<?php // +----------------------------------------------------------------------+ // | OpenConf | // +----------------------------------------------------------------------+ // | Copyright (c) 2002-2014 Zakon Group LLC. All Rights Reserved. | // +----------------------------------------------------------------------+ // | This source file is subject to the OpenConf License, available on | // | the OpenConf web site: www.OpenConf.com | // +----------------------------------------------------------------------+ require_once "../include.php"; oc_sendNoCacheHeaders(); $editTimeout = 2; // hours // Cancel edit if (isset($_GET['ocaction']) && ($_GET['ocaction'] == 'cancel') && isset($_GET['pid']) && ctype_digit($_GET['pid']) && isset($_GET['edittoken']) && preg_match("/^\w+$/", $_GET['edittoken']) ) { ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`=NULL, `edittime`=NULL WHERE `paperid`=" . safeSQLstr($_GET['pid']) . " AND `edittoken`='" . safeSQLstr($_GET['edittoken']) . "'"); header("Location: ../"); exit; } if (OCC_CHAIR_PWD_TRUMPS && isset($_REQUEST['c']) && ($_REQUEST['c'] == 1)) { $hdrfn = 1; beginChairSession(); $chair = TRUE; } else { $hdrfn = 3; $chair = FALSE; } printHeader(oc_('Edit Submission'), $hdrfn); // Edit still allowed? if (! $chair && ! $OC_statusAR['OC_edit_open']) { warn(oc_('Submission edits are no longer available.')); exit; } // Is this a post? if (isset($_POST['ocaction'])) { if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) { warn(oc_('Submission ID is invalid')); } if ($_POST['ocaction'] == 'Edit Submission') { // Check password if (! $chair && (! isset($_POST['passwordfld']) || empty($_POST['passwordfld']))) { warn(oc_('Submission ID or password entered is incorrect')); exit; } // verify login and acceptance status if not chair if (! $chair) { $pq = "SELECT `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_ACCEPTANCE . "`.`accepted` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_ACCEPTANCE . "` ON (`" . OCC_TABLE_PAPER . "`.`accepted`=`" . OCC_TABLE_ACCEPTANCE . "`.`value`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . safeSQLstr($_POST['pid']) . "'"; $pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission')); if (ocsql_num_rows($pr) != 1) { warn(oc_('Submission ID or password entered is incorrect')); exit; } $pl = ocsql_fetch_assoc($pr); if (!oc_password_verify($_POST['passwordfld'], $pl['password']) && (!OCC_CHAIR_PWD_TRUMPS || !oc_password_verify($_POST['passwordfld'], $OC_configAR['OC_chair_pwd'])) ) { warn(oc_('Submission ID or password entered is incorrect')); exit; } unset($_POST['passwordfld']); // Edit limited to accepted subs only? if (($OC_configAR['OC_editAcceptedOnly'] == 1) && ($pl['accepted'] != 1)) { warn(oc_('Submission edits are no longer available.')); exit; } // set token $token = oc_idGen(); $pr = ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`='" . safeSQLstr($token) . "', `edittime`=" . time() . " WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to edit submission (token)')); } } elseif ($_POST['ocaction'] != 'Submit Changes') { warn(oc_('Invalid request.')); exit; } if ($chair) { // display back links print '<p style="text-align: center"><a href="../chair/show_paper.php?pid=' . $_POST['pid'] . '">View This Submission</a> | <a href="../chair/list_papers.php">View All Submissions</a></p>'; } elseif ($_POST['ocaction'] == 'Submit Changes') { // check token $pq = "SELECT `edittoken`, `edittime` FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'"; $pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission (tokeninfo)')); if (ocsql_num_rows($pr) != 1) { err(oc_('Submission ID or password entered is incorrect')); } $pl = ocsql_fetch_assoc($pr); if (!isset($_POST['edittoken']) || ($_POST['edittoken'] != $pl['edittoken']) || ((time() - $pl['edittime']) > (60 * 60 * $editTimeout)) ) { warn(sprintf(oc_('There is a %1$d hour timeout for editing the submission. Please <a href"%2$s">edit submission</a> once again'), $editTimeout, $_SERVER['PHP_SELF'])); exit; } } // Set number of author fields to display and populate $_POST with fields if needed if (isset($_POST['authornum']) && ctype_digit($_POST['authornum'])) { $oc_authorNum = $_POST['authornum']; } else { // get sub $anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err("Unable to retrieve submission information"); if (ocsql_num_rows($anr) != 1) { err(oc_('Submission ID or password entered is incorrect')); } $_POST = array_merge($_POST, ocsql_fetch_assoc($anr)); // get authors $authorCount = 0; $anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']) . " ORDER BY `position`") or err(oc_('Unable to retrieve author(s) information')); while ($anl = ocsql_fetch_assoc($anr)) { foreach ($anl as $anli => $anlv) { if (($anli == 'paperid') || ($anli == 'position')) { continue; } $_POST[$anli . $anl['position']] = $anlv; } $authorCount = $anl['position']; // track highest position } // get topics $anr = ocsql_query("SELECT `topicid` FROM `" . OCC_TABLE_PAPERTOPIC . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to retrieve topic(s) information')); $_POST['topics'] = array(); while ($anl = ocsql_fetch_assoc($anr)) { $_POST['topics'][] = $anl['topicid']; } if ( ! $OC_configAR['OC_multipleSubmissionTopics'] ) { $_POST['topics'] = $_POST['topics'][0]; } // set author num to either use min display or actual author count, whichever is greater $oc_authorNum = (($authorCount > $OC_configAR['OC_authorsMinDisplay']) ? $authorCount : $OC_configAR['OC_authorsMinDisplay']); // set token if (! $chair) { $_POST['edittoken'] = $token; } } if (oc_hookSet('author-edit-preprocess')) { foreach ($GLOBALS['OC_hooksAR']['author-edit-preprocess'] as $hook) { require_once $hook; } } require_once OCC_FORM_INC_FILE; require_once OCC_SUBMISSION_INC_FILE; // Set non-editable fields to disabled if submissions closed (and it's not Chair) if (! $chair && ! $OC_statusAR['OC_submissions_open']) { foreach ($OC_submissionFieldAR as $fid => $far) { if (isset($far['closeedit']) && ! $far['closeedit']) { $OC_submissionFieldAR[$fid]['enabled'] = false; } } } // Update password fieldset $OC_submissionFieldSetAR['fs_passwords']['fieldset'] = oc_('Change Password'); $OC_submissionFieldSetAR['fs_passwords']['note'] = oc_('Leave these fields blank if you do not want to change the password'); $OC_submissionFieldAR['password1']['name'] = oc_('New Password'); // Check whether we're submitting changes if ($_POST['ocaction'] == "Submit Changes") { if ($chair && !validToken('chair')) { warn(oc_('Invalid submission')); } $err = ''; $errInc = ''; $qfields = array(); // fields to insert into submission table $afields = array(); // fields to insert into authors table $tfields = array(); // fields to insert into topics table $fileUploaded = false; require_once 'submission-validate.inc'; // process if no errors if (!empty($err)) { print '<p><span class="err">' . oc_('Please check the following:') . '<ul>' . $err . $errInc . '</ul></span><p /><hr /><p />'; } else { $q = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "', `edittoken`=NULL, `edittime`=NULL"; foreach ($qfields as $qid => $qval) { $q .= ", `" . $qid . "`=" . $qval; } $q .= " WHERE `paperid`=" . safeSQLstr($_POST['pid']); $r = ocsql_query($q) or err(oc_('Unable to update submission')); $q = "DELETE FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']); $r = ocsql_query($q) or err(oc_('Unable to update authors or topics (2)')); foreach ($afields as $qid => $qar) { $q = "INSERT INTO `" . OCC_TABLE_AUTHOR . "` SET `paperid`=" . $_POST['pid'] . ", `position`=" . $qid; foreach ($qar as $qqid => $qqval) { $q .= ", `" . $qqid . "`=" . $qqval; } $r = ocsql_query($q) or err(oc_('Unable to add one or more authors or topics.')); } if (!empty($tfields)) { $q = "DELETE FROM " . OCC_TABLE_PAPERTOPIC . " WHERE paperid='".$_POST['pid']."'"; $r = ocsql_query($q) or err(oc_('Unable to update topics')); $q = "INSERT INTO `" . OCC_TABLE_PAPERTOPIC . "` (`paperid`,`topicid`) VALUES"; foreach ($tfields as $t) { $q .= " (" . safeSQLstr($_POST['pid']) . ",$t),"; } $r = ocsql_query(rtrim($q, ',')) or err(oc_('Unable to add topics')); } $mailbody = oc_('Submission ID') . ': ' . $_POST['pid'] . "\n\n" . oc_genFieldMessage($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST); $mailsubject = sprintf(oc_('Submission Update ID %s'), $_POST['pid']); $confirmmsg = '<p><strong>' . oc_('The submission has been updated. Below is the information submitted.') . '</strong></p><pre>' . safeHTMLstr($mailbody) . '</pre>'; if (! $chair) { $confirmmsg .= '<p><strong>' . sprintf(oc_('A copy has also been emailed to the contact author. If you notice any problems or do <em>not</em> receive the email within 24 hours, please contact the <a href="mailto:%1$s?subject=submission edit problem - %2$s">Chair</a>.'), $OC_configAR['OC_pcemail'], $_POST['pid']) . '</strong></p>'; } if (oc_hookSet('author-edit-save')) { foreach ($GLOBALS['OC_hooksAR']['author-edit-save'] as $hook) { require_once $hook; } } //confirm it print $confirmmsg; if (! $chair) { sendEmail($contactemail, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorEdit']); } printFooter(); exit; } // else no $err } // if Submit Changes // Display form print ' <form method="post" id="editsub" enctype="multipart/form-data" action="' . $_SERVER['PHP_SELF'] . '" class="ocform"> <input type="hidden" name="ocaction" value="Submit Changes" /> <input type="hidden" name="pid" value="' . safeHTMLstr($_POST['pid']) . '"> <input type="hidden" name="authornum" id="authornum" value="' . $oc_authorNum . '" /> '; if ($chair) { print ' <input type="hidden" name="c" value="1"> <input type="hidden" name="token" value="' . $_SESSION[OCC_SESSION_VAR_NAME]['chairtoken'] . '" /> '; } else { print ' <input type="hidden" name="edittoken" value="' . safeHTMLstr($_POST['edittoken']) . '" /> '; } oc_displayFieldSet($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST); if (oc_hookSet('author-edit-fields')) { foreach ($GLOBALS['OC_hooksAR']['author-edit-fields'] as $hook) { require_once $hook; } } print '<input type="submit" id="submit" name="submit" value="' . oc_('Submit Changes') . '" class="submit" />'; if (! $chair) { print ' <a href="' . $_SERVER['PHP_SELF'] . '?ocaction=cancel&pid=' . urlencode($_POST['pid']) . '&edittoken=' . urlencode(varValue('edittoken', $_POST)) . '&c=' . ($chair ? 1 : 0) . '">' . oc_('Cancel Changes') . '</a> <p /> '; } print ' <span id="processing" style="position: relative; visibility: hidden;">' . oc_('Processing...') . '</span> </form> <script type="text/javascript"> oc_setupProcessingForm("editsub"); </script> '; printFooter(); exit; } // if Submission // display login form by default print ' <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <input type="hidden" name="ocaction" value="Edit Submission" /> <table border=0 cellspacing=0 cellpadding=5> <tr><td><strong><label for="pid">' . oc_('Submission ID') . '</label>:</strong></td><td><input name="pid" id="pid" size="5" tabindex="1"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr> <tr><td><strong><label for="passwordfld">' . oc_('Password') . '</label>:</strong></td><td><input name="passwordfld" id="passwordfld" type="password" tabindex="2" size="20" maxlength="255"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr> </table> <p /> <input type="submit" name="submit" class="submit" value="' . oc_('Edit Submission') . '" tabindex="3" /> </form> <p class="note">' . sprintf(oc_('There is a %d hour limit to complete updates'), $editTimeout) . '</p> <script language="javascript"> <!-- document.forms[0].elements[0].focus(); // --> </script> '; printFooter(); exit; ?>