function list_actions(Contact $user, $qreq, PaperList $pl, &$actions)
{
if (!$user->isPC || Navigation::page() === "reviewprefs") {
return;
}
// tagtype cell
$tagopt = array("a" => "Add", "d" => "Remove", "s" => "Define", "xxxa" => null, "ao" => "Add to order", "aos" => "Add to gapless order", "so" => "Define order", "sos" => "Define gapless order", "sor" => "Define random order");
$tagextra = array("id" => "placttagtype");
if ($user->privChair) {
$tagopt["xxxb"] = null;
$tagopt["da"] = "Clear twiddle";
$tagopt["cr"] = "Calculate rank";
$tagextra["onchange"] = "plactions_dofold()";
Ht::stash_script("plactions_dofold()", "plactions_dofold");
}
// tag name cell
$t = "";
if ($user->privChair) {
$t .= '<span class="fx99"><a class="q" href="#" onclick="return fold(\'placttags\')">' . expander(null, 0) . "</a></span>";
}
$t .= 'tag<span class="fn99">(s)</span> ' . Ht::entry("tag", $qreq->tag, ["size" => 15, "onfocus" => "autosub('tag',this)", "class" => "wantcrpfocus"]) . ' ' . Ht::submit("fn", "Go", ["value" => "tag", "onclick" => "return plist_submit.call(this)"]);
if ($user->privChair) {
$t .= "<div class='fx'><div style='margin:2px 0'>" . Ht::checkbox("tagcr_gapless", 1, $qreq->tagcr_gapless, array("style" => "margin-left:0")) . " " . Ht::label("Gapless order") . "</div>" . "<div style='margin:2px 0'>Using: " . Ht::select("tagcr_method", PaperRank::methods(), $qreq->tagcr_method) . "</div>" . "<div style='margin:2px 0'>Source tag: ~" . Ht::entry("tagcr_source", $qreq->tagcr_source, array("size" => 15)) . "</div></div>";
}
$actions[] = [500, "tag", "Tag", "<b>:</b> " . Ht::select("tagfn", $tagopt, $qreq->tagfn, $tagextra) . " ", ["id" => "foldplacttags", "class" => "foldc fold99c", "content" => $t]];
}
function initialize_user()
{
global $Conf, $Me;
// load current user
$Me = null;
$trueuser = get($_SESSION, "trueuser");
if ($trueuser && $trueuser->email) {
$Me = $Conf->user_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// redirect if disabled
if ($Me->disabled) {
if (Navigation::page() === "api") {
json_exit(["ok" => false, "error" => "Your account is disabled."]);
} else {
if (Navigation::page() !== "index") {
Navigation::redirect_site(hoturl_site_relative("index"));
}
}
}
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
// set $_SESSION["addrs"]
if ($_SERVER["REMOTE_ADDR"] && (!is_array(get($_SESSION, "addrs")) || get($_SESSION["addrs"], 0) !== $_SERVER["REMOTE_ADDR"])) {
$as = array($_SERVER["REMOTE_ADDR"]);
if (is_array(get($_SESSION, "addrs"))) {
foreach ($_SESSION["addrs"] as $a) {
if ($a !== $_SERVER["REMOTE_ADDR"] && count($as) < 5) {
$as[] = $a;
}
}
}
$_SESSION["addrs"] = $as;
}
}
function initialize_user()
{
global $Conf, $Opt, $Me;
// backwards compat: set $_SESSION["user"] from $_SESSION["Me"]
if (!isset($_SESSION["user"]) && isset($_SESSION["Me"])) {
$x = $_SESSION["Me"];
$_SESSION["user"] = "******";
unset($_SESSION["Me"], $_SESSION["pcmembers"]);
}
if (!isset($_SESSION["trueuser"]) && isset($_SESSION["user"])) {
$_SESSION["trueuser"] = $_SESSION["user"];
}
if (is_string(@$_SESSION["trueuser"])) {
$userwords = explode(" ", $_SESSION["trueuser"]);
$_SESSION["trueuser"] = (object) array("contactId" => $userwords[0], "dsn" => $userwords[1], "email" => @$userwords[2]);
}
// load current user
$Me = null;
$trueuser = @$_SESSION["trueuser"];
if ($trueuser && $trueuser->dsn == $Conf->dsn) {
$Me = Contact::find_by_id($trueuser->contactId);
}
if (!$Me && $trueuser && $trueuser->email) {
$Me = Contact::find_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
}
function initialize_user()
{
global $Conf, $Me;
// load current user
$Me = null;
$trueuser = get($_SESSION, "trueuser");
if ($trueuser && $trueuser->email) {
$Me = Contact::find_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
// set $_SESSION["addrs"]
if ($_SERVER["REMOTE_ADDR"] && (!is_array(@$_SESSION["addrs"]) || @$_SESSION["ips"][0] !== $_SERVER["REMOTE_ADDR"])) {
$as = array($_SERVER["REMOTE_ADDR"]);
if (is_array(@$_SESSION["addrs"])) {
foreach ($_SESSION["addrs"] as $a) {
if ($a !== $_SERVER["REMOTE_ADDR"] && count($as) < 5) {
$as[] = $a;
}
}
}
$_SESSION["addrs"] = $as;
}
}
function allow(Contact $user)
{
return $user->privChair && Navigation::page() !== "reviewprefs";
}
require_once "lib/navigation.php";
function choose_page($page)
{
if ($page !== "" && $page[0] === "~") {
$xpage = Navigation::path_component(0, true);
Navigation::set_path("/" . $page . Navigation::path_suffix(1));
$page = Navigation::set_page($xpage ?: "index");
}
$i = strlen($page) - 4;
if ($i > 0 && substr($page, $i) === ".php") {
$page = substr($page, 0, $i);
}
if ($page === "index") {
return null;
}
if (is_readable($page . ".php") && strpos($page, "/") === false) {
return $page . ".php";
} else {
if (preg_match(',\\A(?:images|scripts|stylesheets)\\z,', $page)) {
$_REQUEST["file"] = $page . Navigation::path();
return "cacheable.php";
} else {
Navigation::redirect_site("index");
}
}
}
if ($page = choose_page(Navigation::page())) {
include $page;
} else {
require_once "pages/home.php";
}
public static function requested()
{
global $Me;
if (self::$requested_list === false) {
// look up list ID
$listdesc = req("ls");
if (isset($_COOKIE["hotcrp_ls"])) {
$listdesc = $listdesc ?: $_COOKIE["hotcrp_ls"];
}
$list = null;
if (($listno = cvtint($listdesc, null)) && ($xlist = self::lookup($listno)) && (!get($xlist, "cid") || $xlist->cid == ($Me ? $Me->contactId : 0))) {
$list = $xlist;
}
// look up list description
if (!$list && $listdesc) {
$listtype = "p";
if (Navigation::page() === "profile" || Navigation::page() === "users") {
$listtype = "u";
}
if (preg_match('_\\Ap/([^/]*)/([^/]*)/?(.*)\\z_', $listdesc, $m)) {
$list = self::try_list(["t" => $m[1], "q" => urldecode($m[2])], "p", $m[3]);
}
if (!$list && preg_match('/\\A(all|s):(.*)\\z/s', $listdesc, $m)) {
$list = self::try_list(["t" => $m[1], "q" => $m[2]], "p");
}
if (!$list && preg_match('/\\A[a-z]+\\z/', $listdesc)) {
$list = self::try_list(["t" => $listdesc], $listtype);
}
if (!$list) {
$list = self::try_list(["q" => $listdesc], $listtype);
}
}
self::$requested_list = $list;
}
return self::$requested_list;
}
function escape()
{
global $Conf;
if (get($_REQUEST, "ajax")) {
if ($this->is_empty()) {
$Conf->ajaxExit(array("ok" => 0, "loggedout" => 1));
} else {
$Conf->ajaxExit(array("ok" => 0, "error" => "You don’t have permission to access that page."));
}
}
if ($this->is_empty()) {
// Preserve post values across session expiration.
$x = array();
if (Navigation::path()) {
$x["__PATH__"] = preg_replace(",^/+,", "", Navigation::path());
}
if (get($_REQUEST, "anchor")) {
$x["anchor"] = $_REQUEST["anchor"];
}
$url = selfHref($x, array("raw" => true, "site_relative" => true));
$_SESSION["login_bounce"] = array($Conf->dsn, $url, Navigation::page(), $_POST);
if (check_post()) {
error_go(false, "You’ve been logged out due to inactivity, so your changes have not been saved. After logging in, you may submit them again.");
} else {
error_go(false, "You must sign in to access that page.");
}
} else {
error_go(false, "You don’t have permission to access that page.");
}
}
<?php
// index.php -- HotCRP home page
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "lib/navigation.php";
if (Navigation::page() !== "index") {
$page = Navigation::page();
if (is_readable("{$page}.php") && strpos($page, "/") === false) {
include "{$page}.php";
exit;
} else {
if ($page == "images" || $page == "scripts" || $page == "stylesheets") {
$_REQUEST["file"] = $page . Navigation::path();
include "cacheable.php";
exit;
} else {
Navigation::redirect_site("index");
}
}
}
require_once "pages/home.php";
function allow(Contact $user)
{
return $user->is_manager() && Navigation::page() !== "reviewprefs";
}
public static function set_page($page)
{
return self::$page = $page;
}
function self_href($extra = array(), $options = null)
{
global $CurrentList;
// clean parameters from pathinfo URLs
foreach (array("paperId" => "p", "pap" => "p", "reviewId" => "r", "commentId" => "c") as $k => $v) {
if (isset($_REQUEST[$k]) && !isset($_REQUEST[$v])) {
$_REQUEST[$v] = $_REQUEST[$k];
}
}
$param = "";
foreach (array("p", "r", "c", "m", "pset", "u", "commit", "mode", "forceShow", "validator", "ls", "list", "t", "q", "qa", "qo", "qx", "qt", "tab", "atab", "group", "sort", "monreq", "noedit", "contact", "reviewer") as $what) {
if (isset($_REQUEST[$what]) && !array_key_exists($what, $extra)) {
$param .= "&{$what}=" . urlencode($_REQUEST[$what]);
}
}
foreach ($extra as $key => $value) {
if ($key != "anchor" && $value !== null) {
$param .= "&{$key}=" . urlencode($value);
}
}
if (isset($CurrentList) && $CurrentList > 0 && !isset($_REQUEST["ls"]) && !array_key_exists("ls", $extra)) {
$param .= "&ls=" . $CurrentList;
}
$param = $param ? substr($param, 1) : "";
if (!$options || !@$options["site_relative"]) {
$uri = hoturl(Navigation::page(), $param);
} else {
$uri = hoturl_site_relative(Navigation::page(), $param);
}
if (isset($extra["anchor"])) {
$uri .= "#" . $extra["anchor"];
}
$uri = str_replace("&", "&", $uri);
if (!$options || @$options["raw"]) {
return $uri;
} else {
return htmlspecialchars($uri);
}
}
function reviewTable($prow, $rrows, $crows, $rrow, $mode, $proposals = null)
{
global $Conf, $Me;
$subrev = array();
$nonsubrev = array();
$foundRrow = $foundMyReview = $notShown = 0;
$conflictType = $Me->view_conflict_type($prow);
$allow_admin = $Me->allow_administer($prow);
$admin = $Me->can_administer($prow);
$hideUnviewable = $conflictType > 0 && !$admin || !$Me->act_pc($prow) && !$Conf->setting("extrev_view");
$show_colors = $Me->can_view_reviewer_tags($prow);
$tagger = $show_colors ? new Tagger($Me) : null;
$xsep = ' <span class="barsep">·</span> ';
$want_scores = $mode !== "assign" && $mode !== "edit" && $mode !== "re";
$want_requested_by = false;
$want_retract = false;
$pcm = pcMembers();
$score_header = array();
// actual rows
foreach ($rrows as $rr) {
$highlight = $rrow && $rr->reviewId == $rrow->reviewId;
$foundRrow += $highlight;
if ($Me->is_my_review($rr)) {
$foundMyReview++;
}
$canView = $Me->can_view_review($prow, $rr, null);
// skip unsubmitted reviews
if (!$canView && $hideUnviewable) {
if ($rr->reviewNeedsSubmit == 1 && $rr->reviewModified) {
$notShown++;
}
continue;
}
$t = "";
$tclass = $rrow && $highlight ? "hilite" : "";
// review ID
$id = "Review";
if ($rr->reviewSubmitted) {
$id .= " #" . $prow->paperId . unparseReviewOrdinal($rr->reviewOrdinal);
} else {
if ($rr->reviewType == REVIEW_SECONDARY && $rr->reviewNeedsSubmit <= 0) {
$id .= " (delegated)";
} else {
if ($rr->reviewModified > 0) {
$id .= " (in progress)";
} else {
$id .= " (not started)";
}
}
}
$rlink = unparseReviewOrdinal($rr);
if ($rrow && $rrow->reviewId == $rr->reviewId) {
if ($Me->contactId == $rr->contactId && !$rr->reviewSubmitted) {
$id = "Your {$id}";
}
$t .= '<td><a href="' . hoturl("review", "p={$prow->paperId}&r={$rlink}") . '" class="q"><b>' . $id . '</b></a></td>';
} else {
if (!$canView) {
$t .= "<td>{$id}</td>";
} else {
if ($rrow || $rr->reviewModified <= 0 || ($mode === "re" || $mode === "assign") && $Me->can_review($prow, $rr)) {
$t .= '<td><a href="' . hoturl("review", "p={$prow->paperId}&r={$rlink}") . '">' . $id . '</a></td>';
} else {
if (Navigation::page() !== "paper") {
$t .= '<td><a href="' . hoturl("paper", "p={$prow->paperId}#r{$rlink}") . '">' . $id . '</a></td>';
} else {
$t .= '<td><a href="#r' . $rlink . '">' . $id . '</a></td>';
}
}
}
}
// primary/secondary glyph
if ($conflictType > 0 && !$admin) {
$rtype = "";
} else {
if ($rr->reviewType > 0) {
$rtype = review_type_icon($rr->reviewType);
if ($admin && $mode === "assign") {
$rtype .= _review_table_round_selector($prow, $rr);
} else {
if ($rr->reviewRound > 0 && $Me->can_view_review_round($prow, $rr)) {
$rtype .= ' <span class="revround" title="Review round">' . htmlspecialchars($Conf->round_name($rr->reviewRound, true)) . "</span>";
}
}
} else {
$rtype = "";
}
}
// reviewer identity
$showtoken = $rr->reviewToken && $Me->can_review($prow, $rr);
if (!$Me->can_view_review_identity($prow, $rr, null)) {
$t .= $rtype ? "<td>{$rtype}</td>" : '<td class="empty"></td>';
} else {
if (!$showtoken || !Contact::is_anonymous_email($rr->email)) {
$n = $Me->name_html_for($rr);
} else {
$n = "[Token " . encode_token((int) $rr->reviewToken) . "]";
}
if ($allow_admin) {
$n .= _review_table_actas($rr);
}
$t .= '<td class="rl"><span class="taghl">' . $n . '</span>' . ($rtype ? " {$rtype}" : "") . "</td>";
if ($show_colors && (get($rr, "contactRoles") || get($rr, "contactTags"))) {
$tags = Contact::roles_all_contact_tags(get($rr, "contactRoles"), get($rr, "contactTags"));
$tags = Tagger::strip_nonviewable($tags, $Me);
if ($tags && ($color = TagInfo::color_classes($tags))) {
$tclass = $color;
}
}
}
// requester
if ($mode === "assign") {
if (($conflictType <= 0 || $admin) && $rr->reviewType == REVIEW_EXTERNAL && !$showtoken) {
$t .= '<td style="font-size:smaller">';
if ($rr->requestedBy == $Me->contactId) {
$t .= "you";
} else {
if ($u = get($pcm, $rr->requestedBy)) {
$t .= $Me->reviewer_html_for($rr->requestedBy);
} else {
$t .= Text::user_html([$rr->reqFirstName, $rr->reqLastName, $rr->reqEmail]);
}
}
$t .= '</td>';
$want_requested_by = true;
} else {
$t .= '<td class="empty"></td>';
}
}
// actions
if ($mode === "assign" && ($conflictType <= 0 || $admin) && $rr->reviewType == REVIEW_EXTERNAL && $rr->reviewModified <= 0 && ($rr->requestedBy == $Me->contactId || $admin)) {
$t .= '<td>' . _retract_review_request_form($prow, $rr) . '</td>';
}
// scores
$scores = array();
if ($want_scores && $canView) {
$view_score = $Me->view_score_bound($prow, $rr);
$rf = ReviewForm::get();
foreach ($rf->forder as $fid => $f) {
if (!$f->has_options || $f->view_score <= $view_score || $f->round_mask && !$f->is_round_visible($rr)) {
/* do nothing */
} else {
if ($rr->{$fid}) {
if (!get($score_header, $fid)) {
$score_header[$fid] = "<th>" . $f->web_abbreviation() . "</th>";
}
$scores[$fid] = '<td class="revscore" data-rf="' . $f->uid . '">' . $f->unparse_value($rr->{$fid}, ReviewField::VALUE_SC) . '</td>';
} else {
if (get($score_header, $fid) === null) {
$score_header[$fid] = "";
}
}
}
}
}
// affix
if (!$rr->reviewSubmitted) {
$nonsubrev[] = array($tclass, $t, $scores);
} else {
$subrev[] = array($tclass, $t, $scores);
}
}
// proposed review rows
if ($proposals) {
foreach ($proposals as $rr) {
$t = "";
// review ID
$t = "<td>Proposed review</td>";
// reviewer identity
$t .= "<td>" . Text::user_html($rr);
if ($allow_admin) {
$t .= _review_table_actas($rr);
}
$t .= "</td>";
// requester
if ($conflictType <= 0 || $admin) {
$t .= '<td style="font-size:smaller">';
if ($rr->requestedBy == $Me->contactId) {
$t .= "you";
} else {
if ($u = get($pcm, $rr->requestedBy)) {
$t .= $Me->reviewer_html_for($rr->requestedBy);
} else {
$t .= Text::user_html([$rr->reqFirstName, $rr->reqLastName, $rr->reqEmail]);
}
}
$t .= '</td>';
$want_requested_by = true;
}
$t .= '<td>';
if ($admin) {
$t .= '<small>' . Ht::form(hoturl_post("assign", "p={$prow->paperId}")) . '<div class="inline">' . Ht::hidden("name", $rr->name) . Ht::hidden("email", $rr->email) . Ht::hidden("reason", $rr->reason);
if ($rr->reviewRound !== null) {
if ($rr->reviewRound == 0) {
$rname = "unnamed";
} else {
$rname = $Conf->round_name($rr->reviewRound);
}
if ($rname) {
$t .= Ht::hidden("round", $rname);
}
}
$t .= Ht::submit("add", "Approve review", array("style" => "font-size:smaller")) . ' ' . Ht::submit("deny", "Deny request", array("style" => "font-size:smaller")) . '</div></form>';
} else {
if ($rr->reqEmail === $Me->email) {
$t .= _retract_review_request_form($prow, $rr);
}
}
$t .= '</td>';
// affix
$nonsubrev[] = array("", $t);
}
}
// unfinished review notification
$notetxt = "";
if ($conflictType >= CONFLICT_AUTHOR && !$admin && $notShown && $Me->can_view_review($prow, null, null)) {
if ($notShown == 1) {
$t = "1 review remains outstanding.";
} else {
$t = "{$notShown} reviews remain outstanding.";
}
$t .= '<br /><span class="hint">You will be emailed if new reviews are submitted or existing reviews are changed.</span>';
$notetxt = '<div class="revnotes">' . $t . "</div>";
}
// completion
if (count($nonsubrev) + count($subrev)) {
if ($want_requested_by) {
array_unshift($score_header, '<th class="revsl">Requester</th>');
}
$score_header_text = join("", $score_header);
$t = "<table class=\"reviewers";
if ($score_header_text) {
$t .= " reviewers_scores";
}
if ($list = SessionList::active()) {
$t .= " has_hotcrp_list\" data-hotcrp-list=\"" . $list->listno;
}
$t .= "\">\n";
if ($score_header_text) {
$t .= '<tr><td class="empty" colspan="2"></td>' . $score_header_text . "</tr>\n";
}
foreach (array_merge($subrev, $nonsubrev) as $r) {
$t .= '<tr class="rl' . ($r[0] ? " {$r['0']}" : "") . '">' . $r[1];
if (get($r, 2)) {
foreach ($score_header as $fid => $header_needed) {
if ($header_needed) {
$x = get($r[2], $fid);
$t .= $x ?: "<td class=\"revscore rs_{$fid}\"></td>";
}
}
} else {
if (count($score_header)) {
$t .= '<td colspan="' . count($score_header) . '"></td>';
}
}
$t .= "</tr>\n";
}
if ($score_header_text) {
$Conf->footerScript("review_form.score_tooltips(\$(\"table.reviewers_scores\"))", "score_tooltips");
}
return $t . "</table>\n" . $notetxt;
} else {
return $notetxt;
}
}
function allow(Contact $user)
{
return $user->can_set_some_decision(true) && Navigation::page() !== "reviewprefs";
}
function list_actions(Contact $user, $qreq, PaperList $pl, &$actions)
{
if (Navigation::page() === "reviewprefs") {
$actions[] = [$this->extended ? -99 : -100, $this->subname, null, $this->extended ? "Preference file with abstracts" : "Preference file"];
}
}