Пример #1
 public function save($sv, $si)
     global $Conf;
     $tmap = $Conf->topic_map();
     foreach ($sv->req as $k => $v) {
         if ($k === "topnew") {
             $news = array();
             foreach (explode("\n", $v) as $n) {
                 if (($n = simplify_whitespace($n)) !== "") {
                     $news[] = "('" . sqlq($n) . "')";
             if (count($news)) {
                 $Conf->qe("insert into TopicArea (topicName) values " . join(",", $news));
         } else {
             if (strlen($k) > 3 && substr($k, 0, 3) === "top" && ctype_digit(substr($k, 3))) {
                 $k = (int) substr($k, 3);
                 $v = simplify_whitespace($v);
                 if ($v == "") {
                     $Conf->qe("delete from TopicArea where topicId={$k}");
                     $Conf->qe("delete from PaperTopic where topicId={$k}");
                     $Conf->qe("delete from TopicInterest where topicId={$k}");
                 } else {
                     if (isset($tmap[$k]) && $v != $tmap[$k] && !ctype_digit($v)) {
                         $Conf->qe("update TopicArea set topicName='" . sqlq($v) . "' where topicId={$k}");
Пример #2
function clean_queue($qname, $qconf, $qid)
    global $Conf, $Now;
    $runtimeout = isset($qconf->runtimeout) ? $qconf->runtimeout : 300;
    $result = $Conf->qe("select * from ExecutionQueue where queueclass='" . sqlq($qname) . "' and queueid<{$qid}");
    while ($row = edb_orow($result)) {
        // remove dead items from queue
        // - lockfile contains "0\n": child has exited, remove it
        // - lockfile specified but not there
        // - no lockfile & last update < 30sec ago
        // - running for more than 5min (configurable)
        if ($row->lockfile && @file_get_contents($row->lockfile) === "0\n") {
            $row->inputfifo && unlink($row->inputfifo);
        if ($row->lockfile && !file_exists($row->lockfile) || $row->runat <= 0 && $row->updateat < $Now - 30 || $runtimeout && $row->runat > 0 && $row->runat < $Now - $runtimeout) {
            $Conf->qe("delete from ExecutionQueue where queueid={$row->queueid}");

// checkupdates.php -- HotCRP update checker helper
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
require_once "src/initweb.php";
if (isset($_REQUEST["text"]) && $_REQUEST["text"]) {
    header("Content-Type: text/plain");
} else {
    header("Content-Type: application/json");
if ($Me->privChair && isset($_REQUEST["ignore"])) {
    $when = time() + 86400 * 2;
    $Conf->qe("insert into Settings (name, value) values ('ignoreupdate_" . sqlq($_REQUEST["ignore"]) . "', {$when}) on duplicate key update value={$when}");
$messages = array();
if ($Me->privChair && isset($_REQUEST["data"]) && ($data = json_decode($_REQUEST["data"], true)) && isset($data["updates"]) && is_array($data["updates"])) {
    foreach ($data["updates"] as $update) {
        $ok = true;
        if (isset($update["opt"]) && is_array($update["opt"])) {
            foreach ($update["opt"] as $k => $v) {
                $kk = $k[0] == "-" ? substr($k, 1) : $k;
                $test = defval($Opt, $kk, null) == $v;
                $ok = $ok && ($k[0] == "-" ? !$test : $test);
        if (isset($update["settings"]) && is_array($update["settings"])) {
            foreach ($update["settings"] as $k => $v) {
                if (preg_match('/\\A([!<>]?)(-?\\d+|now)\\z/', $v, $m)) {
                    $setting = $Conf->setting($k, 0);
                    if ($m[2] == "now") {
if ($papers) {
    $result = Dbl::ql(Contact::contactdb(), "select confid from Conferences where `dbname`=?", $Opt["dbName"]);
    $row = Dbl::fetch_first_row($result);
    if (!$row) {
        fwrite(STDERR, "Conference is not recored in contactdb\n");
    $confid = $row[0];
    $result = Dbl::ql($Conf->dblink, "select paperId, title from Paper");
    $q = array();
    while ($row = edb_row($result)) {
        $q[] = "(" . $confid . "," . $row[0] . ",'" . sqlq($row[1]) . "')";
    for ($i = 0; $i < count($q); $i += 25) {
        $xq = array_slice($q, $i, 25);
        Dbl::ql_raw(Contact::contactdb(), "insert into ConferencePapers (confid,paperId,title) values " . join(",", $xq) . " on duplicate key update title=values(title)");
if ($collaborators) {
    $result = Dbl::ql($Conf->dblink, "select email, collaborators, updateTime, lastLogin from ContactInfo where collaborators is not null and collaborators!=''");
    while ($row = edb_row($result)) {
        $time = (int) $row[2] ?: (int) $row[3];
        if ($time > 0) {
            Dbl::ql(Contact::contactdb(), "update ContactInfo set collaborators=?, updateTime=? where email=? and (collaborators is null or collaborators='' or updateTime<?)", $row[1], $time, $row[0], $time);
Пример #5
 function log($text, $who, $pids = null)
     if (!$who) {
         $who = 0;
     } else {
         if (!is_numeric($who)) {
             $who = $who->contactId;
     if (is_object($pids)) {
         $pids = array($pids->paperId);
     } else {
         if (!is_array($pids)) {
             $pids = $pids > 0 ? array($pids) : array();
     $ps = array();
     foreach ($pids as $p) {
         $ps[] = is_object($p) ? $p->paperId : $p;
     if ($this->_save_logs !== false) {
         foreach ($ps as $p) {
             $this->_save_logs["{$who}|{$text}"][] = $p;
     if (count($ps) == 0) {
         $ps = "null";
     } else {
         if (count($ps) == 1) {
             $ps = $ps[0];
         } else {
             $text .= " (papers " . join(", ", $ps) . ")";
             $ps = "null";
     $this->q("insert into ActionLog (ipaddr, contactId, paperId, action) values ('" . sqlq(@$_SERVER["REMOTE_ADDR"]) . "', " . (int) $who . ", {$ps}, '" . sqlq(substr($text, 0, 4096)) . "')");
 function save_paper_json($pj)
     global $Conf, $Now;
     $paperid = null;
     if (isset($pj->pid) && is_int($pj->pid) && $pj->pid > 0) {
         $paperid = $pj->pid;
     } else {
         if (!isset($pj->pid) && isset($pj->id) && is_int($pj->id) && $pj->id > 0) {
             $paperid = $pj->id;
         } else {
             if (isset($pj->pid) || isset($pj->id)) {
                 $key = isset($pj->pid) ? "pid" : "id";
                 $this->set_error_html($key, "Format error [{$key}]");
                 return false;
     if (get($pj, "error") || get($pj, "error_html")) {
         $this->set_error_html("error", "Refusing to save paper with error");
         return false;
     $this->prow = $old_pj = null;
     $this->paperid = $paperid ?: -1;
     if ($paperid) {
         $this->prow = $Conf->paperRow(["paperId" => $paperid, "topics" => true, "options" => true], $this->contact);
     if ($this->prow) {
         $old_pj = $this->paper_json($this->prow, ["forceShow" => true]);
     if ($pj && $old_pj && $paperid != $old_pj->pid) {
         $this->set_error_html("pid", "Saving paper with different ID");
         return false;
     $this->normalize($pj, $old_pj);
     if ($old_pj) {
         $this->normalize($old_pj, null);
     if ($this->nerrors) {
         return false;
     $this->check_invariants($pj, $old_pj);
     // store documents (options already stored)
     if (isset($pj->submission) && $pj->submission) {
         $this->upload_document($pj->submission, PaperOption::find_document(DTYPE_SUBMISSION));
     if (isset($pj->final) && $pj->final) {
         $this->upload_document($pj->final, PaperOption::find_document(DTYPE_FINAL));
     // create contacts
     foreach (self::contacts_array($pj) as $c) {
         $c->only_if_contactdb = !get($c, "contact");
         $c->disabled = !!$this->disable_users;
         if (!Contact::create($c, !$this->no_email) && get($c, "contact")) {
             $this->set_error_html("contacts", "Could not create an account for contact " . Text::user_html($c) . ".");
     // catch errors
     if ($this->nerrors) {
         return false;
     // update Paper table
     $q = array();
     foreach (array("title", "abstract", "collaborators") as $k) {
         $v = convert_to_utf8((string) get($pj, $k));
         if (!$old_pj || get($pj, $k) !== null && $v !== (string) get($old_pj, $k)) {
             $q[] = "{$k}='" . sqlq($v) . "'";
     if (!$old_pj || get($pj, "authors") !== null) {
         $autext = convert_to_utf8(self::author_information($pj));
         $old_autext = self::author_information($old_pj);
         if ($autext !== $old_autext || !$old_pj) {
             $q[] = "authorInformation='" . sqlq($autext) . "'";
     if ($Conf->submission_blindness() == Conf::BLIND_OPTIONAL && (!$old_pj || get($pj, "nonblind") !== null && !$pj->nonblind != !$old_pj->nonblind)) {
         $q[] = "blind=" . (get($pj, "nonblind") ? 0 : 1);
     if (!$old_pj || get($pj, "submission") !== null) {
         $new_id = get($pj, "submission") ? $pj->submission->docid : 1;
         $old_id = $old_pj && get($old_pj, "submission") ? $old_pj->submission->docid : 1;
         if (!$old_pj || $new_id != $old_id) {
             $q[] = "paperStorageId={$new_id}";
     if (!$old_pj || get($pj, "final") !== null) {
         $new_id = get($pj, "final") ? $pj->final->docid : 0;
         $old_id = $old_pj && get($old_pj, "final") ? $old_pj->final->docid : 0;
         if (!$old_pj || $new_id != $old_id) {
             $q[] = "finalPaperStorageId={$new_id}";
     if (get($pj, "withdrawn") !== null || get($pj, "submitted") !== null || get($pj, "draft") !== null) {
         if (get($pj, "submitted") !== null) {
             $submitted = $pj->submitted;
         } else {
             if (get($pj, "draft") !== null) {
                 $submitted = !$pj->draft;
             } else {
                 if ($old_pj) {
                     $submitted = get($old_pj, "submitted_at") > 0;
                 } else {
                     $submitted = false;
         if (get($pj, "withdrawn")) {
             if (!$old_pj || !get($old_pj, "withdrawn")) {
                 $q[] = "timeWithdrawn=" . (get($pj, "withdrawn_at") ?: $Now);
                 $q[] = "timeSubmitted=" . ($submitted ? -100 : 0);
             } else {
                 if (get($old_pj, "submitted_at") > 0 !== $submitted) {
                     $q[] = "timeSubmitted=" . ($submitted ? -100 : 0);
         } else {
             if ($submitted) {
                 if (!$old_pj || !get($old_pj, "submitted")) {
                     $q[] = "timeSubmitted=" . (get($pj, "submitted_at") ?: $Now);
                 if ($old_pj && get($old_pj, "withdrawn")) {
                     $q[] = "timeWithdrawn=0";
             } else {
                 if ($old_pj && (get($old_pj, "withdrawn") || get($old_pj, "submitted"))) {
                     $q[] = "timeSubmitted=0";
                     $q[] = "timeWithdrawn=0";
     if (get($pj, "final_submitted") !== null) {
         if ($pj->final_submitted) {
             $time = get($pj, "final_submitted_at") ?: $Now;
         } else {
             $time = 0;
         if (!$old_pj || get($old_pj, "final_submitted_at") != $time) {
             $q[] = "timeFinalSubmitted={$time}";
     if (!empty($q)) {
         if ($Conf->submission_blindness() == Conf::BLIND_NEVER) {
             $q[] = "blind=0";
         } else {
             if ($Conf->submission_blindness() != Conf::BLIND_OPTIONAL) {
                 $q[] = "blind=1";
         $joindoc = $old_joindoc = null;
         if (get($pj, "final")) {
             $joindoc = $pj->final;
             $old_joindoc = $old_pj ? get($old_pj, "final") : null;
         } else {
             if (get($pj, "submission")) {
                 $joindoc = $pj->submission;
                 $old_joindoc = $old_pj ? get($old_pj, "submission") : null;
         if ($joindoc && (!$old_joindoc || $old_joindoc->docid != $joindoc->docid) && get($joindoc, "size") && get($joindoc, "timestamp")) {
             $q[] = "size=" . $joindoc->size;
             $q[] = "mimetype='" . sqlq($joindoc->mimetype) . "'";
             $q[] = "sha1='" . sqlq($joindoc->sha1) . "'";
             $q[] = "timestamp=" . $joindoc->timestamp;
         } else {
             if (!$joindoc) {
                 $q[] = "size=0,mimetype='',sha1='',timestamp=0";
         if ($paperid) {
             $result = Dbl::qe_raw("update Paper set " . join(",", $q) . " where paperId={$paperid}");
             if ($result && $result->affected_rows === 0 && edb_nrows(Dbl::qe_raw("select paperId from Paper where paperId={$paperid}")) === 0) {
                 $result = Dbl::qe_raw("insert into Paper set paperId={$paperid}, " . join(",", $q));
         } else {
             $result = Dbl::qe_raw("insert into Paper set " . join(",", $q));
             if (!$result || !($paperid = $pj->pid = $result->insert_id)) {
                 return $this->set_error_html(false, "Could not create paper.");
             if (!empty($this->uploaded_documents)) {
                 Dbl::qe_raw("update PaperStorage set paperId={$paperid} where paperStorageId in (" . join(",", $this->uploaded_documents) . ")");
         // maybe update `papersub` settings
         $is_submitted = !get($pj, "withdrawn") && get($pj, "submitted");
         $was_submitted = $old_pj && !get($old_pj, "withdrawn") && get($old_pj, "submitted");
         if ($is_submitted != $was_submitted) {
     // update PaperTopics
     if (get($pj, "topics")) {
         $topics = self::topics_sql($pj, $paperid);
         $old_topics = self::topics_sql($old_pj, $paperid);
         if ($topics !== $old_topics) {
             $result = Dbl::qe_raw("delete from PaperTopic where paperId={$paperid}");
             if ($topics) {
                 $result = Dbl::qe_raw("insert into PaperTopic (topicId,paperId) values {$topics}");
     // update PaperOption
     if (get($pj, "options")) {
         $options = convert_to_utf8(self::options_sql($pj, $paperid));
         $old_options = self::options_sql($old_pj, $paperid);
         if ($options !== $old_options) {
             $result = Dbl::qe("delete from PaperOption where paperId={$paperid} and optionId?a", array_keys($pj->parsed_options));
             if ($options) {
                 $result = Dbl::qe_raw("insert into PaperOption (paperId,optionId,value,data) values {$options}");
     // update PaperConflict
     $conflict = $this->conflicts_array($pj, $old_pj);
     $old_conflict = $this->conflicts_array($old_pj, null);
     if (join(",", array_keys($conflict)) !== join(",", array_keys($old_conflict)) || join(",", array_values($conflict)) !== join(",", array_values($old_conflict))) {
         $q = array();
         foreach ($conflict as $email => $type) {
             $q[] = "'" . sqlq($email) . "'";
         $ins = array();
         if (!empty($q)) {
             $result = Dbl::qe_raw("select contactId, email from ContactInfo where email in (" . join(",", $q) . ")");
             while ($row = edb_row($result)) {
                 $ins[] = "({$paperid},{$row['0']}," . $conflict[strtolower($row[1])] . ")";
         $result = Dbl::qe_raw("delete from PaperConflict where paperId={$paperid}");
         if (!empty($ins)) {
             $result = Dbl::qe_raw("insert into PaperConflict (paperId,contactId,conflictType) values " . join(",", $ins));
     return $paperid;
Пример #7
function _one_quicklink($id, $baseUrl, $urlrest, $listtype, $isprev)
    global $Conf;
    if ($listtype == "u") {
        $result = $Conf->qx("select email from ContactInfo where email='" . sqlq($id) . "'");
        $row = edb_row($result);
        $paperText = htmlspecialchars($row ? $row[0] : $id);
        $urlrest = "u=" . urlencode($id) . $urlrest;
    } else {
        $paperText = "#{$id}";
        $urlrest = "p=" . $id . $urlrest;
    return "<a id=\"quicklink_" . ($isprev ? "prev" : "next") . "\" href=\"" . hoturl($baseUrl, $urlrest) . "\" onclick=\"return !Miniajax.isoutstanding('revprevform', make_link_callback(this))\">" . ($isprev ? $Conf->cacheableImage("_.gif", "&lt;-", null, "prev") : "") . $paperText . ($isprev ? "" : $Conf->cacheableImage("_.gif", "-&gt;", null, "next")) . "</a>";
Пример #8
 function query()
     global $Conf, $papersel, $checkReviewNeedsSubmit;
     $columns = array("firstName, lastName, email, password, roles, c.contactId, ((roles&" . Contact::ROLE_PC . ")!=0) as isPC, preferredEmail, extension");
     // paper limit
     $where = $repojoin = array();
     if ($this->usertype == "college") {
         $where[] = "(roles&" . Contact::ROLE_PCLIKE . ")=0 and not extension and not dropped";
     } else {
         if ($this->usertype == "extension") {
             $where[] = "(roles&" . Contact::ROLE_PCLIKE . ")=0 and extension and not dropped";
         } else {
             if ($this->usertype == "students") {
                 $where[] = "(roles&" . Contact::ROLE_PCLIKE . ")=0 and not dropped";
             } else {
                 if ($this->usertype == "pc") {
                     $where[] = "(roles&" . Contact::ROLE_PC . ")!=0";
                 } else {
                     if (preg_match(',\\Apc:\\S+\\z,', $this->usertype)) {
                         $where[] = "(roles&" . Contact::ROLE_PC . ")!=0";
                         $where[] = "contactTags like '% " . sqlq(substr($this->usertype, 3)) . " %'";
     // pset
     if ($this->pset) {
         $repojoin[] = "left join ContactLink l on (l.cid=c.contactId and l.type=" . LINK_REPO . " and l.pset=" . $this->pset->id . ")\n\tleft join Repository r on (r.repoid=l.link)\n\tleft join RepositoryGrade rg on (rg.repoid=r.repoid and rg.pset=" . $this->pset->id . " and not rg.placeholder)\n";
         $columns[] = "r.repoid repoid, rg.gradehash gradehash";
         if ($this->type == "openrepo") {
             $where[] = "r.open";
         } else {
             if ($this->type == "brokenrepo") {
                 $where[] = "not r.working";
             } else {
                 if ($this->type == "workingrepo") {
                     $where[] = "r.working";
                 } else {
                     if ($this->type == "repo") {
                         $where[] = "r.repoid is not null";
                     } else {
                         if ($this->type == "norepo") {
                             $where[] = "r.repoid is null";
                         } else {
                             if ($this->type == "partner") {
                                 $repojoin[] = "left join ContactLink pl on (pl.cid=c.contactId and pl.type=" . LINK_PARTNER . " and pl.pset=" . $this->pset->id . ")";
                                 $where[] = "pl.cid is not null";
                             } else {
                                 if ($this->type == "nopartner") {
                                     $repojoin[] = "left join ContactLink pl on (pl.cid=c.contactId and pl.type=" . LINK_PARTNER . " and pl.pset=" . $this->pset->id . ")";
                                     $where[] = "pl.cid is null";
     // build query
     $where[] = "email not regexp '^anonymous[0-9]*\$'";
     return "select " . join(", ", $columns) . " from ContactInfo c\n" . join(" ", $repojoin) . " where " . join(" and ", $where) . " order by email";
Пример #9
    if ($Conf->setting("autoassign_badpairs")) {
        $Qreq->badpairs = 1;
} else {
    if (count($_POST) && isset($Qreq->assign) && check_post()) {
        $x = array();
        for ($i = 1; isset($Qreq["bpa{$i}"]); ++$i) {
            if ($Qreq["bpa{$i}"] && $Qreq["bpb{$i}"] && isset($pcm[$Qreq["bpa{$i}"]]) && isset($pcm[$Qreq["bpb{$i}"]])) {
                $x[] = $Qreq["bpa{$i}"];
                $x[] = $Qreq["bpb{$i}"];
        if (count($x) || $Conf->setting_data("autoassign_badpairs") || !isset($Qreq->badpairs) != !$Conf->setting("autoassign_badpairs")) {
            $Conf->q("insert into Settings (name, value, data) values ('autoassign_badpairs', " . (isset($Qreq->badpairs) ? 1 : 0) . ", '" . sqlq(join(" ", $x)) . "') on duplicate key update data=values(data), value=values(value)");
// set $badpairs array
$badpairs = array();
if (isset($Qreq->badpairs)) {
    for ($i = 1; isset($Qreq["bpa{$i}"]); ++$i) {
        if ($Qreq["bpa{$i}"] && $Qreq["bpb{$i}"]) {
            if (!isset($badpairs[$Qreq["bpa{$i}"]])) {
                $badpairs[$Qreq["bpa{$i}"]] = array();
            $badpairs[$Qreq["bpa{$i}"]][$Qreq["bpb{$i}"]] = 1;
Пример #10
 function store_database($dbinfo, $doc)
     global $Conf, $OK;
     $N = 400000;
     $idcol = $dbinfo->id_column;
     $while = "while storing document in database";
     $a = $ks = $vs = array();
     foreach ($dbinfo->columns as $k => $v) {
         if ($k !== $idcol) {
             $ks[] = "`{$k}`=?";
             $vs[] = substr($v, 0, $N);
     if (isset($dbinfo->columns[$idcol])) {
         $q = "update {$dbinfo->table} set " . join(",", $ks) . " where {$idcol}=?";
         $vs[] = $dbinfo->columns[$idcol];
     } else {
         $q = "insert into {$dbinfo->table} set " . join(",", $ks);
     if (!($result = Dbl::query_apply($q, $vs))) {
         set_error_html($doc, $Conf->db_error_html(true, $while));
     if (isset($dbinfo->columns[$idcol])) {
         $doc->{$idcol} = $dbinfo->columns[$idcol];
     } else {
         $doc->{$idcol} = $result->insert_id;
         if (!$doc->{$idcol}) {
             set_error_html($doc, $Conf->db_error_html(true, $while));
             $OK = false;
     for ($pos = $N; true; $pos += $N) {
         $a = array();
         foreach ($dbinfo->columns as $k => $v) {
             if (strlen($v) > $pos) {
                 $a[] = "`" . $k . "`=concat(`" . $k . "`,'" . sqlq(substr($v, $pos, $N)) . "')";
         if (!count($a)) {
         if (!$Conf->q("update {$dbinfo->table} set " . join(",", $a) . " where {$idcol}=" . $doc->{$idcol})) {
             set_error_html($doc, $Conf->db_error_html(true, $while));
     // check that paper storage succeeded
     if ($dbinfo->check_contents && (!($result = $Conf->qe("select length({$dbinfo->check_contents}) from {$dbinfo->table} where {$idcol}=" . $doc->{$idcol})) || !($row = edb_row($result)) || $row[0] != strlen(self::content($doc)))) {
         set_error_html($doc, "Failed to store your document. Usually this is because the file you tried to upload was too big for our system. Please try again.");
Пример #11
 function paperQuery($contact, $options = array())
     // Options:
     //   "paperId" => $pid  Only paperId $pid (if array, any of those)
     //   "reviewId" => $rid Only paper reviewed by $rid
     //   "commentId" => $c  Only paper where comment is $c
     //   "finalized"        Only submitted papers
     //   "unsub"            Only unsubmitted papers
     //   "accepted"         Only accepted papers
     //   "active"           Only nonwithdrawn papers
     //   "author"           Only papers authored by $contactId
     //   "myReviewRequests" Only reviews requested by $contactId
     //   "myReviews"        All reviews authored by $contactId
     //   "myOutstandingReviews" All unsubmitted reviews auth by $contactId
     //   "myReviewsOpt"     myReviews, + include papers not yet reviewed
     //   "allReviews"       All reviews (multiple rows per paper)
     //   "allReviewScores"  All review scores (multiple rows per paper)
     //   "allComments"      All comments (multiple rows per paper)
     //   "reviewerName"     Include reviewer names
     //   "commenterName"    Include commenter names
     //   "reviewer" => $cid Include reviewerConflictType/reviewerReviewType
     //   "tags"             Include paperTags
     //   "tagIndex" => $tag Include tagIndex of named tag
     //   "tagIndex" => tag array -- include tagIndex, tagIndex1, ...
     //   "topics"
     //   "options"
     //   "scores" => array(fields to score)
     //   "assignments"
     //   "order" => $sql    $sql is SQL 'order by' clause (or empty)
     global $Opt;
     $reviewerQuery = isset($options["myReviews"]) || isset($options["allReviews"]) || isset($options["myReviewRequests"]) || isset($options["myReviewsOpt"]) || isset($options["myOutstandingReviews"]);
     $allReviewerQuery = isset($options["allReviews"]) || isset($options["allReviewScores"]);
     $scoresQuery = !$reviewerQuery && isset($options["allReviewScores"]);
     if (is_object($contact)) {
         $contactId = $contact->contactId;
     } else {
         $contactId = (int) $contact;
         $contact = null;
     if (isset($options["reviewer"]) && is_object($options["reviewer"])) {
         $reviewerContactId = $options["reviewer"]->contactId;
     } else {
         if (isset($options["reviewer"])) {
             $reviewerContactId = $options["reviewer"];
         } else {
             $reviewerContactId = $contactId;
     if (get($options, "author")) {
         $myPaperReview = null;
     } else {
         if ($allReviewerQuery) {
             $myPaperReview = "MyPaperReview";
         } else {
             $myPaperReview = "PaperReview";
     // paper selection
     $paperset = array();
     if (isset($options["paperId"])) {
         $paperset[] = self::_cvt_numeric_set($options["paperId"]);
     if (isset($options["reviewId"])) {
         if (is_numeric($options["reviewId"])) {
             $result = Dbl::qe("select paperId from PaperReview where reviewId=" . $options["reviewId"]);
             $paperset[] = self::_cvt_numeric_set(edb_first_columns($result));
         } else {
             if (preg_match('/^(\\d+)([A-Z][A-Z]?)$/i', $options["reviewId"], $m)) {
                 $result = Dbl::qe("select paperId from PaperReview where paperId={$m['1']} and reviewOrdinal=" . parseReviewOrdinal($m[2]));
                 $paperset[] = self::_cvt_numeric_set(edb_first_columns($result));
             } else {
                 $paperset[] = array();
     if (isset($options["commentId"])) {
         $result = Dbl::qe("select paperId from PaperComment where commentId" . sql_in_numeric_set(self::_cvt_numeric_set($options["commentId"])));
         $paperset[] = self::_cvt_numeric_set(edb_first_columns($result));
     if (count($paperset) > 1) {
         $paperset = array(call_user_func_array("array_intersect", $paperset));
     $papersel = "";
     if (count($paperset)) {
         $papersel = "paperId" . sql_in_numeric_set($paperset[0]) . " and ";
     // prepare query: basic tables
     $where = array();
     $joins = array("Paper");
     $cols = array("Paper.*, PaperConflict.conflictType");
     $aujoinwhere = null;
     if (get($options, "author") && $contact && ($aujoinwhere = $contact->actAuthorSql("PaperConflict", true))) {
         $where[] = $aujoinwhere;
     if (get($options, "author") && !$aujoinwhere) {
         $joins[] = "join PaperConflict on (PaperConflict.paperId=Paper.paperId and PaperConflict.contactId={$contactId} and PaperConflict.conflictType>=" . CONFLICT_AUTHOR . ")";
     } else {
         $joins[] = "left join PaperConflict on (PaperConflict.paperId=Paper.paperId and PaperConflict.contactId={$contactId})";
     // my review
     $qr = "";
     if ($contact && ($tokens = $contact->review_tokens())) {
         $qr = " or PaperReview.reviewToken in (" . join(", ", $tokens) . ")";
     if (get($options, "myReviewRequests")) {
         $joins[] = "join PaperReview on (PaperReview.paperId=Paper.paperId and PaperReview.requestedBy={$contactId} and PaperReview.reviewType=" . REVIEW_EXTERNAL . ")";
     } else {
         if (get($options, "myReviews")) {
             $joins[] = "join PaperReview on (PaperReview.paperId=Paper.paperId and (PaperReview.contactId={$contactId}{$qr}))";
         } else {
             if (get($options, "myOutstandingReviews")) {
                 $joins[] = "join PaperReview on (PaperReview.paperId=Paper.paperId and (PaperReview.contactId={$contactId}{$qr}) and PaperReview.reviewNeedsSubmit!=0)";
             } else {
                 if (get($options, "myReviewsOpt")) {
                     $joins[] = "left join PaperReview on (PaperReview.paperId=Paper.paperId and (PaperReview.contactId={$contactId}{$qr}))";
                 } else {
                     if (get($options, "allReviews") || get($options, "allReviewScores")) {
                         $x = get($options, "reviewLimitSql") ? " and (" . $options["reviewLimitSql"] . ")" : "";
                         $joins[] = "join PaperReview on (PaperReview.paperId=Paper.paperId{$x})";
                     } else {
                         if (!get($options, "author")) {
                             $joins[] = "left join PaperReview on (PaperReview.paperId=Paper.paperId and (PaperReview.contactId={$contactId}{$qr}))";
     // started reviews
     if (get($options, "startedReviewCount")) {
         $joins[] = "left join (select paperId, count(*) count from PaperReview where {$papersel}(reviewSubmitted or reviewNeedsSubmit>0) group by paperId) R_started on (R_started.paperId=Paper.paperId)";
         $cols[] = "coalesce(R_started.count,0) startedReviewCount";
     // submitted reviews
     $j = "select paperId, count(*) count";
     $before_ncols = count($cols);
     if (get($options, "startedReviewCount")) {
         $cols[] = "coalesce(R_submitted.count,0) reviewCount";
     if (get($options, "scores")) {
         foreach ($options["scores"] as $fid) {
             $cols[] = "R_submitted.{$fid}Scores";
             if ($myPaperReview) {
                 $cols[] = "{$myPaperReview}.{$fid}";
             $j .= ", group_concat({$fid} order by reviewId) {$fid}Scores";
     if (get($options, "reviewTypes") || get($options, "reviewIdentities")) {
         $cols[] = "R_submitted.reviewTypes";
         $j .= ", group_concat(reviewType order by reviewId) reviewTypes";
     if (get($options, "reviewIdentities")) {
         $cols[] = "R_submitted.reviewRequestedBys";
         $j .= ", group_concat(requestedBy order by reviewId) reviewRequestedBys";
         if ($this->review_blindness() == self::BLIND_OPTIONAL) {
             $cols[] = "R_submitted.reviewBlinds";
             $j .= ", group_concat(reviewBlind order by reviewId) reviewBlinds";
         if ($contact && $contact->review_tokens()) {
             $cols[] = "R_submitted.reviewTokens";
             $j .= ", group_concat(reviewToken order by reviewId) reviewTokens";
     if (get($options, "reviewRounds")) {
         $cols[] = "R_submitted.reviewRounds";
         $j .= ", group_concat(reviewRound order by reviewId) reviewRounds";
     if (get($options, "reviewWordCounts") && $this->sversion >= 99) {
         $cols[] = "R_submitted.reviewWordCounts";
         $j .= ", group_concat(reviewWordCount order by reviewId) reviewWordCounts";
     if (get($options, "reviewOrdinals")) {
         $cols[] = "R_submitted.reviewOrdinals";
         $j .= ", group_concat(reviewOrdinal order by reviewId) reviewOrdinals";
     if (get($options, "reviewTypes") || get($options, "scores") || get($options, "reviewContactIds") || get($options, "reviewOrdinals") || get($options, "reviewIdentities")) {
         $cols[] = "R_submitted.reviewContactIds";
         $j .= ", group_concat(contactId order by reviewId) reviewContactIds";
     if (count($cols) != $before_ncols) {
         $joins[] = "left join ({$j} from PaperReview where {$papersel}reviewSubmitted>0 group by paperId) R_submitted on (R_submitted.paperId=Paper.paperId)";
     // assignments
     if (get($options, "assignments")) {
         $j = "select paperId, group_concat(contactId order by reviewId) allReviewContactIds, group_concat(reviewType order by reviewId) allReviewTypes, group_concat(reviewRound order by reviewId) allReviewRounds";
         $cols[] = "R_all.allReviewContactIds, R_all.allReviewTypes, R_all.allReviewRounds";
         $joins[] = "left join ({$j} from PaperReview where {$papersel}true group by paperId) R_all on (R_all.paperId=Paper.paperId)";
     // fields
     if (get($options, "author")) {
         $cols[] = "null reviewType, null reviewId, null myReviewType";
     } else {
         // see also papercolumn.php
         array_push($cols, "PaperReview.reviewType, PaperReview.reviewId", "PaperReview.reviewModified, PaperReview.reviewSubmitted", "PaperReview.reviewNeedsSubmit, PaperReview.reviewOrdinal", "PaperReview.reviewBlind, PaperReview.reviewToken", "PaperReview.contactId as reviewContactId, PaperReview.requestedBy", "max({$myPaperReview}.reviewType) as myReviewType", "max({$myPaperReview}.reviewSubmitted) as myReviewSubmitted", "min({$myPaperReview}.reviewNeedsSubmit) as myReviewNeedsSubmit", "{$myPaperReview}.contactId as myReviewContactId", "PaperReview.reviewRound");
     if ($reviewerQuery || $scoresQuery) {
         $cols[] = "PaperReview.reviewEditVersion as reviewEditVersion";
         $cols[] = ($this->sversion >= 105 ? "PaperReview.reviewFormat" : "null") . " as reviewFormat";
         foreach (ReviewForm::all_fields() as $f) {
             if ($reviewerQuery || $f->has_options) {
                 $cols[] = "PaperReview.{$f->id} as {$f->id}";
     if ($myPaperReview == "MyPaperReview") {
         $joins[] = "left join PaperReview as MyPaperReview on (MyPaperReview.paperId=Paper.paperId and MyPaperReview.contactId={$contactId})";
     if (get($options, "topics")) {
         $cols[] = "(select group_concat(topicId) from PaperTopic where PaperTopic.paperId=Paper.paperId) topicIds";
     if (get($options, "options") && (isset($this->settingTexts["options"]) || isset($Opt["optionsInclude"])) && PaperOption::count_option_list()) {
         $cols[] = "(select group_concat(PaperOption.optionId, '#', value) from PaperOption where paperId=Paper.paperId) optionIds";
     } else {
         if (get($options, "options")) {
             $cols[] = "'' as optionIds";
     if (get($options, "tags")) {
         $cols[] = "(select group_concat(' ', tag, '#', tagIndex order by tag separator '') from PaperTag where PaperTag.paperId=Paper.paperId) paperTags";
     if (get($options, "tagIndex") && !is_array($options["tagIndex"])) {
         $options["tagIndex"] = array($options["tagIndex"]);
     if (get($options, "tagIndex")) {
         foreach ($options["tagIndex"] as $i => $tag) {
             $cols[] = "(select tagIndex from PaperTag where PaperTag.paperId=Paper.paperId and PaperTag.tag='" . sqlq($tag) . "') tagIndex" . ($i ?: "");
     if (get($options, "reviewerPreference")) {
         $joins[] = "left join PaperReviewPreference on (PaperReviewPreference.paperId=Paper.paperId and PaperReviewPreference.contactId={$reviewerContactId})";
         $cols[] = "coalesce(PaperReviewPreference.preference, 0) as reviewerPreference";
         $cols[] = "PaperReviewPreference.expertise as reviewerExpertise";
     if (get($options, "allReviewerPreference") || get($options, "desirability")) {
         $subq = "select paperId";
         if (get($options, "allReviewerPreference")) {
             $subq .= ", " . $this->query_all_reviewer_preference() . " as allReviewerPreference";
             $cols[] = "APRP.allReviewerPreference";
         if (get($options, "desirability")) {
             $subq .= ", sum(if(preference<=-100,0,greatest(least(preference,1),-1))) as desirability";
             $cols[] = "coalesce(APRP.desirability,0) as desirability";
         $subq .= " from PaperReviewPreference where {$papersel}true group by paperId";
         $joins[] = "left join ({$subq}) as APRP on (APRP.paperId=Paper.paperId)";
     if (get($options, "allConflictType")) {
         $joins[] = "left join (select paperId, group_concat(concat(contactId,' ',conflictType) separator ',') as allConflictType from PaperConflict where {$papersel}conflictType>0 group by paperId) as AllConflict on (AllConflict.paperId=Paper.paperId)";
         $cols[] = "AllConflict.allConflictType";
     if (get($options, "reviewer")) {
         $joins[] = "left join PaperConflict RPC on (RPC.paperId=Paper.paperId and RPC.contactId={$reviewerContactId})";
         $joins[] = "left join PaperReview RPR on (RPR.paperId=Paper.paperId and RPR.contactId={$reviewerContactId})";
         $cols[] = "RPC.conflictType reviewerConflictType, RPR.reviewType reviewerReviewType";
     if (get($options, "allComments")) {
         $joins[] = "join PaperComment on (PaperComment.paperId=Paper.paperId)";
         $joins[] = "left join PaperConflict as CommentConflict on (CommentConflict.paperId=PaperComment.paperId and CommentConflict.contactId=PaperComment.contactId)";
         array_push($cols, "PaperComment.commentId, PaperComment.contactId as commentContactId", "CommentConflict.conflictType as commentConflictType", "PaperComment.timeModified, PaperComment.comment", "PaperComment.replyTo, PaperComment.commentType");
     if (get($options, "reviewerName")) {
         if ($options["reviewerName"] === "lead" || $options["reviewerName"] === "shepherd") {
             $joins[] = "left join ContactInfo as ReviewerContactInfo on (ReviewerContactInfo.contactId=Paper." . $options['reviewerName'] . "ContactId)";
         } else {
             if (get($options, "allComments")) {
                 $joins[] = "left join ContactInfo as ReviewerContactInfo on (ReviewerContactInfo.contactId=PaperComment.contactId)";
             } else {
                 if (get($options, "reviewerName")) {
                     $joins[] = "left join ContactInfo as ReviewerContactInfo on (ReviewerContactInfo.contactId=PaperReview.contactId)";
         array_push($cols, "ReviewerContactInfo.firstName as reviewFirstName", "ReviewerContactInfo.lastName as reviewLastName", "ReviewerContactInfo.email as reviewEmail", "ReviewerContactInfo.lastLogin as reviewLastLogin");
     if (get($options, "foldall")) {
         $cols[] = "1 as folded";
     // conditions
     if (count($paperset)) {
         $where[] = "Paper.paperId" . sql_in_numeric_set($paperset[0]);
     if (get($options, "finalized")) {
         $where[] = "timeSubmitted>0";
     } else {
         if (get($options, "unsub")) {
             $where[] = "timeSubmitted<=0";
     if (get($options, "accepted")) {
         $where[] = "outcome>0";
     if (get($options, "undecided")) {
         $where[] = "outcome=0";
     if (get($options, "active") || get($options, "myReviews") || get($options, "myReviewRequests")) {
         $where[] = "timeWithdrawn<=0";
     if (get($options, "myLead")) {
         $where[] = "leadContactId={$contactId}";
     if (get($options, "unmanaged")) {
         $where[] = "managerContactId=0";
     $pq = "select " . join(",\n    ", $cols) . "\nfrom " . join("\n    ", $joins);
     if (count($where)) {
         $pq .= "\nwhere " . join("\n    and ", $where);
     // grouping and ordering
     if (get($options, "allComments")) {
         $pq .= "\ngroup by Paper.paperId, PaperComment.commentId";
     } else {
         if ($reviewerQuery || $scoresQuery) {
             $pq .= "\ngroup by Paper.paperId, PaperReview.reviewId";
         } else {
             $pq .= "\ngroup by Paper.paperId";
     if (get($options, "order") && $options["order"] != "order by Paper.paperId") {
         $pq .= "\n" . $options["order"];
     } else {
         $pq .= "\norder by Paper.paperId";
         if ($reviewerQuery || $scoresQuery) {
             $pq .= ", PaperReview.reviewOrdinal";
         if (isset($options["allComments"])) {
             $pq .= ", PaperComment.commentId";
     return $pq . "\n";
Пример #12
 private function _clauseTermSet(&$t, $sqi, &$f)
     $tt = $t->type;
     $thistab = null;
     // collect columns
     if ($tt === "ti") {
         $sqi->add_column("title", "Paper.title");
         $this->_clauseTermSetField($t, "title", $sqi, $f);
     } else {
         if ($tt === "ab") {
             $sqi->add_column("abstract", "Paper.abstract");
             $this->_clauseTermSetField($t, "abstract", $sqi, $f);
         } else {
             if ($tt === "au") {
                 $sqi->add_column("authorInformation", "Paper.authorInformation");
                 $this->_clauseTermSetField($t, "authorInformation", $sqi, $f);
             } else {
                 if ($tt === "co") {
                     $sqi->add_column("collaborators", "Paper.collaborators");
                     $this->_clauseTermSetField($t, "collaborators", $sqi, $f);
                 } else {
                     if ($tt === "au_cid") {
                         $this->_clauseTermSetTable($t, $t->value, null, "AuthorConflict", "PaperConflict", "contactId", " and " . $this->contact->actAuthorSql("%"), $sqi, $f);
                     } else {
                         if ($tt === "re") {
                             $f[] = $this->_clauseTermSetReviews($t, $sqi);
                         } else {
                             if ($tt === "revpref") {
                                 $f[] = $this->_clauseTermSetRevpref($t, $sqi);
                             } else {
                                 if ($tt === "conflict") {
                                     $this->_clauseTermSetTable($t, $t->value->contact_set(), $t->value->countexpr(), "Conflict", "PaperConflict", "contactId", "", $sqi, $f);
                                 } else {
                                     if ($tt === "cmt") {
                                         if ($t->value->has_contacts()) {
                                             $thistab = "Comments_" . count($sqi->tables);
                                         } else {
                                             $rtype = $t->flags & (self::F_ALLOWCOMMENT | self::F_ALLOWRESPONSE | self::F_AUTHORCOMMENT | self::F_ALLOWDRAFT | self::F_REQUIREDRAFT);
                                             $thistab = "Numcomments_" . $rtype;
                                             if (isset($t->commentRound)) {
                                                 $thistab .= "_" . $t->commentRound;
                                         $f[] = $this->_clauseTermSetComments($thistab, $t->value->contact_match_sql("contactId"), $t, $sqi);
                                     } else {
                                         if ($tt === "cmttag") {
                                             $thistab = "TaggedComments_" . count($sqi->tables);
                                             if ($t->value->tag === "any") {
                                                 $match = "is not null";
                                             } else {
                                                 $match = "like " . Dbl::utf8ci("'% " . sqlq($t->value->tag) . " %'");
                                             $f[] = $this->_clauseTermSetComments($thistab, "commentTags {$match}", $t, $sqi);
                                         } else {
                                             if ($tt === "pn") {
                                                 $q = array();
                                                 if (count($t->value[0])) {
                                                     $q[] = "Paper.paperId in (" . join(",", $t->value[0]) . ")";
                                                 if (count($t->value[1])) {
                                                     $q[] = "Paper.paperId not in (" . join(",", $t->value[1]) . ")";
                                                 if (!count($q)) {
                                                     $q[] = "false";
                                                 $f[] = "(" . join(" and ", $q) . ")";
                                             } else {
                                                 if ($tt === "pf") {
                                                     $q = array();
                                                     $this->_clauseTermSetFlags($t, $sqi, $q);
                                                     for ($i = 0; $i < count($t->value); $i += 2) {
                                                         if (is_array($t->value[$i + 1])) {
                                                             $q[] = "Paper." . $t->value[$i] . " in (" . join(",", $t->value[$i + 1]) . ")";
                                                         } else {
                                                             $q[] = "Paper." . $t->value[$i] . $t->value[$i + 1];
                                                     $f[] = "(" . join(" and ", $q) . ")";
                                                     for ($i = 0; $i < count($t->value); $i += 2) {
                                                         $sqi->add_column($t->value[$i], "Paper." . $t->value[$i]);
                                                 } else {
                                                     if ($tt === "tag") {
                                                         $extra = "";
                                                         for ($i = 1; $i < count($t->value); ++$i) {
                                                             $extra .= " and %.tagIndex" . $t->value[$i];
                                                         $this->_clauseTermSetTable($t, $t->value[0], null, "Tag", "PaperTag", "tag", $extra, $sqi, $f);
                                                     } else {
                                                         if ($tt === "topic") {
                                                             $this->_clauseTermSetTable($t, $t->value, null, "Topic", "PaperTopic", "topicId", "", $sqi, $f);
                                                         } else {
                                                             if ($tt === "option") {
                                                                 // expanded from _clauseTermSetTable
                                                                 $q = array();
                                                                 $optionNum = count($sqi->tables);
                                                                 $this->_clauseTermSetFlags($t, $sqi, $q);
                                                                 $thistab = "Option_" . $optionNum;
                                                                 $t->link = $thistab . "_x";
                                                                 if ($t->value->option->type == 'text') {
                                                                     $sqi->add_table($thistab, array("left join", "(select paperId, data d from PaperOption where optionId=" . $t->value->option->id . " group by paperId)"));
                                                                     $sqi->add_column($thistab . "_x", "LOWER(CONVERT(coalesce({$thistab}.d,0) USING utf8))" . $t->value->table_matcher());
                                                                     $q[] = $sqi->columns[$t->link];
                                                                 } else {
                                                                     $sqi->add_table($thistab, array("left join", "(select paperId, max(value) v from PaperOption where optionId=" . $t->value->option->id . " group by paperId)"));
                                                                     $sqi->add_column($thistab . "_x", "coalesce({$thistab}.v,0)" . $t->value->table_matcher());
                                                                     $q[] = $sqi->columns[$t->link];
                                                                 $f[] = "(" . join(" and ", $q) . ")";
                                                             } else {
                                                                 if ($tt === "formula") {
                                                                     $q = array("true");
                                                                     $this->_clauseTermSetFlags($t, $sqi, $q);
                                                                     $t->value->add_query_options($this->_query_options, $this->contact);
                                                                     if (!$t->link) {
                                                                         $t->link = $t->value->compile_function($this->contact);
                                                                     $f[] = "(" . join(" and ", $q) . ")";
                                                                 } else {
                                                                     if ($tt === "not") {
                                                                         $ff = array();
                                                                         $sqi->negated = !$sqi->negated;
                                                                         $this->_clauseTermSet($t->value[0], $sqi, $ff);
                                                                         $sqi->negated = !$sqi->negated;
                                                                         if (!count($ff)) {
                                                                             $ff[] = "true";
                                                                         $f[] = "not (" . join(" or ", $ff) . ")";
                                                                     } else {
                                                                         if ($tt === "and" || $tt === "and2") {
                                                                             $ff = array();
                                                                             foreach ($t->value as $subt) {
                                                                                 $this->_clauseTermSet($subt, $sqi, $ff);
                                                                             if (!count($ff)) {
                                                                                 $ff[] = "false";
                                                                             $f[] = "(" . join(" and ", $ff) . ")";
                                                                         } else {
                                                                             if ($tt === "or" || $tt === "then") {
                                                                                 $ff = array();
                                                                                 foreach ($t->value as $subt) {
                                                                                     $this->_clauseTermSet($subt, $sqi, $ff);
                                                                                 if (!count($ff)) {
                                                                                     $ff[] = "false";
                                                                                 $f[] = "(" . join(" or ", $ff) . ")";
                                                                             } else {
                                                                                 if ($tt === "f") {
                                                                                     $f[] = "false";
                                                                                 } else {
                                                                                     if ($tt === "t") {
                                                                                         $f[] = "true";
Пример #13
 function save_review($req, $rrow, $prow, $contact, &$tf = null)
     global $Conf, $Opt;
     $newsubmit = @$req["ready"] && !@$req["unready"] && (!$rrow || !$rrow->reviewSubmitted);
     $submit = $newsubmit || $rrow && $rrow->reviewSubmitted;
     $admin = $contact->allow_administer($prow);
     if (!$contact->timeReview($prow, $rrow) && (!isset($req['override']) || !$admin)) {
         return Conf::msg_error("The <a href='" . hoturl("deadlines") . "'>deadline</a> for entering this review has passed." . ($admin ? "  Select the “Override deadlines” checkbox and try again if you really want to override the deadline." : ""));
     $q = array();
     $diff_view_score = VIEWSCORE_FALSE;
     $wc = 0;
     foreach ($this->forder as $field => $f) {
         if (isset($req[$field]) && (!$f->round_mask || $f->is_round_visible($rrow))) {
             $fval = $req[$field];
             if ($f->has_options) {
                 if ($f->parse_is_empty($fval)) {
                     $fval = 0;
                 } else {
                     if (!($fval = $f->parse_value($fval, false))) {
             } else {
                 $fval = rtrim($fval);
                 if ($fval != "") {
                     $fval .= "\n";
                 // Check for valid UTF-8; re-encode from Windows-1252 or Mac OS
                 $fval = convert_to_utf8($fval);
                 if ($f->include_word_count()) {
                     $wc += count_words($fval);
             if ($rrow && strcmp($rrow->{$field}, $fval) != 0 && strcmp(cleannl($rrow->{$field}), cleannl($fval)) != 0) {
                 $diff_view_score = max($diff_view_score, $f->view_score);
             $q[] = "{$field}='" . sqlq($fval) . "'";
     // get the current time
     $now = time();
     if ($rrow && $rrow->reviewModified && $rrow->reviewModified > $now) {
         $now = $rrow->reviewModified + 1;
     // potentially assign review ordinal (requires table locking since
     // mySQL is stupid)
     $locked = false;
     if ($newsubmit) {
         $diff_view_score = max($diff_view_score, VIEWSCORE_AUTHOR);
         $q[] = "reviewSubmitted={$now}, reviewNeedsSubmit=0";
         if (!$rrow || !$rrow->reviewOrdinal) {
             $result = $Conf->qe("lock tables PaperReview write");
             if (!$result) {
                 return $result;
             $locked = true;
             $result = $Conf->qe("select coalesce(max(reviewOrdinal), 0) from PaperReview where paperId={$prow->paperId} group by paperId");
             if ($result) {
                 $crow = edb_row($result);
                 $q[] = "reviewOrdinal=coalesce(reviewOrdinal, " . ($crow[0] + 1) . ")";
             $q[] = "timeDisplayed={$now}";
     // check whether used a review token
     $usedReviewToken = $contact->review_token_cid($prow, $rrow);
     // blind? reviewer type? edit version?
     $reviewBlind = $Conf->is_review_blind(!!@$req["blind"]);
     if ($rrow && $reviewBlind != $rrow->reviewBlind) {
         $diff_view_score = max($diff_view_score, VIEWSCORE_ADMINONLY);
     $q[] = "reviewBlind=" . ($reviewBlind ? 1 : 0);
     if ($rrow && $rrow->reviewType == REVIEW_EXTERNAL && $contact->contactId == $rrow->contactId && $contact->isPC && !$usedReviewToken) {
         $q[] = "reviewType=" . REVIEW_PC;
     if ($rrow && $diff_view_score > VIEWSCORE_FALSE && isset($req["version"]) && ctype_digit($req["version"]) && $req["version"] > defval($rrow, "reviewEditVersion")) {
         $q[] = "reviewEditVersion=" . ($req["version"] + 0);
     if ($diff_view_score > VIEWSCORE_FALSE && $Conf->sversion >= 98) {
         $q[] = "reviewWordCount=" . $wc;
     if (isset($req["reviewFormat"]) && $Conf->sversion >= 104 && @$Opt["formatInfo"]) {
         $fmt = null;
         foreach ($Opt["formatInfo"] as $k => $f) {
             if (@$f["name"] && strcasecmp($f["name"], $req["reviewFormat"]) == 0) {
                 $fmt = (int) $k;
         if (!$fmt && $req["reviewFormat"] && preg_match('/\\A(?:plain\\s*)?(?:text)?\\z/i', $f["reviewFormat"])) {
             $fmt = 0;
         $q[] = "reviewFormat=" . ($fmt === null ? "null" : $fmt);
     // notification
     $notification_bound = $now - 10800;
     $notify = $notify_author = false;
     if (!$rrow || $diff_view_score > VIEWSCORE_FALSE) {
         $q[] = "reviewModified=" . $now;
         // do not notify on updates within 3 hours
         if ($submit && $diff_view_score > VIEWSCORE_ADMINONLY) {
             if (!$rrow || !$rrow->reviewNotified || $rrow->reviewNotified < $notification_bound) {
                 $q[] = $notify = "reviewNotified=" . $now;
             if ((!$rrow || !$rrow->reviewAuthorNotified || $rrow->reviewAuthorNotified < $notification_bound) && $diff_view_score >= VIEWSCORE_AUTHOR && Contact::can_some_author_view_submitted_review($prow)) {
                 $q[] = $notify_author = "reviewAuthorNotified=" . $now;
     // actually affect database
     if ($rrow) {
         $result = $Conf->qe("update PaperReview set " . join(", ", $q) . " where reviewId={$rrow->reviewId}");
         $reviewId = $rrow->reviewId;
         $contactId = $rrow->contactId;
     } else {
         $result = Dbl::qe_raw("insert into PaperReview set paperId={$prow->paperId}, contactId={$contact->contactId}, reviewType=" . REVIEW_PC . ", requestedBy={$contact->contactId}, reviewRound=" . $Conf->current_round() . ", " . join(", ", $q));
         $reviewId = $result ? $result->insert_id : null;
         $contactId = $contact->contactId;
     // unlock tables even if problem
     if ($locked) {
         $Conf->qe("unlock tables");
     if (!$result) {
         return $result;
     // update caches
     // look up review ID
     if (!$reviewId) {
         return $reviewId;
     $req['reviewId'] = $reviewId;
     // log updates -- but not if review token is used
     if (!$usedReviewToken && $diff_view_score > VIEWSCORE_FALSE) {
         $text = "Review {$reviewId} ";
         if ($rrow && $contact->contactId != $rrow->contactId) {
             $text .= "by {$rrow->email} ";
         $text .= $newsubmit ? "submitted" : ($submit ? "updated" : "saved draft");
         $contact->log_activity($text, $prow);
     // potentially email chair, reviewers, and authors
     if ($submit) {
         $rrow = $Conf->reviewRow(["reviewId" => $reviewId]);
     if ($submit && ($notify || $notify_author) && $rrow) {
         $tmpl = $newsubmit ? "@reviewsubmit" : "@reviewupdate";
         $submitter = $contact;
         if ($contactId != $submitter->contactId) {
             $submitter = Contact::find_by_id($contactId);
         // construct mail
         $this->mailer_info = array("template" => $tmpl, "rrow" => $rrow, "reviewer_contact" => $submitter, "reviewNumber" => $prow->paperId . unparseReviewOrdinal($rrow->reviewOrdinal), "check_function" => "HotCRPMailer::check_can_view_review", "diff_view_score" => $diff_view_score);
         $this->mailer_preps = array();
         if ($Conf->timeEmailChairAboutReview()) {
             HotCRPMailer::send_manager($tmpl, $prow, $this->mailer_info);
         $prow->notify(WATCHTYPE_REVIEW, array($this, "review_watch_callback"), $contact);
         if (count($this->mailer_preps)) {
         unset($this->mailer_info, $this->mailer_preps);
     // if external, forgive the requestor from finishing their review
     if ($rrow && $rrow->reviewType < REVIEW_SECONDARY && $rrow->requestedBy && $submit) {
         $Conf->q("update PaperReview set reviewNeedsSubmit=0 where paperId={$prow->paperId} and contactId={$rrow->requestedBy} and reviewType=" . REVIEW_SECONDARY . " and reviewSubmitted is null");
     if ($tf !== null) {
         $what = "#{$prow->paperId}" . ($rrow && $rrow->reviewSubmitted ? unparseReviewOrdinal($rrow->reviewOrdinal) : "");
         if ($newsubmit) {
             $tf["newlySubmitted"][] = $what;
         } else {
             if ($diff_view_score > VIEWSCORE_FALSE && $submit) {
                 $tf["updated"][] = $what;
             } else {
                 if ($diff_view_score > VIEWSCORE_FALSE) {
                     $tf["savedDraft"][] = $what;
                 } else {
                     $tf["unchanged"][] = $what;
         if ($notify_author) {
             $tf["authorNotified"][] = $what;
     return $result;
Пример #14
 public function save($sv, $si)
     global $Conf;
     if ($si->name == "tag_vote" && $sv->has_savedv("tag_vote")) {
         // check allotments
         $pcm = pcMembers();
         foreach (preg_split('/\\s+/', $sv->savedv("tag_vote")) as $t) {
             if ($t === "") {
             $base = substr($t, 0, strpos($t, "#"));
             $allotment = substr($t, strlen($base) + 1);
             $result = Dbl::q("select paperId, tag, tagIndex from PaperTag where tag like '%~" . sqlq_for_like($base) . "'");
             $pvals = array();
             $cvals = array();
             $negative = false;
             while ($row = edb_row($result)) {
                 $who = substr($row[1], 0, strpos($row[1], "~"));
                 if ($row[2] < 0) {
                     $sv->set_error(null, "Removed " . Text::user_html($pcm[$who]) . "’s negative “{$base}” vote for paper #{$row['0']}.");
                     $negative = true;
                 } else {
                     $pvals[$row[0]] = defval($pvals, $row[0], 0) + $row[2];
                     $cvals[$who] = defval($cvals, $who, 0) + $row[2];
             foreach ($cvals as $who => $what) {
                 if ($what > $allotment) {
                     $sv->set_error("tag_vote", Text::user_html($pcm[$who]) . " already has more than {$allotment} votes for tag “{$base}”.");
             $q = $negative ? " or (tag like '%~" . sqlq_for_like($base) . "' and tagIndex<0)" : "";
             $Conf->qe("delete from PaperTag where tag='" . sqlq($base) . "'{$q}");
             $q = array();
             foreach ($pvals as $pid => $what) {
                 $q[] = "({$pid}, '" . sqlq($base) . "', {$what})";
             if (count($q) > 0) {
                 $Conf->qe("insert into PaperTag values " . join(", ", $q));
     if ($si->name == "tag_approval" && $sv->has_savedv("tag_approval")) {
         $pcm = pcMembers();
         foreach (preg_split('/\\s+/', $sv->savedv("tag_approval")) as $t) {
             if ($t === "") {
             $result = $Conf->q("select paperId, tag, tagIndex from PaperTag where tag like '%~" . sqlq_for_like($t) . "'");
             $pvals = array();
             $negative = false;
             while ($row = edb_row($result)) {
                 $who = substr($row[1], 0, strpos($row[1], "~"));
                 if ($row[2] < 0) {
                     $sv->set_error(null, "Removed " . Text::user_html($pcm[$who]) . "’s negative “{$t}” approval vote for paper #{$row['0']}.");
                     $negative = true;
                 } else {
                     $pvals[$row[0]] = defval($pvals, $row[0], 0) + 1;
             $q = $negative ? " or (tag like '%~" . sqlq_for_like($t) . "' and tagIndex<0)" : "";
             $Conf->qe("delete from PaperTag where tag='" . sqlq($t) . "'{$q}");
             $q = array();
             foreach ($pvals as $pid => $what) {
                 $q[] = "({$pid}, '" . sqlq($t) . "', {$what})";
             if (count($q) > 0) {
                 $Conf->qe("insert into PaperTag values " . join(", ", $q));
function crpmerge_database($old_user, $new_user)
    global $Conf, $MergeError;
    // Now, scan through all the tables that possibly
    // specify a contactID and change it from their 2nd
    // contactID to their first contactId
    $oldid = $old_user->contactId;
    $newid = $new_user->contactId;
    $Conf->q("lock tables Paper write, ContactInfo write, PaperConflict write, ActionLog write, TopicInterest write, PaperComment write, PaperReview write, PaperReview as B write, PaperReviewPreference write, PaperReviewRefused write, ReviewRequest write, PaperWatch write, ReviewRating write");
    crpmergeone("Paper", "leadContactId", $oldid, $newid);
    crpmergeone("Paper", "shepherdContactId", $oldid, $newid);
    crpmergeone("Paper", "managerContactId", $oldid, $newid);
    // paper authorship
    $result = $Conf->qe("select paperId, authorInformation from Paper where authorInformation like " . Dbl::utf8ci("'%\t" . sqlq_for_like($old_user->email) . "\t%'"));
    $qs = array();
    while ($row = PaperInfo::fetch($result, null)) {
        foreach ($row->author_list() as $au) {
            if (strcasecmp($au->email, $old_user->email) == 0) {
                $au->email = $new_user->email;
        $qs[] = "update Paper set authorInformation='" . sqlq($row->parse_author_list()) . "' where paperId={$row->paperId}";
    foreach ($qs as $q) {
    // ensure uniqueness in PaperConflict
    $result = $Conf->qe("select paperId, conflictType from PaperConflict where contactId={$oldid}");
    $values = "";
    while ($row = edb_row($result)) {
        $values .= ", ({$row['0']}, {$newid}, {$row['1']})";
    if ($values) {
        $Conf->qe("insert into PaperConflict (paperId, contactId, conflictType) values " . substr($values, 2) . " on duplicate key update conflictType=greatest(conflictType, values(conflictType))");
    $Conf->qe("delete from PaperConflict where contactId={$oldid}");
    if (($old_user->roles | $new_user->roles) != $new_user->roles) {
        $new_user->roles |= $old_user->roles;
        $Conf->qe("update ContactInfo set roles={$new_user->roles} where contactId={$newid}");
    crpmergeone("ActionLog", "contactId", $oldid, $newid);
    crpmergeoneignore("TopicInterest", "contactId", $oldid, $newid);
    crpmergeone("PaperComment", "contactId", $oldid, $newid);
    // archive duplicate reviews
    crpmergeoneignore("PaperReview", "contactId", $oldid, $newid);
    crpmergeone("PaperReview", "requestedBy", $oldid, $newid);
    crpmergeoneignore("PaperReviewPreference", "contactId", $oldid, $newid);
    crpmergeone("PaperReviewRefused", "contactId", $oldid, $newid);
    crpmergeone("PaperReviewRefused", "requestedBy", $oldid, $newid);
    crpmergeone("ReviewRequest", "requestedBy", $oldid, $newid);
    crpmergeoneignore("PaperWatch", "contactId", $oldid, $newid);
    crpmergeoneignore("ReviewRating", "contactId", $oldid, $newid);
    // Remove the old contact record
    if ($MergeError == "") {
        if (!$Conf->q("delete from ContactInfo where contactId={$oldid}")) {
            $MergeError .= $Conf->db_error_html(true);
    $Conf->qe("unlock tables");
    // Update PC settings if we need to
    if ($old_user->isPC) {
        $Conf->invalidateCaches(array("pc" => 1));
Пример #16
 private function run()
     global $Conf, $Opt, $Me, $Error, $subjectPrefix, $mailer_options;
     $subject = trim(defval($_REQUEST, "subject", ""));
     if (substr($subject, 0, strlen($subjectPrefix)) != $subjectPrefix) {
         $subject = $subjectPrefix . $subject;
     $emailBody = $_REQUEST["emailBody"];
     $template = array("subject" => $subject, "body" => $emailBody);
     $rest = array("cc" => $_REQUEST["cc"], "reply-to" => $_REQUEST["replyto"], "no_error_quit" => true);
     $rest = array_merge($rest, $mailer_options);
     // test whether this mail is paper-sensitive
     $mailer = new HotCRPMailer($Me, null, $rest);
     $prep = $mailer->make_preparation($template, $rest);
     $paper_sensitive = preg_match('/%[A-Z0-9]+[(%]/', $prep->subject . $prep->body);
     $q = $this->recip->query($paper_sensitive);
     if (!$q) {
         return Conf::msg_error("Bad recipients value");
     $result = $Conf->qe($q);
     if (!$result) {
     $recipients = defval($_REQUEST, "recipients", "");
     if ($this->sending) {
         $q = "recipients='" . sqlq($recipients) . "', cc='" . sqlq($_REQUEST["cc"]) . "', replyto='" . sqlq($_REQUEST["replyto"]) . "', subject='" . sqlq($_REQUEST["subject"]) . "', emailBody='" . sqlq($_REQUEST["emailBody"]) . "'";
         if ($Conf->sversion >= 79) {
             $q .= ", q='" . sqlq($_REQUEST["q"]) . "', t='" . sqlq($_REQUEST["t"]) . "'";
         if ($log_result = Dbl::query_raw("insert into MailLog set {$q}")) {
             $this->mailid_text = " #" . $log_result->insert_id;
         $Me->log_activity("Sending mail{$this->mailid_text} \"{$subject}\"");
     } else {
         $rest["no_send"] = true;
     $mailer = new HotCRPMailer();
     $mailer->combination_type = $this->recip->combination_type($paper_sensitive);
     $fake_prep = new HotCRPMailPreparation();
     $fake_prep->fake = true;
     $last_prep = $fake_prep;
     $nrows_done = 0;
     $nrows_left = edb_nrows($result);
     $nwarnings = 0;
     $preperrors = array();
     $revinform = $recipients == "newpcrev" ? array() : null;
     while ($row = PaperInfo::fetch($result, $Me)) {
         $contact = new Contact($row);
         $rest["newrev_since"] = $this->recip->newrev_since;
         $mailer->reset($contact, $row, $rest);
         $prep = $mailer->make_preparation($template, $rest);
         if ($prep->errors) {
             foreach ($prep->errors as $lcfield => $hline) {
                 $reqfield = $lcfield == "reply-to" ? "replyto" : $lcfield;
                 $Error[$reqfield] = true;
                 $emsg = Mailer::$email_fields[$lcfield] . " destination isn’t a valid email list: <blockquote><tt>" . htmlspecialchars($hline) . "</tt></blockquote> Make sure email address are separated by commas; put names in \"quotes\" and email addresses in &lt;angle brackets&gt;.";
                 if (!isset($preperrors[$emsg])) {
                 $preperrors[$emsg] = true;
         } else {
             if ($this->process_prep($prep, $last_prep, $row)) {
                 if ((!$Me->privChair || @$Opt["chairHidePasswords"]) && !@$last_prep->sensitive) {
                     $srest = array_merge($rest, array("sensitivity" => "display"));
                     $mailer->reset($contact, $row, $srest);
                     $last_prep->sensitive = $mailer->make_preparation($template, $srest);
         if ($nwarnings != $mailer->nwarnings() || $nrows_done % 5 == 0) {
             $this->echo_mailinfo($nrows_done, $nrows_left);
         if ($nwarnings != $mailer->nwarnings()) {
             $nwarnings = $mailer->nwarnings();
             echo "<div id='foldmailwarn{$nwarnings}' class='hidden'><div class='warning'>", join("<br />", $mailer->warnings()), "</div></div>";
             $Conf->echoScript("\$\$('mailwarnings').innerHTML = \$\$('foldmailwarn{$nwarnings}').innerHTML;");
         if ($this->sending && $revinform !== null) {
             $revinform[] = "(paperId={$row->paperId} and contactId={$row->contactId})";
     $this->process_prep($fake_prep, $last_prep, (object) array("paperId" => -1));
     $this->echo_mailinfo($nrows_done, $nrows_left);
     if (!$this->started && !count($preperrors)) {
         return Conf::msg_error("No users match “" . $this->recip->unparse() . "” for that search.");
     } else {
         if (!$this->started) {
             return false;
         } else {
             if (!$this->sending) {
     if ($revinform) {
         $Conf->qe("update PaperReview set timeRequestNotified=" . time() . " where " . join(" or ", $revinform));
     echo "</div></form>";
     $Conf->echoScript("fold('mail', null);");
Пример #17
        $numreviews = Dbl::fetch_ivalue("select count(*) from PaperReview where paperId={$prow->paperId} and reviewNeedsSubmit!=0");
        // email contact authors themselves
        if (!$Me->privChair || defval($_REQUEST, "doemail") > 0) {
            HotCRPMailer::send_contacts($prow->conflictType >= CONFLICT_AUTHOR ? "@authorwithdraw" : "@adminwithdraw", $prow, array("reason" => $reason, "infoNames" => 1));
        // email reviewers
        if ($numreviews > 0 && $Conf->time_review_open() || $prow->num_reviews_assigned() > 0) {
            HotCRPMailer::send_reviewers("@withdrawreviewer", $prow, array("reason" => $reason));
        // remove voting tags so people don't have phantom votes
        if (TagInfo::has_vote()) {
            $q = array();
            foreach (TagInfo::vote_tags() as $t => $v) {
                $q[] = "tag='" . sqlq($t) . "' or tag like '%~" . sqlq_for_like($t) . "'";
            Dbl::qe_raw("delete from PaperTag where paperId={$prow->paperId} and (" . join(" or ", $q) . ")");
        $Me->log_activity("Withdrew", $prow->paperId);
    } else {
        Conf::msg_error(whyNotText($whyNot, "withdraw"));
if (isset($_REQUEST["revive"]) && !$newPaper && check_post()) {
    if (!($whyNot = $Me->perm_revive_paper($prow))) {
        Dbl::qe("update Paper set timeWithdrawn=0, timeSubmitted=if(timeSubmitted=-100,{$Now},0), withdrawReason=null where paperId={$prow->paperId}");
        $Me->log_activity("Revived", $prow->paperId);
Пример #18
function createAnonymousReview()
    global $Conf, $Me, $Now, $prow, $rrows;
    Dbl::qe_raw("lock tables PaperReview write, PaperReviewRefused write, ContactInfo write, PaperConflict read, ActionLog write");
    // find an unassigned anonymous review contact
    $contactemail = unassignedAnonymousContact();
    $result = Dbl::qe_raw("select contactId from ContactInfo where email='" . sqlq($contactemail) . "'");
    if (edb_nrows($result) == 1) {
        $row = edb_row($result);
        $reqId = $row[0];
    } else {
        $result = Dbl::qe("insert into ContactInfo set firstName='Jane Q.', lastName='Public', unaccentedName='Jane Q. Public', email=?, affiliation='Unaffiliated', password='', disabled=1, creationTime={$Now}", $contactemail);
        if (!$result) {
            return $result;
        $reqId = $result->insert_id;
    // store the review request
    $reviewId = $Me->assign_review($prow->paperId, $reqId, REVIEW_EXTERNAL, array("mark_notify" => true, "token" => true));
    if ($reviewId) {
        $result = Dbl::ql("select reviewToken from PaperReview where reviewId={$reviewId}");
        $row = edb_row($result);
        $Conf->confirmMsg("Created a new anonymous review for paper #{$prow->paperId}. The review token is " . encode_token((int) $row[0]) . ".");
    Dbl::qx_raw("unlock tables");
    return true;
Пример #19
 public function check_capability($capabilityText)
     if ($capabilityText[0] != "1") {
         return false;
     $value = base64_decode(str_replace(array("-", "_"), array("+", "/"), substr($capabilityText, 1)));
     if (strlen($value) >= 16 && ($result = $this->q("select * from CapabilityMap where capabilityValue='" . sqlq($value) . "'")) && ($row = edb_orow($result)) && ($row->timeExpires == 0 || $row->timeExpires >= time())) {
         $result = $this->q("select * from Capability where capabilityId=" . $row->capabilityId);
         if ($row = edb_orow($result)) {
             $row->capabilityValue = $value;
             return $row;
     return false;