private static function set_paper_pc_api($user, $qreq, $prow, $type)
     // canonicalize $value
     $value = $qreq->{$type};
     $pc = null;
     if ($value === "0" || $value === 0 || $value === "none") {
         $pc = 0;
     } else {
         if (is_string($value)) {
             $pc = pcByEmail($value);
     if (!$pc && $pc !== 0) {
         json_exit(["ok" => false, "error" => "No such PC member “" . htmlspecialchars($value) . "”."]);
     if ($type == "manager" ? $user->privChair : $user->can_administer($prow)) {
         if (!$pc || $pc->isPC && $pc->can_accept_review_assignment($prow)) {
             $user->assign_paper_pc($prow, $type, $pc);
             $j = ["ok" => true, "result" => $pc ? $user->name_html_for($pc) : "None"];
             if ($user->can_view_reviewer_tags($prow)) {
                 $j["color_classes"] = $pc ? $pc->viewable_color_classes($user) : "";
         } else {
             json_exit(["ok" => false, "error" => Text::user_html($pc) . " can’t be the {$type} for paper #{$prow->paperId}."]);
     } else {
         json_exit(["ok" => false, "error" => "You don’t have permission to set the {$type} for paper #{$prow->paperId}."]);
function output($User)
    global $Me;
    $u = $Me->user_linkpart($User);
    echo '<div class="facebook61">', '<a href="', hoturl("index", ["u" => $u]), '">', '<img class="bigface61" src="' . hoturl("face", ["u" => $u, "imageid" => $User->contactImageId ?: 0]) . '" border="0" />', '</a>', '<h2 class="infacebook61"><a class="q" href="', hoturl("index", ["u" => $u]), '">', htmlspecialchars($u), '</a>';
    if ($Me->privChair) {
        echo "&nbsp;", become_user_link($User);
    echo '</h2>';
    if ($User !== $Me) {
        echo '<h3 class="infacebook61">', Text::user_html($User), '</h3>';
    echo '</div>';
    } else {
        if (@$_POST["pctype"] === "pc") {
            $roles |= Contact::ROLE_PC;
    if (@$_POST["sysadmin"]) {
        $roles |= Contact::ROLE_ADMIN;
    $ck[] = "roles={$roles}";
    Dbl::qe_apply("update ContactInfo set " . join($ck, ",") . " where contactId=" . $User->contactId, $cv);
$Conf->header("Profile", "profile");
$xsep = " <span class='barsep'>&nbsp;|&nbsp;</span> ";
echo "<div id='homeinfo'>";
echo "<h2 class='homeemail'>", Text::user_html($User), "</h2>";
if ($User->seascode_username || $User->huid) {
    echo '<h3><a href="', hoturl("index", array("u" => $Me->user_linkpart($User))), '">', htmlspecialchars($User->seascode_username ?: $User->huid), '</a>';
    if ($Me->privChair) {
        echo "&nbsp;", become_user_link($User);
    echo "</h3>";
if ($User->dropped) {
    ContactView::echo_group("", '<strong class="err">You have dropped the course.</strong> If this is incorrect, contact us.');
echo Ht::form(hoturl_post("profile", array("u" => $User->email))), "<div>";
if ($User->disabled || $User->password == "") {
    echo Ht::submit("enable", "Enable user", array("value" => 1));
} else {
    echo Ht::submit("disable", "Disable user", array("value" => 1));
 private static function create_account($user, $cdb_user)
     global $Conf, $email_class;
     // check for errors
     if ($user && $user->has_database_account() && $user->activity_at > 0) {
         $email_class = " error";
         return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . ". To retrieve your password, select “I forgot my password.”");
     } else {
         if ($cdb_user && $cdb_user->allow_contactdb_password() && $cdb_user->activity_at > 0) {
             $desc = opt("contactdb_description") ?: "HotCRP";
             $email_class = " error";
             return Conf::msg_error("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . " on {$desc}. Sign in using your {$desc} password or select “I forgot my password.”");
         } else {
             if (!validate_email($_REQUEST["email"])) {
                 $email_class = " error";
                 return Conf::msg_error("“" . htmlspecialchars($_REQUEST["email"]) . "” is not a valid email address.");
     // create database account
     if (!$user || !$user->has_database_account()) {
         if (!($user = Contact::create($Conf, Contact::safe_registration($_REQUEST)))) {
             return Conf::msg_error($Conf->db_error_html(true, "while adding your account"));
     $user->sendAccountInfo("create", true);
     $msg = "Successfully created an account for " . htmlspecialchars($_REQUEST["email"]) . ".";
     // handle setup phase
     if ($Conf->setting("setupPhase", false)) {
         return self::first_user($user, $msg);
     if (Mailer::allow_send($user->email)) {
         $msg .= " A password has been emailed to you.  Return here when you receive it to complete the registration process.  If you don’t receive the email, check your spam folders and verify that you entered the correct address.";
     } else {
         if (opt("sendEmail")) {
             $msg .= " The email address you provided seems invalid.";
         } else {
             $msg .= " The conference system is not set up to mail passwords at this time.";
         $msg .= " Although an account was created for you, you need help to retrieve your password. Contact " . Text::user_html($Conf->site_contact()) . ".";
     if (isset($_REQUEST["password"]) && trim($_REQUEST["password"]) != "") {
         $msg .= " Note that the password you supplied on the login screen was ignored.";
     return null;
function requestReview($email)
    global $Conf, $Me, $Error, $prow;
    $Them = Contact::create(array("name" => @$_REQUEST["name"], "email" => $email));
    if (!$Them) {
        if (trim($email) === "" || !validate_email($email)) {
            Conf::msg_error("“" . htmlspecialchars(trim($email)) . "” is not a valid email address.");
            $Error["email"] = true;
        } else {
            Conf::msg_error("Error while finding account for “" . htmlspecialchars(trim($email)) . ".”");
        return false;
    $reason = trim(defval($_REQUEST, "reason", ""));
    $round = $Conf->current_round();
    if (isset($_REQUEST["round"]) && $_REQUEST["round"] != "" && ($rname = $Conf->sanitize_round_name($_REQUEST["round"])) !== false) {
        $round = $Conf->round_number($rname, false);
    // look up the requester
    $Requester = $Me;
    if ($Conf->setting("extrev_chairreq")) {
        $result = Dbl::qe("select firstName, lastName,, u.contactId from ReviewRequest rr join ContactInfo u on (u.contactId=rr.requestedBy) where paperId={$prow->paperId} and", $Them->email);
        if ($result && ($recorded_requester = Contact::fetch($result))) {
            $Requester = $recorded_requester;
    Dbl::qe_raw("lock tables PaperReview write, PaperReviewRefused write, ReviewRequest write, ContactInfo read, PaperConflict read, ActionLog write");
    // NB caller unlocks tables on error
    // check for outstanding review request
    if (!($result = requestReviewChecks(Text::user_html($Them), $Them->contactId))) {
        return $result;
    // at this point, we think we've succeeded.
    // store the review request
    $Me->assign_review($prow->paperId, $Them->contactId, REVIEW_EXTERNAL, ["mark_notify" => true, "requester_contact" => $Requester, "requested_email" => $Them->email, "round_number" => $round]);
    Dbl::qx_raw("unlock tables");
    // send confirmation email
    HotCRPMailer::send_to($Them, "@requestreview", $prow, array("requester_contact" => $Requester, "other_contact" => $Requester, "reason" => $reason));
    $Conf->confirmMsg("Created a request to review paper #{$prow->paperId}.");
    return true;
    Ht::stash_script("crpfocus(\"login\", null, 2)");
// Top: user info
if (!$Me->is_empty() && (!$Me->isPC || $User !== $Me)) {
    echo "<div id='homeinfo'>";
    $u = $Me->user_linkpart($User);
    if ($User !== $Me && !$User->is_anonymous && $User->contactImageId) {
        echo '<img class="bigface61" src="' . hoturl("face", array("u" => $Me->user_linkpart($User), "imageid" => $User->contactImageId)) . '" />';
    echo '<h2 class="homeemail"><a class="q" href="', hoturl("index", array("u" => $u)), '">', htmlspecialchars($u), '</a>';
    if ($Me->privChair) {
        echo "&nbsp;", become_user_link($User);
    echo '</h2>';
    if (!$User->is_anonymous && $User !== $Me) {
        echo '<h3>', Text::user_html($User), '</h3>';
    if (!$User->is_anonymous) {
    if ($User->dropped) {
        ContactView::echo_group("", '<strong class="err">You have dropped the course.</strong> If this is incorrect, contact us.');
    echo '<hr class="c" />', "</div>\n";
// Per-pset
function render_grades($pset, $gi, $s)
    global $Me;
    $total = $nintotal = $max = 0;
    $lastintotal = null;
 public function save($sv, $si)
     global $Conf;
     if ($si->name == "tag_vote" && $sv->has_savedv("tag_vote")) {
         // check allotments
         $pcm = pcMembers();
         foreach (preg_split('/\\s+/', $sv->savedv("tag_vote")) as $t) {
             if ($t === "") {
             $base = substr($t, 0, strpos($t, "#"));
             $allotment = substr($t, strlen($base) + 1);
             $result = Dbl::q("select paperId, tag, tagIndex from PaperTag where tag like '%~" . sqlq_for_like($base) . "'");
             $pvals = array();
             $cvals = array();
             $negative = false;
             while ($row = edb_row($result)) {
                 $who = substr($row[1], 0, strpos($row[1], "~"));
                 if ($row[2] < 0) {
                     $sv->set_error(null, "Removed " . Text::user_html($pcm[$who]) . "’s negative “{$base}” vote for paper #{$row['0']}.");
                     $negative = true;
                 } else {
                     $pvals[$row[0]] = defval($pvals, $row[0], 0) + $row[2];
                     $cvals[$who] = defval($cvals, $who, 0) + $row[2];
             foreach ($cvals as $who => $what) {
                 if ($what > $allotment) {
                     $sv->set_error("tag_vote", Text::user_html($pcm[$who]) . " already has more than {$allotment} votes for tag “{$base}”.");
             $q = $negative ? " or (tag like '%~" . sqlq_for_like($base) . "' and tagIndex<0)" : "";
             $Conf->qe("delete from PaperTag where tag='" . sqlq($base) . "'{$q}");
             $q = array();
             foreach ($pvals as $pid => $what) {
                 $q[] = "({$pid}, '" . sqlq($base) . "', {$what})";
             if (count($q) > 0) {
                 $Conf->qe("insert into PaperTag values " . join(", ", $q));
     if ($si->name == "tag_approval" && $sv->has_savedv("tag_approval")) {
         $pcm = pcMembers();
         foreach (preg_split('/\\s+/', $sv->savedv("tag_approval")) as $t) {
             if ($t === "") {
             $result = $Conf->q("select paperId, tag, tagIndex from PaperTag where tag like '%~" . sqlq_for_like($t) . "'");
             $pvals = array();
             $negative = false;
             while ($row = edb_row($result)) {
                 $who = substr($row[1], 0, strpos($row[1], "~"));
                 if ($row[2] < 0) {
                     $sv->set_error(null, "Removed " . Text::user_html($pcm[$who]) . "’s negative “{$t}” approval vote for paper #{$row['0']}.");
                     $negative = true;
                 } else {
                     $pvals[$row[0]] = defval($pvals, $row[0], 0) + 1;
             $q = $negative ? " or (tag like '%~" . sqlq_for_like($t) . "' and tagIndex<0)" : "";
             $Conf->qe("delete from PaperTag where tag='" . sqlq($t) . "'{$q}");
             $q = array();
             foreach ($pvals as $pid => $what) {
                 $q[] = "({$pid}, '" . sqlq($t) . "', {$what})";
             if (count($q) > 0) {
                 $Conf->qe("insert into PaperTag values " . join(", ", $q));
 public function content($pl, $row, $rowidx)
     global $Conf;
     $t = Text::user_html($row->reviewFirstName, $row->reviewLastName, $row->reviewEmail) . "<br /><small>Last login: "******"Never") . "</small>";
 function save_paper_json($pj)
     global $Conf, $Now;
     $paperid = null;
     if (isset($pj->pid) && is_int($pj->pid) && $pj->pid > 0) {
         $paperid = $pj->pid;
     } else {
         if (!isset($pj->pid) && isset($pj->id) && is_int($pj->id) && $pj->id > 0) {
             $paperid = $pj->id;
         } else {
             if (isset($pj->pid) || isset($pj->id)) {
                 $key = isset($pj->pid) ? "pid" : "id";
                 $this->set_error_html($key, "Format error [{$key}]");
                 return false;
     if (get($pj, "error") || get($pj, "error_html")) {
         $this->set_error_html("error", "Refusing to save paper with error");
         return false;
     $this->prow = $old_pj = null;
     $this->paperid = $paperid ?: -1;
     if ($paperid) {
         $this->prow = $Conf->paperRow(["paperId" => $paperid, "topics" => true, "options" => true], $this->contact);
     if ($this->prow) {
         $old_pj = $this->paper_json($this->prow, ["forceShow" => true]);
     if ($pj && $old_pj && $paperid != $old_pj->pid) {
         $this->set_error_html("pid", "Saving paper with different ID");
         return false;
     $this->normalize($pj, $old_pj);
     if ($old_pj) {
         $this->normalize($old_pj, null);
     if ($this->nerrors) {
         return false;
     $this->check_invariants($pj, $old_pj);
     // store documents (options already stored)
     if (isset($pj->submission) && $pj->submission) {
         $this->upload_document($pj->submission, PaperOption::find_document(DTYPE_SUBMISSION));
     if (isset($pj->final) && $pj->final) {
         $this->upload_document($pj->final, PaperOption::find_document(DTYPE_FINAL));
     // create contacts
     foreach (self::contacts_array($pj) as $c) {
         $c->only_if_contactdb = !get($c, "contact");
         $c->disabled = !!$this->disable_users;
         if (!Contact::create($c, !$this->no_email) && get($c, "contact")) {
             $this->set_error_html("contacts", "Could not create an account for contact " . Text::user_html($c) . ".");
     // catch errors
     if ($this->nerrors) {
         return false;
     // update Paper table
     $q = array();
     foreach (array("title", "abstract", "collaborators") as $k) {
         $v = convert_to_utf8((string) get($pj, $k));
         if (!$old_pj || get($pj, $k) !== null && $v !== (string) get($old_pj, $k)) {
             $q[] = "{$k}='" . sqlq($v) . "'";
     if (!$old_pj || get($pj, "authors") !== null) {
         $autext = convert_to_utf8(self::author_information($pj));
         $old_autext = self::author_information($old_pj);
         if ($autext !== $old_autext || !$old_pj) {
             $q[] = "authorInformation='" . sqlq($autext) . "'";
     if ($Conf->submission_blindness() == Conf::BLIND_OPTIONAL && (!$old_pj || get($pj, "nonblind") !== null && !$pj->nonblind != !$old_pj->nonblind)) {
         $q[] = "blind=" . (get($pj, "nonblind") ? 0 : 1);
     if (!$old_pj || get($pj, "submission") !== null) {
         $new_id = get($pj, "submission") ? $pj->submission->docid : 1;
         $old_id = $old_pj && get($old_pj, "submission") ? $old_pj->submission->docid : 1;
         if (!$old_pj || $new_id != $old_id) {
             $q[] = "paperStorageId={$new_id}";
     if (!$old_pj || get($pj, "final") !== null) {
         $new_id = get($pj, "final") ? $pj->final->docid : 0;
         $old_id = $old_pj && get($old_pj, "final") ? $old_pj->final->docid : 0;
         if (!$old_pj || $new_id != $old_id) {
             $q[] = "finalPaperStorageId={$new_id}";
     if (get($pj, "withdrawn") !== null || get($pj, "submitted") !== null || get($pj, "draft") !== null) {
         if (get($pj, "submitted") !== null) {
             $submitted = $pj->submitted;
         } else {
             if (get($pj, "draft") !== null) {
                 $submitted = !$pj->draft;
             } else {
                 if ($old_pj) {
                     $submitted = get($old_pj, "submitted_at") > 0;
                 } else {
                     $submitted = false;
         if (get($pj, "withdrawn")) {
             if (!$old_pj || !get($old_pj, "withdrawn")) {
                 $q[] = "timeWithdrawn=" . (get($pj, "withdrawn_at") ?: $Now);
                 $q[] = "timeSubmitted=" . ($submitted ? -100 : 0);
             } else {
                 if (get($old_pj, "submitted_at") > 0 !== $submitted) {
                     $q[] = "timeSubmitted=" . ($submitted ? -100 : 0);
         } else {
             if ($submitted) {
                 if (!$old_pj || !get($old_pj, "submitted")) {
                     $q[] = "timeSubmitted=" . (get($pj, "submitted_at") ?: $Now);
                 if ($old_pj && get($old_pj, "withdrawn")) {
                     $q[] = "timeWithdrawn=0";
             } else {
                 if ($old_pj && (get($old_pj, "withdrawn") || get($old_pj, "submitted"))) {
                     $q[] = "timeSubmitted=0";
                     $q[] = "timeWithdrawn=0";
     if (get($pj, "final_submitted") !== null) {
         if ($pj->final_submitted) {
             $time = get($pj, "final_submitted_at") ?: $Now;
         } else {
             $time = 0;
         if (!$old_pj || get($old_pj, "final_submitted_at") != $time) {
             $q[] = "timeFinalSubmitted={$time}";
     if (!empty($q)) {
         if ($Conf->submission_blindness() == Conf::BLIND_NEVER) {
             $q[] = "blind=0";
         } else {
             if ($Conf->submission_blindness() != Conf::BLIND_OPTIONAL) {
                 $q[] = "blind=1";
         $joindoc = $old_joindoc = null;
         if (get($pj, "final")) {
             $joindoc = $pj->final;
             $old_joindoc = $old_pj ? get($old_pj, "final") : null;
         } else {
             if (get($pj, "submission")) {
                 $joindoc = $pj->submission;
                 $old_joindoc = $old_pj ? get($old_pj, "submission") : null;
         if ($joindoc && (!$old_joindoc || $old_joindoc->docid != $joindoc->docid) && get($joindoc, "size") && get($joindoc, "timestamp")) {
             $q[] = "size=" . $joindoc->size;
             $q[] = "mimetype='" . sqlq($joindoc->mimetype) . "'";
             $q[] = "sha1='" . sqlq($joindoc->sha1) . "'";
             $q[] = "timestamp=" . $joindoc->timestamp;
         } else {
             if (!$joindoc) {
                 $q[] = "size=0,mimetype='',sha1='',timestamp=0";
         if ($paperid) {
             $result = Dbl::qe_raw("update Paper set " . join(",", $q) . " where paperId={$paperid}");
             if ($result && $result->affected_rows === 0 && edb_nrows(Dbl::qe_raw("select paperId from Paper where paperId={$paperid}")) === 0) {
                 $result = Dbl::qe_raw("insert into Paper set paperId={$paperid}, " . join(",", $q));
         } else {
             $result = Dbl::qe_raw("insert into Paper set " . join(",", $q));
             if (!$result || !($paperid = $pj->pid = $result->insert_id)) {
                 return $this->set_error_html(false, "Could not create paper.");
             if (!empty($this->uploaded_documents)) {
                 Dbl::qe_raw("update PaperStorage set paperId={$paperid} where paperStorageId in (" . join(",", $this->uploaded_documents) . ")");
         // maybe update `papersub` settings
         $is_submitted = !get($pj, "withdrawn") && get($pj, "submitted");
         $was_submitted = $old_pj && !get($old_pj, "withdrawn") && get($old_pj, "submitted");
         if ($is_submitted != $was_submitted) {
     // update PaperTopics
     if (get($pj, "topics")) {
         $topics = self::topics_sql($pj, $paperid);
         $old_topics = self::topics_sql($old_pj, $paperid);
         if ($topics !== $old_topics) {
             $result = Dbl::qe_raw("delete from PaperTopic where paperId={$paperid}");
             if ($topics) {
                 $result = Dbl::qe_raw("insert into PaperTopic (topicId,paperId) values {$topics}");
     // update PaperOption
     if (get($pj, "options")) {
         $options = convert_to_utf8(self::options_sql($pj, $paperid));
         $old_options = self::options_sql($old_pj, $paperid);
         if ($options !== $old_options) {
             $result = Dbl::qe("delete from PaperOption where paperId={$paperid} and optionId?a", array_keys($pj->parsed_options));
             if ($options) {
                 $result = Dbl::qe_raw("insert into PaperOption (paperId,optionId,value,data) values {$options}");
     // update PaperConflict
     $conflict = $this->conflicts_array($pj, $old_pj);
     $old_conflict = $this->conflicts_array($old_pj, null);
     if (join(",", array_keys($conflict)) !== join(",", array_keys($old_conflict)) || join(",", array_values($conflict)) !== join(",", array_values($old_conflict))) {
         $q = array();
         foreach ($conflict as $email => $type) {
             $q[] = "'" . sqlq($email) . "'";
         $ins = array();
         if (!empty($q)) {
             $result = Dbl::qe_raw("select contactId, email from ContactInfo where email in (" . join(",", $q) . ")");
             while ($row = edb_row($result)) {
                 $ins[] = "({$paperid},{$row['0']}," . $conflict[strtolower($row[1])] . ")";
         $result = Dbl::qe_raw("delete from PaperConflict where paperId={$paperid}");
         if (!empty($ins)) {
             $result = Dbl::qe_raw("insert into PaperConflict (paperId,contactId,conflictType) values " . join(",", $ins));
     return $paperid;
function authorTable($aus, $viewAs = null)
    global $Conf;
    $out = "";
    if (!is_array($aus)) {
        $aus = explode("\n", $aus);
    foreach ($aus as $aux) {
        $au = trim(is_array($aux) ? Text::user_html($aux) : $aux);
        if ($au != '') {
            if (strlen($au) > 30) {
                $out .= "<span class='autblentry_long'>";
            } else {
                $out .= "<span class='autblentry'>";
            $out .= $au;
            if ($viewAs !== null && is_array($aux) && count($aux) >= 2 && $viewAs->email != $aux[2] && $viewAs->privChair) {
                $out .= " " . become_user_link($aux[2], Text::name_html($aux));
            $out .= "</span> ";
    return $out;
 public static function unparse_flow_entry($crow, $contact, $trclass)
     // See also ReviewForm::reviewFlowEntry
     global $Conf;
     $a = "<a href=\"" . hoturl("paper", "p={$crow->paperId}#" . self::unparse_html_id($crow)) . "\"";
     $t = "<tr class='{$trclass}'><td class='pl_activityicon'>" . $a . ">" . Ht::img("comment24.png", "[Comment]", "dlimg") . '</a></td><td class="pl_activityid pnum">' . $a . ">#{$crow->paperId}</a></td><td class='pl_activitymain'><small>" . $a . " class=\"ptitle\">" . htmlspecialchars($crow->shortTitle);
     if (strlen($crow->shortTitle) != strlen($crow->title)) {
         $t .= "...";
     $t .= "</a>";
     $idable = $contact->can_view_comment_identity($crow, $crow, false);
     if ($idable || $contact->can_view_comment_time($crow, $crow)) {
         $time = $Conf->parseableTime($crow->timeModified, false);
     } else {
         $time = $Conf->unparse_time_obscure($Conf->obscure_time($crow->timeModified));
     $t .= ' <span class="barsep">·</span> ' . $time;
     if ($idable) {
         $t .= ' <span class="barsep">·</span> <span class="hint">comment by</span> ' . Text::user_html(self::_user($crow));
     $t .= '</small><br /><a class="q" ' . substr($a, 3) . ">" . htmlspecialchars($crow->shortComment);
     if (strlen($crow->shortComment) < strlen($crow->comment)) {
         $t .= "...";
     return $t . "</a></td></tr>";
function reviewTable($prow, $rrows, $crows, $rrow, $mode, $proposals = null)
    global $Conf, $Me;
    $subrev = array();
    $nonsubrev = array();
    $foundRrow = $foundMyReview = $notShown = 0;
    $conflictType = $Me->view_conflict_type($prow);
    $allow_admin = $Me->allow_administer($prow);
    $admin = $Me->can_administer($prow);
    $hideUnviewable = $conflictType > 0 && !$admin || !$Me->act_pc($prow) && !$Conf->setting("extrev_view");
    $show_colors = $Me->can_view_reviewer_tags($prow);
    $tagger = $show_colors ? new Tagger($Me) : null;
    $xsep = ' <span class="barsep">·</span> ';
    $want_scores = $mode !== "assign" && $mode !== "edit" && $mode !== "re";
    $want_requested_by = false;
    $want_retract = false;
    $pcm = pcMembers();
    $score_header = array();
    // actual rows
    foreach ($rrows as $rr) {
        $highlight = $rrow && $rr->reviewId == $rrow->reviewId;
        $foundRrow += $highlight;
        if ($Me->is_my_review($rr)) {
        $canView = $Me->can_view_review($prow, $rr, null);
        // skip unsubmitted reviews
        if (!$canView && $hideUnviewable) {
            if ($rr->reviewNeedsSubmit == 1 && $rr->reviewModified) {
        $t = "";
        $tclass = $rrow && $highlight ? "hilite" : "";
        // review ID
        $id = "Review";
        if ($rr->reviewSubmitted) {
            $id .= "&nbsp;#" . $prow->paperId . unparseReviewOrdinal($rr->reviewOrdinal);
        } else {
            if ($rr->reviewType == REVIEW_SECONDARY && $rr->reviewNeedsSubmit <= 0) {
                $id .= "&nbsp;(delegated)";
            } else {
                if ($rr->reviewModified > 0) {
                    $id .= "&nbsp;(in&nbsp;progress)";
                } else {
                    $id .= "&nbsp;(not&nbsp;started)";
        $rlink = unparseReviewOrdinal($rr);
        if ($rrow && $rrow->reviewId == $rr->reviewId) {
            if ($Me->contactId == $rr->contactId && !$rr->reviewSubmitted) {
                $id = "Your {$id}";
            $t .= '<td><a href="' . hoturl("review", "p={$prow->paperId}&r={$rlink}") . '" class="q"><b>' . $id . '</b></a></td>';
        } else {
            if (!$canView) {
                $t .= "<td>{$id}</td>";
            } else {
                if ($rrow || $rr->reviewModified <= 0 || ($mode === "re" || $mode === "assign") && $Me->can_review($prow, $rr)) {
                    $t .= '<td><a href="' . hoturl("review", "p={$prow->paperId}&r={$rlink}") . '">' . $id . '</a></td>';
                } else {
                    if (Navigation::page() !== "paper") {
                        $t .= '<td><a href="' . hoturl("paper", "p={$prow->paperId}#r{$rlink}") . '">' . $id . '</a></td>';
                    } else {
                        $t .= '<td><a href="#r' . $rlink . '">' . $id . '</a></td>';
        // primary/secondary glyph
        if ($conflictType > 0 && !$admin) {
            $rtype = "";
        } else {
            if ($rr->reviewType > 0) {
                $rtype = review_type_icon($rr->reviewType);
                if ($admin && $mode === "assign") {
                    $rtype .= _review_table_round_selector($prow, $rr);
                } else {
                    if ($rr->reviewRound > 0 && $Me->can_view_review_round($prow, $rr)) {
                        $rtype .= '&nbsp;<span class="revround" title="Review round">' . htmlspecialchars($Conf->round_name($rr->reviewRound, true)) . "</span>";
            } else {
                $rtype = "";
        // reviewer identity
        $showtoken = $rr->reviewToken && $Me->can_review($prow, $rr);
        if (!$Me->can_view_review_identity($prow, $rr, null)) {
            $t .= $rtype ? "<td>{$rtype}</td>" : '<td class="empty"></td>';
        } else {
            if (!$showtoken || !Contact::is_anonymous_email($rr->email)) {
                $n = $Me->name_html_for($rr);
            } else {
                $n = "[Token " . encode_token((int) $rr->reviewToken) . "]";
            if ($allow_admin) {
                $n .= _review_table_actas($rr);
            $t .= '<td class="rl"><span class="taghl">' . $n . '</span>' . ($rtype ? " {$rtype}" : "") . "</td>";
            if ($show_colors && (get($rr, "contactRoles") || get($rr, "contactTags"))) {
                $tags = Contact::roles_all_contact_tags(get($rr, "contactRoles"), get($rr, "contactTags"));
                $tags = Tagger::strip_nonviewable($tags, $Me);
                if ($tags && ($color = TagInfo::color_classes($tags))) {
                    $tclass = $color;
        // requester
        if ($mode === "assign") {
            if (($conflictType <= 0 || $admin) && $rr->reviewType == REVIEW_EXTERNAL && !$showtoken) {
                $t .= '<td style="font-size:smaller">';
                if ($rr->requestedBy == $Me->contactId) {
                    $t .= "you";
                } else {
                    if ($u = get($pcm, $rr->requestedBy)) {
                        $t .= $Me->reviewer_html_for($rr->requestedBy);
                    } else {
                        $t .= Text::user_html([$rr->reqFirstName, $rr->reqLastName, $rr->reqEmail]);
                $t .= '</td>';
                $want_requested_by = true;
            } else {
                $t .= '<td class="empty"></td>';
        // actions
        if ($mode === "assign" && ($conflictType <= 0 || $admin) && $rr->reviewType == REVIEW_EXTERNAL && $rr->reviewModified <= 0 && ($rr->requestedBy == $Me->contactId || $admin)) {
            $t .= '<td>' . _retract_review_request_form($prow, $rr) . '</td>';
        // scores
        $scores = array();
        if ($want_scores && $canView) {
            $view_score = $Me->view_score_bound($prow, $rr);
            $rf = ReviewForm::get();
            foreach ($rf->forder as $fid => $f) {
                if (!$f->has_options || $f->view_score <= $view_score || $f->round_mask && !$f->is_round_visible($rr)) {
                    /* do nothing */
                } else {
                    if ($rr->{$fid}) {
                        if (!get($score_header, $fid)) {
                            $score_header[$fid] = "<th>" . $f->web_abbreviation() . "</th>";
                        $scores[$fid] = '<td class="revscore" data-rf="' . $f->uid . '">' . $f->unparse_value($rr->{$fid}, ReviewField::VALUE_SC) . '</td>';
                    } else {
                        if (get($score_header, $fid) === null) {
                            $score_header[$fid] = "";
        // affix
        if (!$rr->reviewSubmitted) {
            $nonsubrev[] = array($tclass, $t, $scores);
        } else {
            $subrev[] = array($tclass, $t, $scores);
    // proposed review rows
    if ($proposals) {
        foreach ($proposals as $rr) {
            $t = "";
            // review ID
            $t = "<td>Proposed review</td>";
            // reviewer identity
            $t .= "<td>" . Text::user_html($rr);
            if ($allow_admin) {
                $t .= _review_table_actas($rr);
            $t .= "</td>";
            // requester
            if ($conflictType <= 0 || $admin) {
                $t .= '<td style="font-size:smaller">';
                if ($rr->requestedBy == $Me->contactId) {
                    $t .= "you";
                } else {
                    if ($u = get($pcm, $rr->requestedBy)) {
                        $t .= $Me->reviewer_html_for($rr->requestedBy);
                    } else {
                        $t .= Text::user_html([$rr->reqFirstName, $rr->reqLastName, $rr->reqEmail]);
                $t .= '</td>';
                $want_requested_by = true;
            $t .= '<td>';
            if ($admin) {
                $t .= '<small>' . Ht::form(hoturl_post("assign", "p={$prow->paperId}")) . '<div class="inline">' . Ht::hidden("name", $rr->name) . Ht::hidden("email", $rr->email) . Ht::hidden("reason", $rr->reason);
                if ($rr->reviewRound !== null) {
                    if ($rr->reviewRound == 0) {
                        $rname = "unnamed";
                    } else {
                        $rname = $Conf->round_name($rr->reviewRound);
                    if ($rname) {
                        $t .= Ht::hidden("round", $rname);
                $t .= Ht::submit("add", "Approve review", array("style" => "font-size:smaller")) . ' ' . Ht::submit("deny", "Deny request", array("style" => "font-size:smaller")) . '</div></form>';
            } else {
                if ($rr->reqEmail === $Me->email) {
                    $t .= _retract_review_request_form($prow, $rr);
            $t .= '</td>';
            // affix
            $nonsubrev[] = array("", $t);
    // unfinished review notification
    $notetxt = "";
    if ($conflictType >= CONFLICT_AUTHOR && !$admin && $notShown && $Me->can_view_review($prow, null, null)) {
        if ($notShown == 1) {
            $t = "1 review remains outstanding.";
        } else {
            $t = "{$notShown} reviews remain outstanding.";
        $t .= '<br /><span class="hint">You will be emailed if new reviews are submitted or existing reviews are changed.</span>';
        $notetxt = '<div class="revnotes">' . $t . "</div>";
    // completion
    if (count($nonsubrev) + count($subrev)) {
        if ($want_requested_by) {
            array_unshift($score_header, '<th class="revsl">Requester</th>');
        $score_header_text = join("", $score_header);
        $t = "<table class=\"reviewers";
        if ($score_header_text) {
            $t .= " reviewers_scores";
        if ($list = SessionList::active()) {
            $t .= " has_hotcrp_list\" data-hotcrp-list=\"" . $list->listno;
        $t .= "\">\n";
        if ($score_header_text) {
            $t .= '<tr><td class="empty" colspan="2"></td>' . $score_header_text . "</tr>\n";
        foreach (array_merge($subrev, $nonsubrev) as $r) {
            $t .= '<tr class="rl' . ($r[0] ? " {$r['0']}" : "") . '">' . $r[1];
            if (get($r, 2)) {
                foreach ($score_header as $fid => $header_needed) {
                    if ($header_needed) {
                        $x = get($r[2], $fid);
                        $t .= $x ?: "<td class=\"revscore rs_{$fid}\"></td>";
            } else {
                if (count($score_header)) {
                    $t .= '<td colspan="' . count($score_header) . '"></td>';
            $t .= "</tr>\n";
        if ($score_header_text) {
            $Conf->footerScript("review_form.score_tooltips(\$(\"table.reviewers_scores\"))", "score_tooltips");
        return $t . "</table>\n" . $notetxt;
    } else {
        return $notetxt;
 function reviewFlowEntry($contact, $rrow, $trclass)
     // See also CommentInfo::unparse_flow_entry
     global $Conf;
     $barsep = " <span class='barsep'>·</span> ";
     $a = "<a href='" . hoturl("paper", "p={$rrow->paperId}#r" . unparseReviewOrdinal($rrow)) . "'";
     $t = "<tr class='{$trclass}'><td class='pl_activityicon'>" . $a . ">" . Ht::img("review24.png", "[Review]", "dlimg") . "</a></td><td class='pl_activityid pnum'>" . $a . ">#{$rrow->paperId}</a></td><td class='pl_activitymain'><small>" . $a . " class=\"ptitle\">" . htmlspecialchars($rrow->shortTitle);
     if (strlen($rrow->shortTitle) != strlen($rrow->title)) {
         $t .= "...";
     $t .= "</a>";
     if ($contact->can_view_review_time($rrow, $rrow)) {
         $time = $Conf->parseableTime($rrow->reviewModified, false);
     } else {
         $time = $Conf->unparse_time_obscure($Conf->obscure_time($rrow->reviewModified));
     $t .= $barsep . $time;
     if ($contact->can_view_review_identity($rrow, $rrow, false)) {
         $t .= $barsep . "<span class='hint'>review by</span> " . Text::user_html($rrow->reviewFirstName, $rrow->reviewLastName, $rrow->reviewEmail);
     $t .= "</small><br /><a class='q'" . substr($a, 3) . ">";
     $revViewScore = $contact->view_score_bound($rrow, $rrow);
     if ($rrow->reviewSubmitted) {
         $t .= "Review #" . unparseReviewOrdinal($rrow) . " submitted";
         $xbarsep = $barsep;
     } else {
         $xbarsep = "";
     foreach ($this->forder as $field => $f) {
         if ($f->view_score > $revViewScore && $f->has_options && $rrow->{$field}) {
             $t .= $xbarsep . $f->name_html . "&nbsp;" . $f->unparse_value($rrow->{$field}, ReviewField::VALUE_SC);
             $xbarsep = $barsep;
     return $t . "</a></td></tr>";
 static function echo_heading($user)
     global $Me;
     $u = $Me->user_linkpart($user);
     if ($user !== $Me && !$user->is_anonymous && $user->contactImageId) {
         echo '<img class="smallface61" src="' . hoturl("face", array("u" => $u, "imageid" => $user->contactImageId)) . '" />';
     echo '<h2 class="homeemail"><a href="', hoturl("index", array("u" => $u)), '">', htmlspecialchars($u), '</a>';
     if ($user->extension) {
         echo " (X)";
     if ($Me->privChair) {
         echo "&nbsp;", become_user_link($user);
     echo '</h2>';
     if ($user !== $Me && !$user->is_anonymous) {
         echo '<h3>', Text::user_html($user), '</h3>';
     if ($user->dropped) {
         ContactView::echo_group("", '<strong class="err">You have dropped the course.</strong> If this is incorrect, contact us.');
     echo '<hr class="c" />';
 static function send_reviewers($template, $row, $rest = array())
     global $Conf, $Me, $Opt;
     $result = $Conf->qe("select ContactInfo.contactId,\n                firstName, lastName, email, preferredEmail, password, roles, disabled,\n                conflictType, reviewType myReviewType\n                from ContactInfo\n                join PaperReview on (PaperReview.contactId=ContactInfo.contactId and PaperReview.paperId={$row->paperId})\n                left join PaperConflict on (PaperConflict.contactId=ContactInfo.contactId and PaperConflict.paperId={$row->paperId})\n                group by ContactInfo.contactId");
     if (!isset($rest["cc"]) && isset($Opt["emailCc"])) {
         $rest["cc"] = $Opt["emailCc"];
     } else {
         if (!isset($rest["cc"])) {
             $rest["cc"] = Text::user_email_to(Contact::site_contact());
     // must set the current conflict type in $row for each contact
     $contact_info_map = $row->replace_contact_info_map(null);
     $contacts = array();
     while ($contact = edb_orow($result)) {
         $row->assign_contact_info($contact, $contact->contactId);
         self::send_to(Contact::make($contact), $template, $row, $rest);
         $contacts[] = Text::user_html($contact);
     if ($Me->allow_administer($row) && !$row->has_author($Me) && count($contacts)) {
         $endmsg = isset($rest["infoMsg"]) ? ", " . $rest["infoMsg"] : ".";
         $Conf->infoMsg("Sent email to paper #{$row->paperId}’s " . pluralx($contacts, "reviewer") . ", " . commajoin($contacts) . $endmsg);