/**
* Determine whether or not the request is cacheable.
* @return boolean
*/
function isCacheable()
{
if (defined('SESSION_DISABLE_INIT')) {
return false;
}
if (!Config::getVar('general', 'installed')) {
return false;
}
if (!empty($_POST) || Validation::isLoggedIn()) {
return false;
}
if (!PKPRequest::isPathInfoEnabled()) {
$ok = array('journal', 'page', 'op', 'path');
if (!empty($_GET) && count(array_diff(array_keys($_GET), $ok)) != 0) {
return false;
}
} else {
if (!empty($_GET)) {
return false;
}
}
if (in_array(PKPRequest::getRequestedPage(), array('about', 'announcement', 'help', 'index', 'information', 'rt', 'issue', ''))) {
return true;
}
return false;
}
/**
* Used by subclasses to validate access keys when they are allowed.
* @param $userId int The user this key refers to
* @param $reviewId int The ID of the review this key refers to
* @param $newKey string The new key name, if one was supplied; otherwise, the existing one (if it exists) is used
* @return object Valid user object if the key was valid; otherwise NULL.
*/
function &validateAccessKey($userId, $reviewId, $newKey = null)
{
$press =& Request::getPress();
if (!$press || !$press->getSetting('reviewerAccessKeysEnabled')) {
$accessKey = false;
return $accessKey;
}
define('REVIEWER_ACCESS_KEY_SESSION_VAR', 'ReviewerAccessKey');
import('lib.pkp.classes.security.AccessKeyManager');
$accessKeyManager = new AccessKeyManager();
$session =& Request::getSession();
// Check to see if a new access key is being used.
if (!empty($newKey)) {
if (Validation::isLoggedIn()) {
Validation::logout();
}
$keyHash = $accessKeyManager->generateKeyHash($newKey);
$session->setSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR, $keyHash);
} else {
$keyHash = $session->getSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR);
}
// Now that we've gotten the key hash (if one exists), validate it.
$accessKey =& $accessKeyManager->validateKey('ReviewerContext', $userId, $keyHash, $reviewId);
if ($accessKey) {
$userDao =& DAORegistry::getDAO('UserDAO');
$user =& $userDao->getUser($accessKey->getUserId(), false);
return $user;
}
// No valid access key -- return NULL.
return $accessKey;
}
/**
* Determine whether or not the request is cacheable.
* @param $request PKPRequest
* @param $testOnly boolean required for unit test to
* bypass session check.
* @return boolean
*/
function isCacheable($request, $testOnly = false)
{
if (defined('SESSION_DISABLE_INIT') && !$testOnly) {
return false;
}
if (!Config::getVar('general', 'installed')) {
return false;
}
if (!empty($_POST) || Validation::isLoggedIn()) {
return false;
}
if ($request->isPathInfoEnabled()) {
if (!empty($_GET)) {
return false;
}
} else {
$application = $this->getApplication();
$ok = array_merge($application->getContextList(), array('page', 'op', 'path'));
if (!empty($_GET) && count(array_diff(array_keys($_GET), $ok)) != 0) {
return false;
}
}
if (in_array($this->getRequestedPage($request), $this->getCacheablePages())) {
return true;
}
return false;
}
/**
* Validate that user is logged in.
* Redirects to login form if not logged in.
* @param $loginCheck boolean check if user is logged in
*/
function validate($loginCheck = true)
{
parent::validate();
if ($loginCheck && !Validation::isLoggedIn()) {
Validation::redirectLogin();
}
}
public function __construct()
{
// Get paths to system base directories
$this->baseDir = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME']))))))))));
// Load and execute initialization code
chdir($this->baseDir);
define('INDEX_FILE_LOCATION', $this->baseDir . '/index.php');
require $this->baseDir . '/lib/pkp/includes/bootstrap.inc.php';
$publicDir = Config::getVar('files', 'public_files_dir');
$this->baseUrl = Config::getVar('general', 'base_url');
// Load user variables
$sessionManager =& SessionManager::getManager();
$userSession =& $sessionManager->getUserSession();
$user =& $userSession->getUser();
if (isset($user)) {
// User is logged in
$siteDir = $this->baseDir . '/' . $publicDir . '/site/';
if (!file_exists($siteDir . '/images/')) {
import('classes.file.FileManager');
// Check that the public/site/ directory exists and is writeable
if (!file_exists($siteDir) || !is_writeable($siteDir)) {
die(__('installer.installFilesDirError'));
}
// Create the images directory
if (!FileManager::mkdir($siteDir . '/images/')) {
die(__('installer.installFilesDirError'));
}
}
//Check if user's image directory exists, else create it
if (Validation::isLoggedIn() && !file_exists($siteDir . '/images/' . $user->getUsername())) {
import('classes.file.FileManager');
// Check that the public/site/images/ directory exists and is writeable
if (!file_exists($siteDir . '/images/') || !is_writeable($siteDir . '/images/')) {
die(__('installer.installFilesDirError'));
}
// Create the directory to store the user's images
if (!FileManager::mkdir($siteDir . '/images/' . $user->getUsername())) {
die(__('installer.installFilesDirError'));
}
$this->imageDir = $publicDir . '/site/images/' . $user->getUsername();
} else {
if (Validation::isLoggedIn()) {
// User's image directory already exists
$this->imageDir = $publicDir . '/site/images/' . $user->getUsername();
}
}
} else {
// Not logged in; Do not allow images to be uploaded
$this->imageDir = null;
}
// Set the base directory back to its original location
chdir(dirname($_SERVER['SCRIPT_FILENAME']));
}
/**
* Validate user registration information and register new user.
* @param $args array
* @param $request PKPRequest
*/
function registerUser($args, &$request)
{
$this->validate($request);
$this->setupTemplate($request, true);
import('classes.user.form.RegistrationForm');
if (checkPhpVersion('5.0.0')) {
// WARNING: This form needs $this in constructor
$regForm = new RegistrationForm();
} else {
$regForm =& new RegistrationForm();
}
$regForm->readInputData();
if ($regForm->validate()) {
$regForm->execute();
$reason = null;
if (Config::getVar('security', 'implicit_auth')) {
Validation::login('', '', $reason);
} else {
Validation::login($regForm->getData('username'), $regForm->getData('password'), $reason);
}
if (!Validation::isLoggedIn()) {
if (Config::getVar('email', 'require_validation')) {
// Inform the user that they need to deal with the
// registration email.
$this->setupTemplate($request, true);
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('pageTitle', 'user.register.emailValidation');
$templateMgr->assign('errorMsg', 'user.register.emailValidationDescription');
$templateMgr->assign('backLink', $request->url(null, 'login'));
$templateMgr->assign('backLinkLabel', 'user.login');
return $templateMgr->display('common/error.tpl');
}
}
if ($reason !== null) {
$this->setupTemplate($request, true);
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('pageTitle', 'user.login');
$templateMgr->assign('errorMsg', $reason == '' ? 'user.login.accountDisabled' : 'user.login.accountDisabledWithReason');
$templateMgr->assign('errorParams', array('reason' => $reason));
$templateMgr->assign('backLink', $request->url(null, 'login'));
$templateMgr->assign('backLinkLabel', 'user.login');
return $templateMgr->display('common/error.tpl');
}
if ($source = $request->getUserVar('source')) {
$request->redirectUrl($source);
} else {
$request->redirect(null, 'login');
}
} else {
$regForm->display();
}
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
if (is_a($this->_router, 'PKPPageRouter')) {
$page = $this->_router->getRequestedPage($this->_request);
} else {
$page = null;
}
if (Validation::isLoggedIn() || in_array($page, $this->_getLoginExemptions())) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
function index($args)
{
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager =& OJSPaymentManager::getManager();
$journal =& Request::getJournal();
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forDonation");
}
$user =& Request::getUser();
$queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_DONATION, $user->getId(), 0, 0);
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
}
/**
* Perform request access validation based on security settings.
* @param $requiresJournal boolean
*/
function validate($requiresJournal = false)
{
if (Config::getVar('security', 'force_ssl') && Request::getProtocol() != 'https') {
// Force SSL connections site-wide
Request::redirectSSL();
}
$journal = Request::getJournal();
if ($requiresJournal && $journal == null) {
// Requested page is only allowed for journals
Request::redirect(null, 'about');
}
$page = Request::getRequestedPage();
if ($journal != null && !Validation::isLoggedIn() && !in_array($page, Handler::getLoginExemptions()) && $journal->getSetting('restrictSiteAccess')) {
Request::redirect(null, 'login');
}
}
/**
* Initialize the template manager.
*/
function initialize()
{
$locale = AppLocale::getLocale();
$application = PKPApplication::getApplication();
$router = $this->_request->getRouter();
assert(is_a($router, 'PKPRouter'));
$currentContext = $this->_request->getContext();
$this->assign(array('defaultCharset' => Config::getVar('i18n', 'client_charset'), 'basePath' => $this->_request->getBasePath(), 'baseUrl' => $this->_request->getBaseUrl(), 'requiresFormRequest' => $this->_request->isPost(), 'currentUrl' => $this->_request->getCompleteUrl(), 'dateFormatTrunc' => Config::getVar('general', 'date_format_trunc'), 'dateFormatShort' => Config::getVar('general', 'date_format_short'), 'dateFormatLong' => Config::getVar('general', 'date_format_long'), 'datetimeFormatShort' => Config::getVar('general', 'datetime_format_short'), 'datetimeFormatLong' => Config::getVar('general', 'datetime_format_long'), 'timeFormat' => Config::getVar('general', 'time_format'), 'currentContext' => $currentContext, 'currentLocale' => $locale, 'pageTitle' => $application->getNameKey(), 'applicationName' => __($application->getNameKey())));
if (is_a($router, 'PKPPageRouter')) {
$this->assign(array('requestedPage' => $router->getRequestedPage($this->_request), 'requestedOp' => $router->getRequestedOp($this->_request)));
// Register the jQuery script
$min = Config::getVar('general', 'enable_minified') ? '.min' : '';
if (Config::getVar('general', 'enable_cdn')) {
$jquery = '//ajax.googleapis.com/ajax/libs/jquery/' . CDN_JQUERY_VERSION . '/jquery' . $min . '.js';
$jqueryUI = '//ajax.googleapis.com/ajax/libs/jqueryui/' . CDN_JQUERY_UI_VERSION . '/jquery-ui' . $min . '.js';
} else {
$jquery = $this->_request->getBaseUrl() . '/lib/pkp/lib/components/jquery/jquery' . $min . '.js';
$jqueryUI = $this->_request->getBaseUrl() . '/lib/pkp/lib/components/jquery-ui/jquery-ui' . $min . '.js';
}
$this->addJavaScript('jquery', $jquery, array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend'));
$this->addJavaScript('jqueryUI', $jqueryUI, array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend'));
// Register the pkp-lib JS library
$this->registerJSLibraryData();
$this->registerJSLibrary();
// Load Noto Sans font from Google Font CDN
// To load extended latin or other character sets, see:
// https://www.google.com/fonts#UsePlace:use/Collection:Noto+Sans
if (Config::getVar('general', 'enable_cdn')) {
$this->addStyleSheet('pkpLibNotoSans', '//fonts.googleapis.com/css?family=Noto+Sans:400,400italic,700,700italic', array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend'));
}
// Register the primary backend stylesheet
if ($dispatcher = $this->_request->getDispatcher()) {
$this->addStyleSheet('pkpLib', $dispatcher->url($this->_request, ROUTE_COMPONENT, null, 'page.PageHandler', 'css'), array('priority' => STYLE_SEQUENCE_CORE, 'contexts' => 'backend'));
}
// Add reading language flag based on locale
$this->assign('currentLocaleLangDir', AppLocale::getLocaleDirection($locale));
// If there's a locale-specific stylesheet, add it.
if (($localeStyleSheet = AppLocale::getLocaleStyleSheet($locale)) != null) {
$this->addStyleSheet('pkpLibLocale', $this->_request->getBaseUrl() . '/' . $localeStyleSheet, array('contexts' => array('frontend', 'backend')));
}
// Register colour picker assets on the appearance page
$this->addJavaScript('spectrum', $this->_request->getBaseUrl() . '/lib/pkp/js/lib/jquery/plugins/spectrum/spectrum.js', array('contexts' => array('backend-management-settings', 'backend-admin-settings', 'backend-admin-contexts')));
$this->addStyleSheet('spectrum', $this->_request->getBaseUrl() . '/lib/pkp/js/lib/jquery/plugins/spectrum/spectrum.css', array('contexts' => array('backend-management-settings', 'backend-admin-settings', 'backend-admin-contexts')));
// Register recaptcha on relevant pages
if (Config::getVar('captcha', 'recaptcha') && Config::getVar('captcha', 'captcha_on_register')) {
$this->addJavaScript('recaptcha', 'https://www.google.com/recaptcha/api.js', array('contexts' => array('frontend-user-register', 'frontend-user-registerUser')));
}
// Register meta tags
if (Config::getVar('general', 'installed')) {
if (($this->_request->getRequestedPage() == '' || $this->_request->getRequestedPage() == 'index') && $currentContext && $currentContext->getLocalizedSetting('searchDescription')) {
$this->addHeader('searchDescription', '<meta name="description" content="' . $currentContext->getLocalizedSetting('searchDescription') . '">');
}
$this->addHeader('generator', '<meta name="generator" content="' . __($application->getNameKey()) . ' ' . $application->getCurrentVersion()->getVersionString(false) . '">', array('contexts' => array('frontend', 'backend')));
if ($currentContext) {
$customHeaders = $currentContext->getLocalizedSetting('customHeaders');
if (!empty($customHeaders)) {
$this->addHeader('customHeaders', $customHeaders);
}
}
}
if ($currentContext && !$currentContext->getEnabled()) {
$this->addHeader('noindex', '<meta name="robots" content="noindex,nofollow">', array('contexts' => array('frontend', 'backend')));
}
}
// Register custom functions
$this->register_modifier('translate', array('AppLocale', 'translate'));
$this->register_modifier('strip_unsafe_html', array('PKPString', 'stripUnsafeHtml'));
$this->register_modifier('String_substr', array('PKPString', 'substr'));
$this->register_modifier('dateformatPHP2JQueryDatepicker', array('PKPString', 'dateformatPHP2JQueryDatepicker'));
$this->register_modifier('to_array', array($this, 'smartyToArray'));
$this->register_modifier('compare', array($this, 'smartyCompare'));
$this->register_modifier('concat', array($this, 'smartyConcat'));
$this->register_modifier('strtotime', array($this, 'smartyStrtotime'));
$this->register_modifier('explode', array($this, 'smartyExplode'));
$this->register_modifier('assign', array($this, 'smartyAssign'));
$this->register_function('csrf', array($this, 'smartyCSRF'));
$this->register_function('translate', array($this, 'smartyTranslate'));
$this->register_function('null_link_action', array($this, 'smartyNullLinkAction'));
$this->register_function('help', array($this, 'smartyHelp'));
$this->register_function('flush', array($this, 'smartyFlush'));
$this->register_function('call_hook', array($this, 'smartyCallHook'));
$this->register_function('html_options_translate', array($this, 'smartyHtmlOptionsTranslate'));
$this->register_block('iterate', array($this, 'smartyIterate'));
$this->register_function('page_links', array($this, 'smartyPageLinks'));
$this->register_function('page_info', array($this, 'smartyPageInfo'));
$this->register_function('pluck_files', array($this, 'smartyPluckFiles'));
// Modified vocabulary for creating forms
$fbv = $this->getFBV();
$this->register_block('fbvFormSection', array($fbv, 'smartyFBVFormSection'));
$this->register_block('fbvFormArea', array($fbv, 'smartyFBVFormArea'));
$this->register_function('fbvFormButtons', array($fbv, 'smartyFBVFormButtons'));
$this->register_function('fbvElement', array($fbv, 'smartyFBVElement'));
$this->assign('fbvStyles', $fbv->getStyles());
$this->register_function('fieldLabel', array($fbv, 'smartyFieldLabel'));
// register the resource name "core"
$coreResource = new PKPTemplateResource($this->core_template_dir);
$this->register_resource('core', array(array($coreResource, 'fetch'), array($coreResource, 'fetchTimestamp'), array($coreResource, 'getSecure'), array($coreResource, 'getTrusted')));
$appResource = new PKPTemplateResource($this->app_template_dir);
$this->register_resource('app', array(array($appResource, 'fetch'), array($appResource, 'fetchTimestamp'), array($appResource, 'getSecure'), array($appResource, 'getTrusted')));
$this->register_function('url', array($this, 'smartyUrl'));
// ajax load into a div or any element
$this->register_function('load_url_in_el', array($this, 'smartyLoadUrlInEl'));
$this->register_function('load_url_in_div', array($this, 'smartyLoadUrlInDiv'));
// load stylesheets/scripts/headers from a given context
$this->register_function('load_stylesheet', array($this, 'smartyLoadStylesheet'));
$this->register_function('load_script', array($this, 'smartyLoadScript'));
$this->register_function('load_header', array($this, 'smartyLoadHeader'));
/**
* Kludge to make sure no code that tries to connect to the
* database is executed (e.g., when loading installer pages).
*/
if (!defined('SESSION_DISABLE_INIT')) {
$application = PKPApplication::getApplication();
$this->assign(array('isUserLoggedIn' => Validation::isLoggedIn(), 'isUserLoggedInAs' => Validation::isLoggedInAs(), 'itemsPerPage' => Config::getVar('interface', 'items_per_page'), 'numPageLinks' => Config::getVar('interface', 'page_links')));
$user = $this->_request->getUser();
$hasSystemNotifications = false;
if ($user) {
$notificationDao = DAORegistry::getDAO('NotificationDAO');
$notifications = $notificationDao->getByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL);
if ($notifications->getCount() > 0) {
$this->assign('hasSystemNotifications', true);
}
// Assign the user name to be used in the sitenav
$this->assign(array('loggedInUsername' => $user->getUserName(), 'initialHelpState' => (int) $user->getInlineHelp()));
}
}
// Load enabled block plugins and setup active sidebar variables
PluginRegistry::loadCategory('blocks', true);
$sidebarHooks = HookRegistry::getHooks('Templates::Common::Sidebar');
$this->assign(array('hasSidebar' => !empty($sidebarHooks)));
}
/**
* Log a user out.
*/
function signOut()
{
$this->validate();
$this->setupTemplate();
if (Validation::isLoggedIn()) {
Validation::logout();
}
$source = Request::getUserVar('source');
if (isset($source) && !empty($source)) {
PKPRequest::redirectUrl(Request::getProtocol() . '://' . Request::getServerHost() . $source, false);
} else {
PKPRequest::redirect(null, Request::getRequestedPage());
}
}
/**
* Check if a user is authorized to access the specified role in the specified press.
* @param $roleId int
* @param $pressId optional (e.g., for global site admin role), the ID of the press
* @return boolean
*/
function isAuthorized($roleId, $pressId = 0)
{
if (!Validation::isLoggedIn()) {
return false;
}
if ($pressId === -1) {
// Get press ID from request
$press =& Request::getPress();
$pressId = $press == null ? 0 : $press->getId();
}
$sessionManager =& SessionManager::getManager();
$session =& $sessionManager->getUserSession();
$user =& $session->getUser();
$roleDAO =& DAORegistry::getDAO('RoleDAO');
return $roleDAO->userHasRole($pressId, $user->getId(), $roleId);
}
/**
* Initialize the template manager.
*/
function initialize()
{
// Retrieve the router
$router = $this->_request->getRouter();
assert(is_a($router, 'PKPRouter'));
$this->assign('defaultCharset', Config::getVar('i18n', 'client_charset'));
$this->assign('basePath', $this->_request->getBasePath());
$this->assign('baseUrl', $this->_request->getBaseUrl());
$this->assign('requiresFormRequest', $this->_request->isPost());
if (is_a($router, 'PKPPageRouter')) {
$this->assign('requestedPage', $router->getRequestedPage($this->_request));
}
$this->assign('currentUrl', $this->_request->getCompleteUrl());
$this->assign('dateFormatTrunc', Config::getVar('general', 'date_format_trunc'));
$this->assign('dateFormatShort', Config::getVar('general', 'date_format_short'));
$this->assign('dateFormatLong', Config::getVar('general', 'date_format_long'));
$this->assign('datetimeFormatShort', Config::getVar('general', 'datetime_format_short'));
$this->assign('datetimeFormatLong', Config::getVar('general', 'datetime_format_long'));
$this->assign('timeFormat', Config::getVar('general', 'time_format'));
$this->assign('allowCDN', Config::getVar('general', 'enable_cdn'));
$this->assign('useMinifiedJavaScript', Config::getVar('general', 'enable_minified'));
$this->assign('toggleHelpOnText', __('help.toggleInlineHelpOn'));
$this->assign('toggleHelpOffText', __('help.toggleInlineHelpOff'));
$this->assign('currentContext', $this->_request->getContext());
$locale = AppLocale::getLocale();
$this->assign('currentLocale', $locale);
// Add uncompilable styles
$this->addStyleSheet($this->_request->getBaseUrl() . '/styles/lib.css', STYLE_SEQUENCE_CORE);
$dispatcher = $this->_request->getDispatcher();
if ($dispatcher) {
$this->addStyleSheet($dispatcher->url($this->_request, ROUTE_COMPONENT, null, 'page.PageHandler', 'css'), STYLE_SEQUENCE_CORE);
}
// If there's a locale-specific stylesheet, add it.
if (($localeStyleSheet = AppLocale::getLocaleStyleSheet($locale)) != null) {
$this->addStyleSheet($this->_request->getBaseUrl() . '/' . $localeStyleSheet);
}
$application = PKPApplication::getApplication();
$this->assign('pageTitle', $application->getNameKey());
$this->assign('applicationName', __($application->getNameKey()));
$this->assign('exposedConstants', $application->getExposedConstants());
$this->assign('jsLocaleKeys', $application->getJSLocaleKeys());
// Register custom functions
$this->register_modifier('translate', array('AppLocale', 'translate'));
$this->register_modifier('strip_unsafe_html', array('String', 'stripUnsafeHtml'));
$this->register_modifier('String_substr', array('String', 'substr'));
$this->register_modifier('to_array', array($this, 'smartyToArray'));
$this->register_modifier('compare', array($this, 'smartyCompare'));
$this->register_modifier('concat', array($this, 'smartyConcat'));
$this->register_modifier('escape', array($this, 'smartyEscape'));
$this->register_modifier('strtotime', array($this, 'smartyStrtotime'));
$this->register_modifier('explode', array($this, 'smartyExplode'));
$this->register_modifier('assign', array($this, 'smartyAssign'));
$this->register_function('translate', array($this, 'smartyTranslate'));
$this->register_function('null_link_action', array($this, 'smartyNullLinkAction'));
$this->register_function('flush', array($this, 'smartyFlush'));
$this->register_function('call_hook', array($this, 'smartyCallHook'));
$this->register_function('html_options_translate', array($this, 'smartyHtmlOptionsTranslate'));
$this->register_block('iterate', array($this, 'smartyIterate'));
$this->register_function('page_links', array($this, 'smartyPageLinks'));
$this->register_function('page_info', array($this, 'smartyPageInfo'));
$this->register_function('icon', array($this, 'smartyIcon'));
$this->register_modifier('truncate', array($this, 'smartyTruncate'));
// Modified vocabulary for creating forms
$fbv = $this->getFBV();
$this->register_block('fbvFormSection', array($fbv, 'smartyFBVFormSection'));
$this->register_block('fbvFormArea', array($fbv, 'smartyFBVFormArea'));
$this->register_function('fbvFormButtons', array($fbv, 'smartyFBVFormButtons'));
$this->register_function('fbvElement', array($fbv, 'smartyFBVElement'));
$this->assign('fbvStyles', $fbv->getStyles());
$this->register_function('fieldLabel', array($fbv, 'smartyFieldLabel'));
// register the resource name "core"
$this->register_resource('core', array(array($this, 'smartyResourceCoreGetTemplate'), array($this, 'smartyResourceCoreGetTimestamp'), array($this, 'smartyResourceCoreGetSecure'), array($this, 'smartyResourceCoreGetTrusted')));
$this->register_function('url', array($this, 'smartyUrl'));
// ajax load into a div
$this->register_function('load_url_in_div', array($this, 'smartyLoadUrlInDiv'));
if (!defined('SESSION_DISABLE_INIT')) {
/**
* Kludge to make sure no code that tries to connect to
* the database is executed (e.g., when loading
* installer pages).
*/
$this->assign('isUserLoggedIn', Validation::isLoggedIn());
$this->assign('isUserLoggedInAs', Validation::isLoggedInAs());
$application = PKPApplication::getApplication();
$currentVersion = $application->getCurrentVersion();
$this->assign('currentVersionString', $currentVersion->getVersionString(false));
$this->assign('itemsPerPage', Config::getVar('interface', 'items_per_page'));
$this->assign('numPageLinks', Config::getVar('interface', 'page_links'));
}
// Load enabled block plugins.
PluginRegistry::loadCategory('blocks', true);
if (!defined('SESSION_DISABLE_INIT')) {
$user = $this->_request->getUser();
$hasSystemNotifications = false;
if ($user) {
// Assign the user name to be used in the sitenav
$this->assign('loggedInUsername', $user->getUserName());
$notificationDao = DAORegistry::getDAO('NotificationDAO');
$notifications = $notificationDao->getByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL);
if ($notifications->getCount() > 0) {
$hasSystemNotifications = true;
}
$this->assign('initialHelpState', (int) $user->getInlineHelp());
}
$this->assign('hasSystemNotifications', $hasSystemNotifications);
}
}
/**
* Validation
* @param $request PKPRequest
* @param $articleId int
*/
function validate(&$request, $articleId)
{
parent::validate();
$journal =& $request->getJournal();
$journalId = $journal->getId();
$journalSettingsDao =& DAORegistry::getDAO('JournalSettingsDAO');
$publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO');
$article =& $publishedArticleDao->getPublishedArticleByArticleId($articleId);
// Bring in comment constants
$commentDao =& DAORegistry::getDAO('CommentDAO');
$enableComments = $journal->getSetting('enableComments');
if (!Validation::isLoggedIn() && $journalSettingsDao->getSetting($journalId, 'restrictArticleAccess') || $article && !$article->getEnableComments() || $enableComments != COMMENTS_ANONYMOUS && $enableComments != COMMENTS_AUTHENTICATED && $enableComments != COMMENTS_UNAUTHENTICATED) {
Validation::redirectLogin();
}
// Subscription Access
$issueDao =& DAORegistry::getDAO('IssueDAO');
$issue =& $issueDao->getIssueByArticleId($articleId);
if (isset($issue) && isset($article)) {
import('classes.issue.IssueAction');
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$subscribedUser = IssueAction::subscribedUser($journal, $issue->getId(), $articleId);
if (!(!$subscriptionRequired || $article->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser)) {
$request->redirect(null, 'index');
}
} else {
$request->redirect(null, 'index');
}
$this->issue =& $issue;
$this->article =& $article;
return true;
}
/**
* Validation
* @see lib/pkp/classes/handler/PKPHandler#validate()
* @param $request Request
* @param $issueId int
* @param $galleyId int
*/
function validate($request, $issueId = null, $galleyId = null)
{
$returner = parent::validate(null, $request);
// Validate requests that don't specify an issue or galley
if (!$issueId && !$galleyId) {
return $returner;
}
// Require an issue id to continue
if (!$issueId) {
$request->redirect(null, 'index');
}
import('classes.issue.IssueAction');
$journal =& $request->getJournal();
$journalId = $journal->getId();
$user =& $request->getUser();
$userId = $user ? $user->getId() : 0;
$issue = null;
$galley = null;
// Get the issue
$issueDao =& DAORegistry::getDAO('IssueDAO');
if ($journal->getSetting('enablePublicIssueId')) {
$issue =& $issueDao->getIssueByBestIssueId($issueId, $journalId);
} else {
$issue =& $issueDao->getIssueById((int) $issueId, null, true);
}
// Invalid issue id, redirect to current issue
if (!$issue || !$this->_isVisibleIssue($issue, $journalId)) {
$request->redirect(null, null, 'current');
}
$this->setIssue($issue);
// If no issue galley id provided, then we're done
if (!$galleyId) {
return true;
}
// Get the issue galley
$galleyDao =& DAORegistry::getDAO('IssueGalleyDAO');
if ($journal->getSetting('enablePublicGalleyId')) {
$galley =& $galleyDao->getGalleyByBestGalleyId($galleyId, $issue->getId());
} else {
$galley =& $galleyDao->getGalley($galleyId, $issue->getId());
}
// Invalid galley id, redirect to issue page
if (!$galley) {
$request->redirect(null, null, 'view', $issueId);
}
$this->setGalley($galley);
// If this is an editorial user who can view unpublished issue galleys,
// bypass further validation
if (IssueAction::allowedIssuePrePublicationAccess($journal)) {
return true;
}
// Ensure reader has rights to view the issue galley
if ($issue->getPublished()) {
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$isSubscribedDomain = IssueAction::subscribedDomain($journal, $issueId);
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) {
Validation::redirectLogin();
}
// If no domain/ip subscription, check if user has a valid subscription
// or if the user has previously purchased the issue
if (!$isSubscribedDomain && $subscriptionRequired) {
// Check if user has a valid subscription
$subscribedUser = IssueAction::subscribedUser($journal, $issueId);
if (!$subscribedUser) {
// Check if payments are enabled,
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) {
// If only pdf files are being restricted, then approve all non-pdf galleys
// and continue checking if it is a pdf galley
if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) {
return true;
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forIssue");
}
// If the issue galley has been purchased, then allow reader access
$completedPaymentDao =& DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issueId) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
return true;
} else {
// Otherwise queue an issue purchase payment and display payment form
$queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issueId, $journal->getSetting('purchaseIssueFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$templateMgr =& TemplateManager::getManager();
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
$request->redirect(null, 'about', 'subscriptions');
}
}
} else {
$request->redirect(null, 'index');
}
return true;
}
/**
* A landing page once users complete registration
* @param $args array
* @param $request PKPRequest
*/
function registrationComplete($args, $request)
{
if (!Validation::isLoggedIn()) {
$request->redirect(null, 'login');
}
$this->setupTemplate($request);
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('pageTitle', 'user.login.registrationComplete');
return $templateMgr->fetch('frontend/pages/userRegisterComplete.tpl');
}
/**
* Constructor.
* Initialize template engine and assign basic template variables.
* @param $request PKPRequest FIXME: is optional for backwards compatibility only - make mandatory
*/
function PKPTemplateManager($request = null)
{
// FIXME: for backwards compatibility only - remove
if (!isset($request)) {
if (Config::getVar('debug', 'deprecation_warnings')) {
trigger_error('Deprecated function call.');
}
$request =& Registry::get('request');
}
assert(is_a($request, 'PKPRequest'));
// Retrieve the router
$router =& $request->getRouter();
assert(is_a($router, 'PKPRouter'));
parent::Smarty();
// Set up Smarty configuration
$baseDir = Core::getBaseDir();
$cachePath = CacheManager::getFileCachePath();
// Set the default template dir (app's template dir)
$this->app_template_dir = $baseDir . DIRECTORY_SEPARATOR . 'templates';
// Set fallback template dir (core's template dir)
$this->core_template_dir = $baseDir . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'pkp' . DIRECTORY_SEPARATOR . 'templates';
$this->template_dir = array($this->app_template_dir, $this->core_template_dir);
$this->compile_dir = $cachePath . DIRECTORY_SEPARATOR . 't_compile';
$this->config_dir = $cachePath . DIRECTORY_SEPARATOR . 't_config';
$this->cache_dir = $cachePath . DIRECTORY_SEPARATOR . 't_cache';
// Assign common variables
$this->styleSheets = array();
$this->assign_by_ref('stylesheets', $this->styleSheets);
$this->javaScripts = array();
$this->cacheability = CACHEABILITY_NO_STORE;
// Safe default
$this->assign('defaultCharset', Config::getVar('i18n', 'client_charset'));
$this->assign('basePath', $request->getBasePath());
$this->assign('baseUrl', $request->getBaseUrl());
$this->assign('requiresFormRequest', $request->isPost());
if (is_a($router, 'PKPPageRouter')) {
$this->assign('requestedPage', $router->getRequestedPage($request));
}
$this->assign('currentUrl', $request->getCompleteUrl());
$this->assign('dateFormatTrunc', Config::getVar('general', 'date_format_trunc'));
$this->assign('dateFormatShort', Config::getVar('general', 'date_format_short'));
$this->assign('dateFormatLong', Config::getVar('general', 'date_format_long'));
$this->assign('datetimeFormatShort', Config::getVar('general', 'datetime_format_short'));
$this->assign('datetimeFormatLong', Config::getVar('general', 'datetime_format_long'));
$this->assign('timeFormat', Config::getVar('general', 'time_format'));
$this->assign('allowCDN', Config::getVar('general', 'enable_cdn'));
$this->assign('useMinifiedJavaScript', Config::getVar('general', 'enable_minified'));
$locale = Locale::getLocale();
$this->assign('currentLocale', $locale);
// If there's a locale-specific stylesheet, add it.
if (($localeStyleSheet = Locale::getLocaleStyleSheet($locale)) != null) {
$this->addStyleSheet($request->getBaseUrl() . '/' . $localeStyleSheet);
}
$application =& PKPApplication::getApplication();
$this->assign('pageTitle', $application->getNameKey());
// Register custom functions
$this->register_modifier('translate', array('Locale', 'translate'));
$this->register_modifier('get_value', array(&$this, 'smartyGetValue'));
$this->register_modifier('strip_unsafe_html', array('String', 'stripUnsafeHtml'));
$this->register_modifier('String_substr', array('String', 'substr'));
$this->register_modifier('to_array', array(&$this, 'smartyToArray'));
$this->register_modifier('concat', array(&$this, 'smartyConcat'));
$this->register_modifier('escape', array(&$this, 'smartyEscape'));
$this->register_modifier('strtotime', array(&$this, 'smartyStrtotime'));
$this->register_modifier('explode', array(&$this, 'smartyExplode'));
$this->register_modifier('assign', array(&$this, 'smartyAssign'));
$this->register_function('translate', array(&$this, 'smartyTranslate'));
$this->register_function('flush', array(&$this, 'smartyFlush'));
$this->register_function('call_hook', array(&$this, 'smartyCallHook'));
$this->register_function('html_options_translate', array(&$this, 'smartyHtmlOptionsTranslate'));
$this->register_block('iterate', array(&$this, 'smartyIterate'));
$this->register_function('call_progress_function', array(&$this, 'smartyCallProgressFunction'));
$this->register_function('page_links', array(&$this, 'smartyPageLinks'));
$this->register_function('page_info', array(&$this, 'smartyPageInfo'));
$this->register_function('get_help_id', array(&$this, 'smartyGetHelpId'));
$this->register_function('icon', array(&$this, 'smartyIcon'));
$this->register_function('help_topic', array(&$this, 'smartyHelpTopic'));
$this->register_function('sort_heading', array(&$this, 'smartySortHeading'));
$this->register_function('sort_search', array(&$this, 'smartySortSearch'));
$this->register_function('get_debug_info', array(&$this, 'smartyGetDebugInfo'));
$this->register_function('assign_mailto', array(&$this, 'smartyAssignMailto'));
$this->register_function('display_template', array(&$this, 'smartyDisplayTemplate'));
$this->register_modifier('truncate', array(&$this, 'smartyTruncate'));
// JS UI components
$this->register_function('modal', array(&$this, 'smartyModal'));
$this->register_function('confirm', array(&$this, 'smartyConfirm'));
$this->register_function('confirm_submit', array(&$this, 'smartyConfirmSubmit'));
$this->register_function('init_tabs', array(&$this, 'smartyInitTabs'));
$this->register_function('modal_title', array(&$this, 'smartyModalTitle'));
// register the resource name "core"
$this->register_resource("core", array(array(&$this, 'smartyResourceCoreGetTemplate'), array(&$this, 'smartyResourceCoreGetTimestamp'), array(&$this, 'smartyResourceCoreGetSecure'), array(&$this, 'smartyResourceCoreGetTrusted')));
$this->register_function('url', array(&$this, 'smartyUrl'));
// ajax load into a div
$this->register_function('load_url_in_div', array(&$this, 'smartyLoadUrlInDiv'));
if (!defined('SESSION_DISABLE_INIT')) {
/**
* Kludge to make sure no code that tries to connect to
* the database is executed (e.g., when loading
* installer pages).
*/
$this->assign('isUserLoggedIn', Validation::isLoggedIn());
$application =& PKPApplication::getApplication();
$currentVersion =& $application->getCurrentVersion();
$this->assign('currentVersionString', $currentVersion->getVersionString());
$this->assign('itemsPerPage', Config::getVar('interface', 'items_per_page'));
$this->assign('numPageLinks', Config::getVar('interface', 'page_links'));
$user =& $request->getUser();
if ($user) {
$notificationDao =& DAORegistry::getDAO('NotificationDAO');
$notifications =& $notificationDao->getNotificationsByUserId($user->getId(), NOTIFICATION_LEVEL_TRIVIAL);
$notificationsArray =& $notifications->toArray();
unset($notifications);
foreach ($notificationsArray as $notification) {
$notificationDao->deleteNotificationById($notification->getId());
}
$this->assign('systemNotifications', $notificationsArray);
}
}
$this->initialized = false;
}
import('file.FileManager');
if (!FileManager::mkdir($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/')) {
$this->setError(INSTALLER_ERROR_GENERAL, 'installer.installFilesDirError');
return false;
}
}
//Check if user's image directory exists, else create it
if (Validation::isLoggedIn() && !file_exists($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/' . $user->getUsername())) {
import('file.FileManager');
if (!FileManager::mkdir($init['baseDir'] . '/' . $init['publicDir'] . '/site/images/' . $user->getUsername())) {
$this->setError(INSTALLER_ERROR_GENERAL, 'installer.installFilesDirError');
return false;
}
array_push($cfg['ilibs'], array('value' => '/' . $init['publicDir'] . '/site/images/' . $user->getUsername() . '/', 'text' => 'Your images'));
} else {
if (Validation::isLoggedIn()) {
array_push($cfg['ilibs'], array('value' => '/' . $init['publicDir'] . '/site/images/' . $user->getUsername() . '/', 'text' => 'Your images'));
}
}
//-------------------------------------------------------------------------
// use dynamic image libraries - if $cfg['ilibs_inc'] is set, static image libraries above are ignored
// image directories to be scanned
// $cfg['ilibs_dir'] = array('/public/site/images/public'); // image library path with slashes; absolute to root directory - please make sure that the directories have write permissions
// $cfg['ilibs_dir_show'] = true; // show main library (true) or only sub-dirs (false)
// $cfg['ilibs_inc'] = realpath(dirname(__FILE__) . '/../scripts/init.php'); // file to include in ibrowser.php (useful for setting $cfg['ilibs] dynamically
//-------------------------------------------------------------------------
// you shouldn't need to make any changes to the config variable beyond this line!
//-------------------------------------------------------------------------
$osslash = strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' ? '\\' : '/';
$cfg['ver'] = '1.3.7 - build 10052006';
// iBrowser version
/**
* Check if a user is authorized to access the specified role in the specified journal.
* @param $roleId int
* @param $journalId optional (e.g., for global site admin role), the ID of the journal
* @return boolean
*/
function isAuthorized($roleId, $journalId = 0)
{
if (!Validation::isLoggedIn()) {
return false;
}
if ($journalId === -1) {
// Get journal ID from request
$journal =& Request::getJournal();
$journalId = $journal == null ? 0 : $journal->getJournalId();
}
$sessionManager =& SessionManager::getManager();
$session =& $sessionManager->getUserSession();
$user =& $session->getUser();
$roleDao =& DAORegistry::getDAO('RoleDAO');
return $roleDao->roleExists($journalId, $user->getUserId(), $roleId);
}
/**
* Validation
*/
function validate($articleId, $galleyId = null)
{
parent::validate(true);
import('issue.IssueAction');
$journal =& Request::getJournal();
$journalId = $journal->getJournalId();
$article = $publishedArticle = $issue = null;
$publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO');
if ($journal->getSetting('enablePublicArticleId')) {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByBestArticleId($journalId, $articleId);
} else {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByArticleId((int) $articleId, $journalId);
}
$issueDao =& DAORegistry::getDAO('IssueDAO');
if (isset($publishedArticle)) {
$issue =& $issueDao->getIssueByArticleId($publishedArticle->getArticleId(), $journalId);
} else {
$articleDao =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDao->getArticle((int) $articleId, $journalId);
}
// If this is an editorial user who can view unpublished/unscheduled
// articles, bypass further validation.
if (($article || $publishedArticle) && IssueAction::allowedPrePublicationAccess($journal)) {
return array($journal, $issue, $publishedArticle ? $publishedArticle : $article);
}
// Make sure the reader has rights to view the article/issue.
if ($issue && $issue->getPublished()) {
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$isSubscribedDomain = IssueAction::subscribedDomain($journal, $issue->getIssueId(), $articleId);
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId != 0) {
Validation::redirectLogin();
}
// bypass all validation if subscription based on domain or ip is valid
// or if the user is just requesting the abstract
if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId != 0)) {
// Subscription Access
$subscribedUser = IssueAction::subscribedUser($journal, $issue->getIssueId(), $articleId);
if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() || $subscribedUser)) {
// if payment information is enabled,
import('payment.ojs.OJSPaymentManager');
$paymentManager =& OJSPaymentManager::getManager();
if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) {
/* if only pdf files are being restricted, then approve all non-pdf galleys
* and continue checking if it is a pdf galley */
if ($paymentManager->onlyPdfEnabled()) {
$galleyDAO =& DAORegistry::getDAO('ArticleGalleyDAO');
$galley =& $galleyDAO->getGalley($galleyId, $articleId);
if ($galley && !$galley->isPdfGalley()) {
return array($journal, $issue, $publishedArticle);
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forArticle");
}
$user =& Request::getUser();
$userId = $user->getUserId();
/* if the article has been paid for then forget about everything else
* and just let them access the article */
$completedPaymentDAO =& DAORegistry::getDAO('OJSCompletedPaymentDAO');
if ($completedPaymentDAO->hasPaidPerViewArticle($userId, $articleId) || !is_null($user->getDateEndMembership()) && strtotime($user->getDateEndMembership()) > time()) {
return array($journal, $issue, $publishedArticle);
} else {
$queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getUserId(), $articleId, $journal->getSetting('purchaseArticleFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$templateMgr =& TemplateManager::getManager();
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!isset($galleyId) || $galleyId) {
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
Request::redirect(null, 'about', 'subscriptions');
}
}
}
} else {
Request::redirect(null, 'index');
}
return array($journal, $issue, $publishedArticle);
}
public function __construct()
{
// Get paths to system base directories
$this->baseDir = $_SERVER['SCRIPT_FILENAME'];
for ($i = 0; $i < 10; $i++) {
$this->baseDir = dirname($this->baseDir);
}
// Load and execute initialization code
chdir($this->baseDir);
define('INDEX_FILE_LOCATION', $this->baseDir . '/index.php');
require $this->baseDir . '/lib/pkp/includes/bootstrap.inc.php';
$publicDir = Config::getVar('files', 'public_files_dir');
$this->baseUrl = Config::getVar('general', 'base_url');
// Skip locale detection
define('SESSION_DISABLE_INIT', 1);
// Register locale files in the registry
$locale = LOCALE_DEFAULT;
$localeFile = new LocaleFile($locale, $this->baseDir . "/lib/pkp/locale/{$locale}/installer.xml");
Registry::get('localeFiles', true, array($locale => array($localeFile)));
// Load user variables
$sessionManager = SessionManager::getManager();
$userSession = $sessionManager->getUserSession();
$user = $userSession->getUser();
if (isset($user)) {
// User is logged in
$siteDir = $this->baseDir . '/' . $publicDir . '/site/';
if (!file_exists($siteDir . '/images/')) {
import('lib.pkp.classes.file.FileManager');
$fileManager = new FileManager();
// Check that the public/site/ directory exists and is writeable
if (!file_exists($siteDir) || !is_writeable($siteDir)) {
die(__('installer.installFilesDirError'));
}
// Create the images directory
if (!$fileManager->mkdir($siteDir . '/images/')) {
die(__('installer.installFilesDirError'));
}
}
//Check if user's image directory exists, else create it
if (Validation::isLoggedIn() && !file_exists($siteDir . '/images/' . $user->getUsername())) {
import('lib.pkp.classes.file.FileManager');
$fileManager = new FileManager();
// Check that the public/site/images/ directory exists and is writeable
if (!file_exists($siteDir . '/images/') || !is_writeable($siteDir . '/images/')) {
die(__('installer.installFilesDirError'));
}
// Create the directory to store the user's images
if (!$fileManager->mkdir($siteDir . '/images/' . $user->getUsername())) {
die(__('installer.installFilesDirError'));
}
$this->imageDir = $publicDir . '/site/images/' . $user->getUsername();
} else {
if (Validation::isLoggedIn()) {
// User's image directory already exists
$this->imageDir = $publicDir . '/site/images/' . $user->getUsername();
}
}
} else {
// Not logged in; Do not allow images to be uploaded
$this->imageDir = null;
}
// Set the base directory back to its original location
chdir(dirname($_SERVER['SCRIPT_FILENAME']));
}
/**
* Determines whether or not a user can view an issue galley.
* @param $request Request
*/
function userCanViewGalley($request)
{
import('classes.issue.IssueAction');
$issueAction = new IssueAction();
$journal = $request->getJournal();
$user = $request->getUser();
$userId = $user ? $user->getId() : 0;
$issue = $this->getAuthorizedContextObject(ASSOC_TYPE_ISSUE);
$galley = $this->getGalley();
// If this is an editorial user who can view unpublished issue galleys,
// bypass further validation
if ($issueAction->allowedIssuePrePublicationAccess($journal)) {
return true;
}
// Ensure reader has rights to view the issue galley
if ($issue->getPublished()) {
$subscriptionRequired = $issueAction->subscriptionRequired($issue);
$isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId());
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) {
Validation::redirectLogin();
}
// If no domain/ip subscription, check if user has a valid subscription
// or if the user has previously purchased the issue
if (!$isSubscribedDomain && $subscriptionRequired) {
// Check if user has a valid subscription
$subscribedUser = $issueAction->subscribedUser($journal, $issue->getId());
if (!$subscribedUser) {
// Check if payments are enabled,
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) {
// If only pdf files are being restricted, then approve all non-pdf galleys
// and continue checking if it is a pdf galley
if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) {
return true;
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forIssue");
}
// If the issue galley has been purchased, then allow reader access
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
return true;
} else {
// Otherwise queue an issue purchase payment and display payment form
$queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issue->getId(), $journal->getSetting('purchaseIssueFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
$request->redirect(null, 'about', 'subscriptions');
}
}
} else {
$request->redirect(null, 'index');
}
return true;
}
/**
* Handle submission of the user registration form
*/
function register()
{
$this->addCheck(new HandlerValidatorSchedConf($this));
$this->validate();
$conference =& Request::getConference();
$schedConf =& Request::getSchedConf();
$paymentManager =& OCSPaymentManager::getManager();
if (!$paymentManager->isConfigured()) {
Request::redirect(null, null, 'index');
}
$user =& Request::getUser();
$registrationDao =& DAORegistry::getDAO('RegistrationDAO');
if ($user && ($registrationId = $registrationDao->getRegistrationIdByUser($user->getId(), $schedConf->getId()))) {
// This user has already registered.
$registration =& $registrationDao->getRegistration($registrationId);
if (!$registration || $registration->getDatePaid()) {
// And they have already paid. Redirect to a message explaining.
Request::redirect(null, null, null, 'registration');
} else {
// Allow them to resubmit the form to change type or pay again.
$registrationDao->deleteRegistrationById($registrationId);
}
}
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('pageHierarchy', array(array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true), array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true)));
SchedConfHandler::setupTemplate($conference, $schedConf);
import('registration.form.UserRegistrationForm');
$typeId = (int) Request::getUserVar('registrationTypeId');
if (checkPhpVersion('5.0.0')) {
// WARNING: This form needs $this in constructor
$form = new UserRegistrationForm($typeId);
} else {
$form =& new UserRegistrationForm($typeId);
}
$form->readInputData();
if ($form->validate()) {
if (($registrationError = $form->execute()) != REGISTRATION_SUCCESSFUL) {
$templateMgr->assign('isUserLoggedIn', Validation::isLoggedIn());
// In case a user was just created, make sure they appear logged in
if ($registrationError == REGISTRATION_FAILED) {
// User not created
$templateMgr->assign('message', 'schedConf.registration.failed');
$templateMgr->assign('backLinkLabel', 'common.back');
$templateMgr->assign('backLink', Request::url(null, null, 'index'));
$templateMgr->display('common/message.tpl');
} elseif ($registrationError == REGISTRATION_NO_PAYMENT) {
// Automatic payment failed; display a generic
// "you will be contacted" message.
$templateMgr->assign('message', 'schedConf.registration.noPaymentMethodAvailable');
$templateMgr->assign('backLinkLabel', 'common.back');
$templateMgr->assign('backLink', Request::url(null, null, 'index'));
$templateMgr->display('common/message.tpl');
} elseif ($registrationError == REGISTRATION_FREE) {
// Registration successful; no payment required (free)
$templateMgr->assign('message', 'schedConf.registration.free');
$templateMgr->assign('backLinkLabel', 'common.back');
$templateMgr->assign('backLink', Request::url(null, null, 'index'));
$templateMgr->display('common/message.tpl');
}
}
// Otherwise, payment is handled for us.
} else {
$templateMgr->assign('isUserLoggedIn', Validation::isLoggedIn());
// In case a user was just created, make sure they appear logged in
$form->display();
}
}
/**
* Validation
*/
function validate($paperId)
{
parent::validate();
$conference =& Request::getConference();
$schedConf =& Request::getSchedConf();
$publishedPaperDao =& DAORegistry::getDAO('PublishedPaperDAO');
$paper =& $publishedPaperDao->getPublishedPaperByPaperId($paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts'));
$this->paper =& $paper;
if ($paper == null) {
Request::redirect(null, null, 'index');
}
// Bring in comment and view constants
$commentDao =& DAORegistry::getDAO('CommentDAO');
$enableComments = $conference->getSetting('enableComments');
if (!$enableComments || !$paper->getEnableComments()) {
Request::redirect(null, null, 'index');
}
$restrictPaperAccess = $conference->getSetting('restrictPaperAccess');
if ($restrictPaperAccess && !Validation::isLoggedIn()) {
Validation::redirectLogin();
}
return true;
}
/**
* Display an authorization denied message.
* @param $args array
* @param $request Request
*/
function authorizationDenied($args, $request)
{
if (!Validation::isLoggedIn()) {
Validation::redirectLogin();
}
// Get message with sanity check (for XSS or phishing)
$authorizationMessage = $request->getUserVar('message');
if (!preg_match('/^[a-zA-Z0-9.]+$/', $authorizationMessage)) {
fatalError('Invalid locale key for auth message.');
}
$this->setupTemplate($request);
AppLocale::requireComponents(LOCALE_COMPONENT_PKP_USER);
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('message', $authorizationMessage);
return $templateMgr->display('common/message.tpl');
}
/**
* Check if a user is authorized to access the specified role in the specified conference.
* @param $roleId int
* @param $conferenceId optional (e.g., for global site admin role), the ID of the conference
* @return boolean
*/
function isAuthorized($roleId, $conferenceId = 0, $schedConfId = 0)
{
if (!Validation::isLoggedIn()) {
return false;
}
if ($conferenceId === -1) {
// Get conference ID from request
$conference =& Request::getConference();
$conferenceId = $conference ? $conference->getId() : 0;
}
if ($schedConfId === -1) {
// Get scheduled conference ID from request
$schedConf =& Request::getSchedConf();
$schedConfId = $schedConf ? $schedConf->getId() : 0;
}
$sessionManager =& SessionManager::getManager();
$session =& $sessionManager->getUserSession();
$user =& $session->getUser();
$roleDao =& DAORegistry::getDAO('RoleDAO');
return $roleDao->roleExists($conferenceId, $schedConfId, $user->getId(), $roleId);
}
/**
* Determines whether a user can view this article galley or not.
* @param $request Request
* @param $articleId string
* @param $galleyId int or string
*/
function userCanViewGalley($request, $articleId, $galleyId = null)
{
import('classes.issue.IssueAction');
$issueAction = new IssueAction();
$journal = $request->getJournal();
$publishedArticle = $this->article;
$issue = $this->issue;
$journalId = $journal->getId();
$user = $request->getUser();
$userId = $user ? $user->getId() : 0;
// If this is an editorial user who can view unpublished/unscheduled
// articles, bypass further validation. Likewise for its author.
if ($publishedArticle && $issueAction->allowedPrePublicationAccess($journal, $publishedArticle)) {
return true;
}
// Make sure the reader has rights to view the article/issue.
if ($issue && $issue->getPublished() && $publishedArticle->getStatus() == STATUS_PUBLISHED) {
$subscriptionRequired = $issueAction->subscriptionRequired($issue);
$isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId(), $publishedArticle->getId());
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId) {
Validation::redirectLogin();
}
// bypass all validation if subscription based on domain or ip is valid
// or if the user is just requesting the abstract
if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId)) {
// Subscription Access
$subscribedUser = $issueAction->subscribedUser($journal, $issue->getId(), $publishedArticle->getId());
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
$purchasedIssue = false;
if (!$subscribedUser && $paymentManager->purchaseIssueEnabled()) {
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$purchasedIssue = $completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId());
}
if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser || $purchasedIssue)) {
if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) {
/* if only pdf files are being restricted, then approve all non-pdf galleys
* and continue checking if it is a pdf galley */
if ($paymentManager->onlyPdfEnabled()) {
if ($this->galley && !$this->galley->isPdfGalley()) {
$this->issue = $issue;
$this->article = $publishedArticle;
return true;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forArticle");
}
/* if the article has been paid for then forget about everything else
* and just let them access the article */
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseArticle($userId, $publishedArticle->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
$this->issue = $issue;
$this->article = $publishedArticle;
return true;
} else {
$queuedPayment = $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getId(), $publishedArticle->getId(), $journal->getSetting('purchaseArticleFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!isset($galleyId) || $galleyId) {
if (!Validation::isLoggedIn()) {
Validation::redirectLogin('reader.subscriptionRequiredLoginText');
}
$request->redirect(null, 'about', 'subscriptions');
}
}
}
} else {
$request->redirect(null, 'search');
}
return true;
}
/**
* Log a user out.
*/
function signOut($args, &$request)
{
$this->validate();
$this->setupTemplate($request);
if (Validation::isLoggedIn()) {
Validation::logout();
}
$source = $request->getUserVar('source');
if (isset($source) && !empty($source)) {
$request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false);
} else {
$request->redirect(null, $request->getRequestedPage());
}
}
function survey()
{
if (Validation::isLoggedIn() === FALSE) {
Validation::redirectLogin();
}
$this->addCheck(new HandlerValidatorSchedConf($this));
$this->validate();
$conference =& Request::getConference();
$schedConf =& Request::getSchedConf();
$id = Request::getUserVar('id');
$navItems = $conference->getLocalizedSetting('navItems');
$navItem = $navItems[intval($id)];
$title = $navItem["name"];
$templateMgr =& TemplateManager::getManager();
//$templateMgr->assign('pageHierarchy', array(
// array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true),
// array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true)));
SchedConfHandler::setupTemplate($conference, $schedConf);
//AppLocale::requireComponents(array(LOCALE_COMPONENT_OCS_DIRECTOR)); // FIXME: director.allTracks
$templateMgr->assign('pageHierarchyRoot', true);
$templateMgr->assign('pageHierarchy', array(array(Request::url(null, $conference->getSetting('path'), 'index'), AppLocale::Translate('navigation.home'), true), array(Request::url(null, null, 'index'), $title, true)));
//$data = Request::getUserVar('data');
$user = Request::getUser();
if ($user) {
$settingKey = 'survey_' . $conference->getId() . "_" . $id;
if (Request::getUserVar('save') !== null) {
$data = Request::getUserVar('data');
$user->updateSetting($settingKey, $data, 'string', $conference->getId());
} else {
$data = $user->getSetting($settingKey);
}
}
if (!$data) {
$data = '{}';
}
$templateMgr->assign('title', $title);
$templateMgr->assign('survey', $navItem["survey"]);
$templateMgr->assign('data', $data);
$templateMgr->assign('helpTopicId', 'conference.currentConferences.survey');
$templateMgr->display('schedConf/survey.tpl');
}
/**
* Validation
* @see lib/pkp/classes/handler/PKPHandler#validate()
* @param $request Request
* @param $paperId integer
* @param $galleyId integer
*/
function validate(&$request, $paperId, $galleyId = null)
{
$router =& $request->getRouter();
parent::validate(null, $request);
$conference =& $router->getContext($request, CONTEXT_CONFERENCE);
$schedConf =& $router->getContext($request, CONTEXT_SCHED_CONF);
$conferenceId = $conference->getId();
$publishedPaperDao = DAORegistry::getDAO('PublishedPaperDAO');
if ($schedConf->getSetting('enablePublicPaperId')) {
$paper =& $publishedPaperDao->getPublishedPaperByBestPaperId($schedConf->getId(), $paperId, $schedConf->getSetting('previewAbstracts') ? true : false);
} else {
$paper =& $publishedPaperDao->getPublishedPaperByPaperId((int) $paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts') ? true : false);
}
// if paper does not exist, is not published, or is not part of
// the right conference & sched conf, redirect to index.
if (isset($schedConf) && isset($paper) && isset($conference) && $paper->getSchedConfId() == $schedConf->getId() && $schedConf->getConferenceId() == $conference->getId()) {
// Check if login is required for viewing.
if (!Validation::isLoggedIn() && $schedConf->getSetting('restrictPaperAccess')) {
Validation::redirectLogin();
}
import('classes.schedConf.SchedConfAction');
$mayViewPaper = SchedConfAction::mayViewPapers($schedConf, $conference);
if (isset($galleyId) && $galleyId != 0 && !$mayViewPaper || (!isset($galleyId) || $galleyId == 0) && !SchedConfAction::mayViewProceedings($schedConf)) {
$this->setupTemplate($request);
$templateMgr =& TemplateManager::getManager($request);
$templateMgr->assign_by_ref('paper', $paper);
$templateMgr->assign_by_ref('schedConf', $schedConf);
$templateMgr->assign_by_ref('conference', $conference);
$templateMgr->display('paper/accessDenied.tpl');
exit;
}
} else {
$request->redirect(null, null, 'index');
}
$this->paper =& $paper;
return true;
}
