function choose_page($page)
{
if ($page !== "" && $page[0] === "~") {
$xpage = Navigation::path_component(0, true);
Navigation::set_path("/" . $page . Navigation::path_suffix(1));
$page = Navigation::set_page($xpage ?: "index");
}
$i = strlen($page) - 4;
if ($i > 0 && substr($page, $i) === ".php") {
$page = substr($page, 0, $i);
}
if ($page === "index") {
return null;
}
if (is_readable($page . ".php") && strpos($page, "/") === false) {
return $page . ".php";
} else {
if (preg_match(',\\A(?:images|scripts|stylesheets)\\z,', $page)) {
$_REQUEST["file"] = $page . Navigation::path();
return "cacheable.php";
} else {
Navigation::redirect_site("index");
}
}
}
<?php
// resetpassword.php -- HotCRP password reset page
// HotCRP and Peteramati are Copyright (c) 2006-2016 Eddie Kohler and others
// See LICENSE for open-source distribution terms
require_once "src/initweb.php";
if ($Conf->external_login()) {
error_go(false, "Password reset links aren’t used for this conference. Contact your system administrator if you’ve forgotten your password.");
}
$resetcap = req("resetcap");
if ($resetcap === null && preg_match(',\\A/(U?1[-\\w]+)(?:/|\\z),i', Navigation::path(), $m)) {
$resetcap = $m[1];
}
if (!$resetcap) {
error_go(false, "You didn’t enter the full password reset link into your browser. Make sure you include the reset code (the string of letters, numbers, and other characters at the end).");
}
$iscdb = substr($resetcap, 0, 1) === "U";
$capmgr = $Conf->capability_manager($resetcap);
$capdata = $capmgr->check($resetcap);
if (!$capdata || $capdata->capabilityType != CAPTYPE_RESETPASSWORD) {
error_go(false, "That password reset code has expired, or you didn’t enter it correctly.");
}
if ($iscdb) {
$Acct = Contact::contactdb_find_by_id($capdata->contactId);
} else {
$Acct = Contact::find_by_id($capdata->contactId);
}
if (!$Acct) {
error_go(false, "That password reset code refers to a user who no longer exists. Either create a new account or contact the conference administrator.");
}
// don't show information about the current user, if there is one
* apply CSS to with the `breadcrumb` class, for example:
*
* .breadcrumb {
* list-style-type: none;
* margin: 0;
* padding: 0;
* }
*
* .breadcrumb li {
* list-style-type: none;
* margin: 0;
* padding: 0;
* display: inline;
* }
*/
$n = new Navigation();
$path = $n->path($page->id, true);
$home = array('index' => i18n_get('Home'));
$path = $path ? $path : $home;
if (!in_array('index', array_keys($path))) {
$path = array_merge($home, $path);
}
echo "<ul class=\"breadcrumb\">\n";
foreach ($path as $id => $title) {
if ($id != $page->id) {
printf("<li><a href=\"/%s\">%s</a> <span class=\"divider\">/</span></li>\n", $id, $title);
} else {
printf("<li class=\"active\">%s</li>\n", $title);
}
}
echo '</ul>';
<?php
// index.php -- HotCRP home page
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "lib/navigation.php";
if (Navigation::page() !== "index") {
$page = Navigation::page();
if (is_readable("{$page}.php") && strpos($page, "/") === false) {
include "{$page}.php";
exit;
} else {
if ($page == "images" || $page == "scripts" || $page == "stylesheets") {
$_REQUEST["file"] = $page . Navigation::path();
include "cacheable.php";
exit;
} else {
Navigation::redirect_site("index");
}
}
}
require_once "pages/home.php";
function escape()
{
global $Conf;
if (get($_REQUEST, "ajax")) {
if ($this->is_empty()) {
$Conf->ajaxExit(array("ok" => 0, "loggedout" => 1));
} else {
$Conf->ajaxExit(array("ok" => 0, "error" => "You don’t have permission to access that page."));
}
}
if ($this->is_empty()) {
// Preserve post values across session expiration.
$x = array();
if (Navigation::path()) {
$x["__PATH__"] = preg_replace(",^/+,", "", Navigation::path());
}
if (get($_REQUEST, "anchor")) {
$x["anchor"] = $_REQUEST["anchor"];
}
$url = selfHref($x, array("raw" => true, "site_relative" => true));
$_SESSION["login_bounce"] = array($Conf->dsn, $url, Navigation::page(), $_POST);
if (check_post()) {
error_go(false, "You’ve been logged out due to inactivity, so your changes have not been saved. After logging in, you may submit them again.");
} else {
error_go(false, "You must sign in to access that page.");
}
} else {
error_go(false, "You don’t have permission to access that page.");
}
}
function choose_setting_group()
{
global $Conf;
$Group = get($_REQUEST, "group");
if (!$Group && preg_match(',\\A/(\\w+)\\z,i', Navigation::path())) {
$Group = substr(Navigation::path(), 1);
}
if (isset(SettingGroup::$map[$Group])) {
$Group = SettingGroup::$map[$Group];
}
if (!isset(SettingGroup::$all[$Group])) {
if ($Conf->timeAuthorViewReviews()) {
$Group = "decisions";
} else {
if ($Conf->deadlinesAfter("sub_sub") || $Conf->time_review_open()) {
$Group = "reviews";
} else {
$Group = "sub";
}
}
}
return $Group;
}
function document_download()
{
global $Conf, $Me, $Opt;
$documentType = HotCRPDocument::parse_dtype(@$_REQUEST["dt"]);
if ($documentType === null) {
$documentType = @$_REQUEST["final"] ? DTYPE_FINAL : DTYPE_SUBMISSION;
}
$attachment_filename = false;
$docid = null;
if (isset($_REQUEST["p"])) {
$paperId = cvtint(@$_REQUEST["p"]);
} else {
if (isset($_REQUEST["paperId"])) {
$paperId = cvtint(@$_REQUEST["paperId"]);
} else {
$s = $orig_s = preg_replace(',\\A/*,', "", Navigation::path());
$documentType = $dtname = null;
if (str_starts_with($s, $Opt["downloadPrefix"])) {
$s = substr($s, strlen($Opt["downloadPrefix"]));
}
if (preg_match(',\\Ap(?:aper)?(\\d+)/+(.*)\\z,', $s, $m)) {
$paperId = intval($m[1]);
if (preg_match(',\\A([^/]+)\\.[^/]+\\z,', $m[2], $mm)) {
$dtname = $mm[1];
} else {
if (preg_match(',\\A([^/]+)/+(.*)\\z,', $m[2], $mm)) {
list($dtype, $attachment_filename) = array($m[1], $m[2]);
}
}
} else {
if (preg_match(',\\A(?:paper)?(\\d+)-?([-A-Za-z0-9_]*)(?:\\.[^/]+|/+(.*))\\z,', $s, $m)) {
list($paperId, $dtname, $attachment_filename) = array(intval($m[1]), $m[2], @$m[3]);
} else {
if (preg_match(',\\A([A-Za-z_][-A-Za-z0-9_]*?)?-?(\\d+)(?:\\.[^/]+|/+(.*))\\z,', $s, $m)) {
list($paperId, $dtname, $attachment_filename) = array(intval($m[2]), $m[1], @$m[3]);
}
}
}
if ($dtname !== null) {
$documentType = HotCRPDocument::parse_dtype($dtname ?: "paper");
}
if ($documentType !== null && $attachment_filename) {
$o = PaperOption::find($documentType);
if (!$o || $o->type != "attachments") {
$documentType = null;
}
}
}
}
if ($documentType === null) {
document_error("404 Not Found", "Unknown document “" . htmlspecialchars($orig_s) . "”.");
}
$prow = $Conf->paperRow($paperId, $Me, $whyNot);
if (!$prow) {
document_error("404 Not Found", whyNotText($whyNot, "view"));
} else {
if ($whyNot = $Me->perm_view_pdf($prow)) {
document_error("403 Forbidden", whyNotText($whyNot, "view"));
} else {
if ($documentType > 0 && !$Me->can_view_paper_option($prow, $documentType, true)) {
document_error("403 Forbidden", "You don’t have permission to view this document.");
}
}
}
if ($attachment_filename) {
$oa = $prow->option($documentType);
foreach ($oa ? $oa->documents($prow) : array() as $doc) {
if ($doc->unique_filename == $attachment_filename) {
$docid = $doc;
}
}
if (!$docid) {
document_error("404 Not Found", "No such attachment “" . htmlspecialchars($orig_s) . "”.");
}
}
// Actually download paper.
session_write_close();
// to allow concurrent clicks
if ($Conf->downloadPaper($prow, cvtint(@$_REQUEST["save"]) > 0, $documentType, $docid)) {
exit;
}
document_error("500 Server Error", null);
}
<?php
// graph.php -- HotCRP review preference graph drawing page
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "src/initweb.php";
require_once "src/papersearch.php";
$Graph = @$_REQUEST["g"];
if (!$Graph && preg_match(',\\A/(\\w+)(/|\\z),', Navigation::path(), $m)) {
$Graph = $_REQUEST["g"] = $m[1];
}
// collect allowed graphs
$Graphs = array();
if ($Me->isPC) {
$Graphs["procrastination"] = "Procrastination";
$Graphs["formula"] = "Formula";
}
if (!count($Graphs)) {
$Me->escape();
}
reset($Graphs);
$GraphSynonym = array("reviewerlameness" => "procrastination");
if ($Graph && isset($GraphSynonym[$Graph])) {
$Graph = $GraphSynonym[$Graph];
}
if (!$Graph || !isset($Graphs[$Graph])) {
redirectSelf(array("g" => key($Graphs)));
}
// Header and body
$Conf->header("Graphs", "graphbody", actionBar());
$Conf->echoScript("");
$useRequest = isset($_REQUEST["after_login"]);
foreach (array("emailNote", "reason") as $x) {
if (isset($_REQUEST[$x]) && $_REQUEST[$x] == "Optional explanation") {
unset($_REQUEST[$x], $_GET[$x], $_POST[$x]);
}
}
if (!isset($_REQUEST["p"]) && !isset($_REQUEST["paperId"]) && preg_match(',\\A(?:new|\\d+)\\z,i', Navigation::path_component(0))) {
$_REQUEST["p"] = $_GET["p"] = Navigation::path_component(0);
if (!isset($_REQUEST["m"]) && ($x = Navigation::path_component(1))) {
$_REQUEST["m"] = $_GET["m"] = $x;
}
if (isset($_REQUEST["m"]) && $_REQUEST["m"] === "api" && !isset($_REQUEST["fn"]) && ($x = Navigation::path_component(2))) {
$_REQUEST["fn"] = $_GET["fn"] = $x;
}
} else {
if (!Navigation::path() && isset($_REQUEST["p"]) && $_REQUEST["p"] && ctype_digit($_REQUEST["p"]) && !check_post()) {
go(selfHref());
}
}
// header
function confHeader()
{
global $paperTable;
$mode = $paperTable ? $paperTable->mode : "p";
PaperTable::do_header($paperTable, "paper_" . ($mode == "edit" ? "edit" : "view"), $mode);
}
function errorMsgExit($msg)
{
global $Conf;
if (@$_REQUEST["ajax"]) {
Conf::msg_error($msg);
<?php /** * Displays contextual navigation, opening and closing * sections based on the currently active page. Shows * All parents and children of the current page. */ $n = new Navigation(); $path = $n->path($page->id); $path = $path ? $path : array(); require_once 'apps/navigation/lib/Functions.php'; navigation_print_context($n->tree, $path);
public static function set_path($path)
{
return self::$path = $path;
}
<?php
// resetpassword.php -- HotCRP password reset page
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "src/initweb.php";
if (!isset($_REQUEST["resetcap"]) && preg_match(',\\A/(U?1[-\\w]+)(?:/|\\z),i', Navigation::path(), $m)) {
$_REQUEST["resetcap"] = $m[1];
}
if (Contact::external_login()) {
error_go(false, "This HotCRP installation does not store passwords. Contact your administrator to reset your password.");
}
if (!isset($_REQUEST["resetcap"])) {
error_go(false, "You didn’t enter the full password reset link into your browser. Make sure you include the reset code (the string of letters, numbers, and other characters at the end).");
}
$iscdb = substr($_REQUEST["resetcap"], 0, 1) === "U";
$capmgr = $Conf->capability_manager($_REQUEST["resetcap"]);
$capdata = $capmgr->check($_REQUEST["resetcap"]);
if (!$capdata || $capdata->capabilityType != CAPTYPE_RESETPASSWORD) {
error_go(false, "That password reset code has expired, or you didn’t enter it correctly.");
}
if ($iscdb) {
$Acct = Contact::contactdb_find_by_id($capdata->contactId);
} else {
$Acct = Contact::find_by_id($capdata->contactId);
}
if (!$Acct) {
error_go(false, "That password reset code refers to a user who no longer exists. Either create a new account or contact the conference administrator.");
}
if (isset($Opt["ldapLogin"]) || isset($Opt["httpAuthLogin"])) {
error_go(false, "Password reset links aren’t used for this conference. Contact your system administrator if you’ve forgotten your password.");
change_email_by_capability();
}
if (!$Me->has_email()) {
$Me->escape();
}
$newProfile = false;
$useRequest = false;
$UserStatus = new UserStatus();
if (!isset($_REQUEST["u"]) && isset($_REQUEST["user"])) {
$_REQUEST["u"] = $_REQUEST["user"];
}
if (!isset($_REQUEST["u"]) && isset($_REQUEST["contact"])) {
$_REQUEST["u"] = $_REQUEST["contact"];
}
if (!isset($_REQUEST["u"]) && preg_match(',\\A/(?:new|[^\\s/]+)\\z,i', Navigation::path())) {
$_REQUEST["u"] = substr(Navigation::path(), 1);
}
if ($Me->privChair && @$_REQUEST["new"]) {
$_REQUEST["u"] = "new";
}
// Load user.
$Acct = $Me;
if ($Me->privChair && @$_REQUEST["u"]) {
if ($_REQUEST["u"] === "new") {
$Acct = new Contact();
$newProfile = true;
} else {
if (($id = cvtint($_REQUEST["u"])) > 0) {
$Acct = Contact::find_by_id($id);
} else {
$Acct = Contact::find_by_email($_REQUEST["u"]);
static function set_path_request($paths)
{
global $Conf;
$path = Navigation::path();
if ($path === "") {
return;
}
$x = explode("/", $path);
if (count($x) && $x[count($x) - 1] == "") {
array_pop($x);
}
foreach ($paths as $p) {
$ppos = $xpos = 0;
$commitsuf = "";
$settings = array();
while ($ppos < strlen($p) && $xpos < count($x)) {
if ($p[$ppos] == "/") {
++$xpos;
} else {
if ($p[$ppos] == "p" && $Conf->pset_by_key(get($x, $xpos))) {
$settings["pset"] = $x[$xpos];
} else {
if ($p[$ppos] == "H" && strlen($x[$xpos]) == 40 && ctype_xdigit($x[$xpos])) {
$settings["commit" . $commitsuf] = $x[$xpos];
$commitsuf = (int) $commitsuf + 1;
} else {
if ($p[$ppos] == "h" && strlen($x[$xpos]) >= 6 && ctype_xdigit($x[$xpos])) {
$settings["commit" . $commitsuf] = $x[$xpos];
$commitsuf = (int) $commitsuf + 1;
} else {
if ($p[$ppos] == "u" && strlen($x[$xpos])) {
if ($x[$xpos][0] != "@" && $x[$xpos][0] != "~") {
$settings["u"] = $x[$xpos];
} else {
if (strlen($x[$xpos]) > 1) {
$settings["u"] = substr($x[$xpos], 1);
}
}
} else {
if ($p[$ppos] == "@" && strlen($x[$xpos]) && ($x[$xpos][0] == "@" || $x[$xpos][0] == "~")) {
if (strlen($x[$xpos]) > 1) {
$settings["u"] = substr($x[$xpos], 1);
}
} else {
if ($p[$ppos] == "f") {
$settings["file"] = join("/", array_slice($x, $xpos));
$xpos = count($x) - 1;
} else {
if ($p[$ppos] == "*") {
$xpos = count($x) - 1;
} else {
$settings = null;
break;
}
}
}
}
}
}
}
}
++$ppos;
}
if ($settings && $xpos == count($x) - 1) {
foreach ($settings as $k => $v) {
if (!isset($_GET[$k]) && !isset($_POST[$k])) {
$_GET[$k] = $_REQUEST[$k] = $v;
}
}
break;
}
}
}
