<?php
// +----------------------------------------------------------------------+
// | OpenConf |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2014 Zakon Group LLC. All Rights Reserved. |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on |
// | the OpenConf web site: www.OpenConf.com |
// +----------------------------------------------------------------------+
require_once "../include.php";
oc_sendNoCacheHeaders();
$editTimeout = 2; // hours
// Cancel edit
if (isset($_GET['ocaction']) && ($_GET['ocaction'] == 'cancel')
&& isset($_GET['pid']) && ctype_digit($_GET['pid'])
&& isset($_GET['edittoken']) && preg_match("/^\w+$/", $_GET['edittoken'])
) {
ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`=NULL, `edittime`=NULL WHERE `paperid`=" . safeSQLstr($_GET['pid']) . " AND `edittoken`='" . safeSQLstr($_GET['edittoken']) . "'");
header("Location: ../");
exit;
}
if (OCC_CHAIR_PWD_TRUMPS && isset($_REQUEST['c']) && ($_REQUEST['c'] == 1)) {
$hdrfn = 1;
beginChairSession();
$chair = TRUE;
} else {
$hdrfn = 3;
$chair = FALSE;
}
printHeader(oc_('Edit Submission'), $hdrfn);
// Edit still allowed?
if (! $chair && ! $OC_statusAR['OC_edit_open']) {
warn(oc_('Submission edits are no longer available.'));
exit;
}
// Is this a post?
if (isset($_POST['ocaction'])) {
if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) {
warn(oc_('Submission ID is invalid'));
}
if ($_POST['ocaction'] == 'Edit Submission') {
// Check password
if (! $chair && (! isset($_POST['passwordfld']) || empty($_POST['passwordfld']))) {
warn(oc_('Submission ID or password entered is incorrect'));
exit;
}
// verify login and acceptance status if not chair
if (! $chair) {
$pq = "SELECT `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_ACCEPTANCE . "`.`accepted` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_ACCEPTANCE . "` ON (`" . OCC_TABLE_PAPER . "`.`accepted`=`" . OCC_TABLE_ACCEPTANCE . "`.`value`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . safeSQLstr($_POST['pid']) . "'";
$pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission'));
if (ocsql_num_rows($pr) != 1) {
warn(oc_('Submission ID or password entered is incorrect'));
exit;
}
$pl = ocsql_fetch_assoc($pr);
if (!oc_password_verify($_POST['passwordfld'], $pl['password'])
&& (!OCC_CHAIR_PWD_TRUMPS || !oc_password_verify($_POST['passwordfld'], $OC_configAR['OC_chair_pwd']))
) {
warn(oc_('Submission ID or password entered is incorrect'));
exit;
}
unset($_POST['passwordfld']);
// Edit limited to accepted subs only?
if (($OC_configAR['OC_editAcceptedOnly'] == 1) && ($pl['accepted'] != 1)) {
warn(oc_('Submission edits are no longer available.'));
exit;
}
// set token
$token = oc_idGen();
$pr = ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`='" . safeSQLstr($token) . "', `edittime`=" . time() . " WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to edit submission (token)'));
}
} elseif ($_POST['ocaction'] != 'Submit Changes') {
warn(oc_('Invalid request.'));
exit;
}
if ($chair) { // display back links
print '<p style="text-align: center"><a href="../chair/show_paper.php?pid=' . $_POST['pid'] . '">View This Submission</a> | <a href="../chair/list_papers.php">View All Submissions</a></p>';
} elseif ($_POST['ocaction'] == 'Submit Changes') { // check token
$pq = "SELECT `edittoken`, `edittime` FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'";
$pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission (tokeninfo)'));
if (ocsql_num_rows($pr) != 1) { err(oc_('Submission ID or password entered is incorrect')); }
$pl = ocsql_fetch_assoc($pr);
if (!isset($_POST['edittoken'])
|| ($_POST['edittoken'] != $pl['edittoken'])
|| ((time() - $pl['edittime']) > (60 * 60 * $editTimeout))
) {
warn(sprintf(oc_('There is a %1$d hour timeout for editing the submission. Please <a href"%2$s">edit submission</a> once again'), $editTimeout, $_SERVER['PHP_SELF']));
exit;
}
}
// Set number of author fields to display and populate $_POST with fields if needed
if (isset($_POST['authornum']) && ctype_digit($_POST['authornum'])) {
$oc_authorNum = $_POST['authornum'];
} else {
// get sub
$anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err("Unable to retrieve submission information");
if (ocsql_num_rows($anr) != 1) {
err(oc_('Submission ID or password entered is incorrect'));
}
$_POST = array_merge($_POST, ocsql_fetch_assoc($anr));
// get authors
$authorCount = 0;
$anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']) . " ORDER BY `position`") or err(oc_('Unable to retrieve author(s) information'));
while ($anl = ocsql_fetch_assoc($anr)) {
foreach ($anl as $anli => $anlv) {
if (($anli == 'paperid') || ($anli == 'position')) { continue; }
$_POST[$anli . $anl['position']] = $anlv;
}
$authorCount = $anl['position']; // track highest position
}
// get topics
$anr = ocsql_query("SELECT `topicid` FROM `" . OCC_TABLE_PAPERTOPIC . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to retrieve topic(s) information'));
$_POST['topics'] = array();
while ($anl = ocsql_fetch_assoc($anr)) {
$_POST['topics'][] = $anl['topicid'];
}
if ( ! $OC_configAR['OC_multipleSubmissionTopics'] ) {
$_POST['topics'] = $_POST['topics'][0];
}
// set author num to either use min display or actual author count, whichever is greater
$oc_authorNum = (($authorCount > $OC_configAR['OC_authorsMinDisplay']) ? $authorCount : $OC_configAR['OC_authorsMinDisplay']);
// set token
if (! $chair) {
$_POST['edittoken'] = $token;
}
}
if (oc_hookSet('author-edit-preprocess')) {
foreach ($GLOBALS['OC_hooksAR']['author-edit-preprocess'] as $hook) {
require_once $hook;
}
}
require_once OCC_FORM_INC_FILE;
require_once OCC_SUBMISSION_INC_FILE;
// Set non-editable fields to disabled if submissions closed (and it's not Chair)
if (! $chair && ! $OC_statusAR['OC_submissions_open']) {
foreach ($OC_submissionFieldAR as $fid => $far) {
if (isset($far['closeedit']) && ! $far['closeedit']) {
$OC_submissionFieldAR[$fid]['enabled'] = false;
}
}
}
// Update password fieldset
$OC_submissionFieldSetAR['fs_passwords']['fieldset'] = oc_('Change Password');
$OC_submissionFieldSetAR['fs_passwords']['note'] = oc_('Leave these fields blank if you do not want to change the password');
$OC_submissionFieldAR['password1']['name'] = oc_('New Password');
// Check whether we're submitting changes
if ($_POST['ocaction'] == "Submit Changes") {
if ($chair && !validToken('chair')) {
warn(oc_('Invalid submission'));
}
$err = '';
$errInc = '';
$qfields = array(); // fields to insert into submission table
$afields = array(); // fields to insert into authors table
$tfields = array(); // fields to insert into topics table
$fileUploaded = false;
require_once 'submission-validate.inc';
// process if no errors
if (!empty($err)) {
print '<p><span class="err">' . oc_('Please check the following:') . '<ul>' . $err . $errInc . '</ul></span><p /><hr /><p />';
} else {
$q = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "', `edittoken`=NULL, `edittime`=NULL";
foreach ($qfields as $qid => $qval) {
$q .= ", `" . $qid . "`=" . $qval;
}
$q .= " WHERE `paperid`=" . safeSQLstr($_POST['pid']);
$r = ocsql_query($q) or err(oc_('Unable to update submission'));
$q = "DELETE FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']);
$r = ocsql_query($q) or err(oc_('Unable to update authors or topics (2)'));
foreach ($afields as $qid => $qar) {
$q = "INSERT INTO `" . OCC_TABLE_AUTHOR . "` SET `paperid`=" . $_POST['pid'] . ", `position`=" . $qid;
foreach ($qar as $qqid => $qqval) {
$q .= ", `" . $qqid . "`=" . $qqval;
}
$r = ocsql_query($q) or err(oc_('Unable to add one or more authors or topics.'));
}
if (!empty($tfields)) {
$q = "DELETE FROM " . OCC_TABLE_PAPERTOPIC . " WHERE paperid='".$_POST['pid']."'";
$r = ocsql_query($q) or err(oc_('Unable to update topics'));
$q = "INSERT INTO `" . OCC_TABLE_PAPERTOPIC . "` (`paperid`,`topicid`) VALUES";
foreach ($tfields as $t) {
$q .= " (" . safeSQLstr($_POST['pid']) . ",$t),";
}
$r = ocsql_query(rtrim($q, ',')) or err(oc_('Unable to add topics'));
}
$mailbody = oc_('Submission ID') . ': ' . $_POST['pid'] . "\n\n" . oc_genFieldMessage($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST);
$mailsubject = sprintf(oc_('Submission Update ID %s'), $_POST['pid']);
$confirmmsg = '<p><strong>' . oc_('The submission has been updated. Below is the information submitted.') . '</strong></p><pre>' . safeHTMLstr($mailbody) . '</pre>';
if (! $chair) {
$confirmmsg .= '<p><strong>' . sprintf(oc_('A copy has also been emailed to the contact author. If you notice any problems or do <em>not</em> receive the email within 24 hours, please contact the <a href="mailto:%1$s?subject=submission edit problem - %2$s">Chair</a>.'), $OC_configAR['OC_pcemail'], $_POST['pid']) . '</strong></p>';
}
if (oc_hookSet('author-edit-save')) {
foreach ($GLOBALS['OC_hooksAR']['author-edit-save'] as $hook) {
require_once $hook;
}
}
//confirm it
print $confirmmsg;
if (! $chair) {
sendEmail($contactemail, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorEdit']);
}
printFooter();
exit;
} // else no $err
} // if Submit Changes
// Display form
print '
<form method="post" id="editsub" enctype="multipart/form-data" action="' . $_SERVER['PHP_SELF'] . '" class="ocform">
<input type="hidden" name="ocaction" value="Submit Changes" />
<input type="hidden" name="pid" value="' . safeHTMLstr($_POST['pid']) . '">
<input type="hidden" name="authornum" id="authornum" value="' . $oc_authorNum . '" />
';
if ($chair) {
print '
<input type="hidden" name="c" value="1">
<input type="hidden" name="token" value="' . $_SESSION[OCC_SESSION_VAR_NAME]['chairtoken'] . '" />
';
} else {
print '
<input type="hidden" name="edittoken" value="' . safeHTMLstr($_POST['edittoken']) . '" />
';
}
oc_displayFieldSet($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST);
if (oc_hookSet('author-edit-fields')) {
foreach ($GLOBALS['OC_hooksAR']['author-edit-fields'] as $hook) {
require_once $hook;
}
}
print '<input type="submit" id="submit" name="submit" value="' . oc_('Submit Changes') . '" class="submit" />';
if (! $chair) {
print '
<a href="' . $_SERVER['PHP_SELF'] . '?ocaction=cancel&pid=' . urlencode($_POST['pid']) . '&edittoken=' . urlencode(varValue('edittoken', $_POST)) . '&c=' . ($chair ? 1 : 0) . '">' . oc_('Cancel Changes') . '</a>
<p />
';
}
print '
<span id="processing" style="position: relative; visibility: hidden;">' . oc_('Processing...') . '</span>
</form>
<script type="text/javascript">
oc_setupProcessingForm("editsub");
</script>
';
printFooter();
exit;
} // if Submission
// display login form by default
print '
<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<input type="hidden" name="ocaction" value="Edit Submission" />
<table border=0 cellspacing=0 cellpadding=5>
<tr><td><strong><label for="pid">' . oc_('Submission ID') . '</label>:</strong></td><td><input name="pid" id="pid" size="5" tabindex="1"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr>
<tr><td><strong><label for="passwordfld">' . oc_('Password') . '</label>:</strong></td><td><input name="passwordfld" id="passwordfld" type="password" tabindex="2" size="20" maxlength="255"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr>
</table>
<p />
<input type="submit" name="submit" class="submit" value="' . oc_('Edit Submission') . '" tabindex="3" />
</form>
<p class="note">' . sprintf(oc_('There is a %d hour limit to complete updates'), $editTimeout) . '</p>
<script language="javascript">
<!--
document.forms[0].elements[0].focus();
// -->
</script>
';
printFooter();
exit;
?>