !get($Opt, "dbNoPapers")) {
$m[] = $errmarker . "MySQL’s <code>max_allowed_packet</code> setting, which is " . htmlspecialchars($row[1]) . " bytes, is less than the PHP upload file limit, which is {$max_file_size} bytes. You should update <code>max_allowed_packet</code> in the system-wide <code>my.cnf</code> file or the system may not be able to handle large papers.";
}
// Conference names
if (get($Opt, "shortNameDefaulted")) {
$m[] = "<a href=\"" . hoturl("settings", "group=basics") . "\">Set the conference abbreviation</a> to a short name for your conference, such as “OSDI ’14”.";
} else {
if (simplify_whitespace(Conf::$gShortName) != Conf::$gShortName) {
$m[] = "The <a href=\"" . hoturl("settings", "group=basics") . "\">conference abbreviation</a> setting has a funny value. To fix it, remove leading and trailing spaces, use only space characters (no tabs or newlines), and make sure words are separated by single spaces (never two or more).";
}
}
$site_contact = Contact::site_contact();
if (!$site_contact->email || $site_contact->email == "*****@*****.**") {
$m[] = "<a href=\"" . hoturl("settings", "group=basics") . "\">Set the conference contact’s name and email</a> so submitters can reach someone if things go wrong.";
}
// Any -100 preferences around?
$result = Dbl::ql_raw($Conf->preferenceConflictQuery(false, "limit 1"));
if ($row = edb_row($result)) {
$m[] = "PC members have indicated paper conflicts (using review preferences of −100 or less) that aren’t yet confirmed. <a href='" . hoturl_post("autoassign", "a=prefconflict&assign=1") . "' class='nw'>Confirm these conflicts</a>";
}
// Weird URLs?
foreach (array("conferenceSite", "paperSite") as $k) {
if (isset($Opt[$k]) && $Opt[$k] && !preg_match('`\\Ahttps?://(?:[-.~\\w:/?#\\[\\]@!$&\'()*+,;=]|%[0-9a-fA-F][0-9a-fA-F])*\\z`', $Opt[$k])) {
$m[] = $errmarker . "The <code>\$Opt[\"{$k}\"]</code> setting, ‘<code>" . htmlspecialchars($Opt[$k]) . "</code>’, is not a valid URL. Edit the <code>conf/options.php</code> file to fix this problem.";
}
}
// Unnotified reviews?
if ($Conf->setting("pcrev_assigntime", 0) > $Conf->setting("pcrev_informtime", 0)) {
$assigntime = $Conf->setting("pcrev_assigntime");
$result = Dbl::qe_raw("select paperId from PaperReview where reviewType>" . REVIEW_PC . " and timeRequested>timeRequestNotified and reviewSubmitted is null and reviewNeedsSubmit!=0 limit 1");
if (edb_nrows($result)) {
$m[] = "PC review assignments have changed. <a href=\"" . hoturl("mail", "template=newpcrev") . "\">Send review assignment notifications</a> <span class=\"barsep\">·</span> <a href=\"" . hoturl_post("index", "clearnewpcrev={$assigntime}") . "\">Clear this message</a>";
} else {
$Conf->save_setting("pcrev_informtime", $assigntime);
}
}
// Review round expired?
if (count($Conf->round_list()) > 1 && $Conf->time_review_open() && $Conf->missed_review_deadline($Conf->current_round(), true, false)) {
$any_rounds_open = false;
foreach ($Conf->defined_round_list() as $i => $rname) {
if (!$any_rounds_open && !$Conf->missed_review_deadline($i, true, false) && $Conf->setting($Conf->review_deadline($i, true, false))) {
$any_rounds_open = $rname;
}
}
if ($any_rounds_open) {
$m[] = "The deadline for the current review round, " . htmlspecialchars($Conf->current_round_name()) . ", has passed. You may want to <a href=\"" . hoturl("settings", "group=reviews") . "\">change the current round</a> to " . htmlspecialchars($any_rounds_open) . ".";
}
}
if (count($m)) {
$Conf->warnMsg('<div class="multimessage"><div>' . join('</div><div>', $m) . "</div></div>");
}
}
private static function create_account($user, $cdb_user)
{
global $Conf, $Opt, $email_class;
// check for errors
if ($user && $user->has_database_account() && $user->activity_at > 0) {
$email_class = " error";
return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . ". To retrieve your password, select “I forgot my password.”");
} else {
if ($cdb_user && $cdb_user->allow_contactdb_password() && $cdb_user->activity_at > 0) {
$desc = opt("contactdb_description") ?: "HotCRP";
$email_class = " error";
return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . " on {$desc}. Sign in using your {$desc} password or select “I forgot my password.”");
} else {
if (!validate_email($_REQUEST["email"])) {
$email_class = " error";
return Conf::msg_error("“" . htmlspecialchars($_REQUEST["email"]) . "” is not a valid email address.");
}
}
}
// create database account
if (!$user || !$user->has_database_account()) {
if (!($user = Contact::create(Contact::safe_registration($_REQUEST)))) {
return Conf::msg_error($Conf->db_error_html(true, "while adding your account"));
}
}
$user->sendAccountInfo("create", true);
$msg = "Successfully created an account for " . htmlspecialchars($_REQUEST["email"]) . ".";
// handle setup phase
if ($Conf->setting("setupPhase", false)) {
return self::first_user($user, $msg);
}
if (Mailer::allow_send($user->email)) {
$msg .= " A password has been emailed to you. Return here when you receive it to complete the registration process. If you don’t receive the email, check your spam folders and verify that you entered the correct address.";
} else {
if (opt("sendEmail")) {
$msg .= " The email address you provided seems invalid.";
} else {
$msg .= " The conference system is not set up to mail passwords at this time.";
}
$msg .= " Although an account was created for you, you need help to retrieve your password. Contact " . Text::user_html(Contact::site_contact()) . ".";
}
if (isset($_REQUEST["password"]) && trim($_REQUEST["password"]) != "") {
$msg .= " Note that the password you supplied on the login screen was ignored.";
}
$Conf->confirmMsg($msg);
return null;
}
static function send_manager($template, $row, $rest = array())
{
if ($row && $row->managerContactId && ($c = Contact::find_by_id($row->managerContactId))) {
self::send_to($c, $template, $row, $rest);
} else {
self::send_to(Contact::site_contact(), $template, $row, $rest);
}
}
