<?php

// +----------------------------------------------------------------------+
// | OpenConf                                                             |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2014 Zakon Group LLC.  All Rights Reserved.       |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on    |
// | the OpenConf web site: www.OpenConf.com                              |
// +----------------------------------------------------------------------+

require_once "../include.php";

oc_sendNoCacheHeaders();

$editTimeout = 2; 	// hours


// Cancel edit
if (isset($_GET['ocaction']) && ($_GET['ocaction'] == 'cancel') 
		&& isset($_GET['pid']) && ctype_digit($_GET['pid'])
		&& isset($_GET['edittoken']) && preg_match("/^\w+$/", $_GET['edittoken'])
) {
	ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`=NULL, `edittime`=NULL WHERE `paperid`=" . safeSQLstr($_GET['pid']) . " AND `edittoken`='" . safeSQLstr($_GET['edittoken']) . "'");
	header("Location: ../");
	exit;
}

if (OCC_CHAIR_PWD_TRUMPS && isset($_REQUEST['c']) && ($_REQUEST['c'] == 1)) {
	$hdrfn = 1;
	beginChairSession();
	$chair = TRUE;
} else {
	$hdrfn = 3;
	$chair = FALSE;
}

printHeader(oc_('Edit Submission'), $hdrfn);

// Edit still allowed?
if (! $chair && ! $OC_statusAR['OC_edit_open']) {
	warn(oc_('Submission edits are no longer available.'));
	exit;
}

// Is this a post?
if (isset($_POST['ocaction'])) {
	if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) {
		warn(oc_('Submission ID is invalid'));
	}

	if ($_POST['ocaction'] == 'Edit Submission') {
		// Check password
		if (! $chair && (! isset($_POST['passwordfld']) || empty($_POST['passwordfld']))) {
			warn(oc_('Submission ID or password entered is incorrect'));
			exit;
		}
		
		// verify login and acceptance status if not chair
		if (! $chair) {
			$pq = "SELECT `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_ACCEPTANCE . "`.`accepted` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_ACCEPTANCE . "` ON (`" . OCC_TABLE_PAPER . "`.`accepted`=`" . OCC_TABLE_ACCEPTANCE . "`.`value`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . safeSQLstr($_POST['pid']) . "'";
			$pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission'));
			if (ocsql_num_rows($pr) != 1) {
				warn(oc_('Submission ID or password entered is incorrect'));
				exit;
			}
			$pl = ocsql_fetch_assoc($pr);
			if (!oc_password_verify($_POST['passwordfld'], $pl['password'])
					&& (!OCC_CHAIR_PWD_TRUMPS || !oc_password_verify($_POST['passwordfld'], $OC_configAR['OC_chair_pwd']))
			) {
				warn(oc_('Submission ID or password entered is incorrect'));
				exit;
			}
			unset($_POST['passwordfld']);
			// Edit limited to accepted subs only?
			if (($OC_configAR['OC_editAcceptedOnly'] == 1) && ($pl['accepted'] != 1)) {
				warn(oc_('Submission edits are no longer available.'));
				exit;
			}
			
			// set token
			$token = oc_idGen();
			$pr = ocsql_query("UPDATE `" . OCC_TABLE_PAPER . "` SET `edittoken`='" . safeSQLstr($token) . "', `edittime`=" . time() . " WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to edit submission (token)'));
		}
	} elseif ($_POST['ocaction'] != 'Submit Changes') {
		warn(oc_('Invalid request.'));
		exit;
	}
	
	if ($chair) { // display back links
		print '<p style="text-align: center"><a href="../chair/show_paper.php?pid=' . $_POST['pid'] . '">View This Submission</a> | <a href="../chair/list_papers.php">View All Submissions</a></p>';
	} elseif ($_POST['ocaction'] == 'Submit Changes') { 	// check token
		$pq = "SELECT `edittoken`, `edittime` FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'";
		$pr = ocsql_query($pq) or err(oc_('Unable to retrieve submission (tokeninfo)'));
		if (ocsql_num_rows($pr) != 1) { err(oc_('Submission ID or password entered is incorrect')); }
		$pl = ocsql_fetch_assoc($pr);
		if (!isset($_POST['edittoken']) 
				|| ($_POST['edittoken'] != $pl['edittoken']) 
				|| ((time() - $pl['edittime']) > (60 * 60 * $editTimeout))
		) {
			warn(sprintf(oc_('There is a %1$d hour timeout for editing the submission.  Please <a href"%2$s">edit submission</a> once again'), $editTimeout, $_SERVER['PHP_SELF']));
			exit;
		}
	}

	// Set number of author fields to display and populate $_POST with fields if needed
	if (isset($_POST['authornum']) && ctype_digit($_POST['authornum'])) {
		$oc_authorNum = $_POST['authornum'];
	} else {
		// get sub
		$anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err("Unable to retrieve submission information");
		if (ocsql_num_rows($anr) != 1) {
			err(oc_('Submission ID or password entered is incorrect'));
		}
		$_POST = array_merge($_POST, ocsql_fetch_assoc($anr));
		
		// get authors
		$authorCount = 0;
		$anr = ocsql_query("SELECT * FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']) . " ORDER BY `position`") or err(oc_('Unable to retrieve author(s) information'));
		while ($anl = ocsql_fetch_assoc($anr)) {
			foreach ($anl as $anli => $anlv) {
				if (($anli == 'paperid') || ($anli == 'position')) { continue; }
				$_POST[$anli . $anl['position']] = $anlv;
			}
			$authorCount = $anl['position']; // track highest position
		}
		
		// get topics
		$anr = ocsql_query("SELECT `topicid` FROM `" . OCC_TABLE_PAPERTOPIC . "` WHERE `paperid`=" . safeSQLstr($_POST['pid'])) or err(oc_('Unable to retrieve topic(s) information'));
		$_POST['topics'] = array();
		while ($anl = ocsql_fetch_assoc($anr)) {
			$_POST['topics'][] = $anl['topicid'];
		}
		if ( ! $OC_configAR['OC_multipleSubmissionTopics'] ) {
			$_POST['topics'] = $_POST['topics'][0];
		}
		
		// set author num to either use min display or actual author count, whichever is greater
		$oc_authorNum = (($authorCount > $OC_configAR['OC_authorsMinDisplay']) ? $authorCount : $OC_configAR['OC_authorsMinDisplay']);
		
		// set token
		if (! $chair) {
			$_POST['edittoken'] = $token;
		}
	}
	
	if (oc_hookSet('author-edit-preprocess')) {
		foreach ($GLOBALS['OC_hooksAR']['author-edit-preprocess'] as $hook) {
			require_once $hook;
		}
	}

	require_once OCC_FORM_INC_FILE;
	require_once OCC_SUBMISSION_INC_FILE;

	// Set non-editable fields to disabled if submissions closed (and it's not Chair)
	if (! $chair && ! $OC_statusAR['OC_submissions_open']) {
		foreach ($OC_submissionFieldAR as $fid => $far) {
			if (isset($far['closeedit']) && ! $far['closeedit']) {
				$OC_submissionFieldAR[$fid]['enabled'] = false;
			}
		}
	}
	
	// Update password fieldset
	$OC_submissionFieldSetAR['fs_passwords']['fieldset'] = oc_('Change Password');
	$OC_submissionFieldSetAR['fs_passwords']['note'] = oc_('Leave these fields blank if you do not want to change the password');
	$OC_submissionFieldAR['password1']['name'] = oc_('New Password');
	
	// Check whether we're submitting changes
	if ($_POST['ocaction'] == "Submit Changes") {
		if ($chair && !validToken('chair')) {
			warn(oc_('Invalid submission'));
		}

		$err = '';
		$errInc = '';
		$qfields = array();	// fields to insert into submission table
		$afields = array(); // fields to insert into authors table
		$tfields = array(); // fields to insert into topics table
		$fileUploaded = false;
		
		require_once 'submission-validate.inc';
		
		// process if no errors
		if (!empty($err)) {
	        print '<p><span class="err">' . oc_('Please check the following:') . '<ul>' . $err . $errInc . '</ul></span><p /><hr /><p />';
		} else {
			$q = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "', `edittoken`=NULL, `edittime`=NULL";
			foreach ($qfields as $qid => $qval) {
				$q .= ", `" . $qid . "`=" . $qval;
			}
			$q .= " WHERE `paperid`=" . safeSQLstr($_POST['pid']);
			$r = ocsql_query($q) or err(oc_('Unable to update submission'));

			$q = "DELETE FROM `" . OCC_TABLE_AUTHOR . "` WHERE `paperid`=" . safeSQLstr($_POST['pid']);
			$r = ocsql_query($q) or err(oc_('Unable to update authors or topics (2)'));
			foreach ($afields as $qid => $qar) {
				$q = "INSERT INTO `" . OCC_TABLE_AUTHOR . "` SET `paperid`=" . $_POST['pid'] . ", `position`=" . $qid;
				foreach ($qar as $qqid => $qqval) {
					$q .= ", `" . $qqid . "`=" . $qqval;
				}
				$r = ocsql_query($q) or err(oc_('Unable to add one or more authors or topics.'));
			}
	
			if (!empty($tfields)) {
				$q = "DELETE FROM " . OCC_TABLE_PAPERTOPIC . " WHERE paperid='".$_POST['pid']."'";
				$r = ocsql_query($q) or err(oc_('Unable to update topics'));
				$q = "INSERT INTO `" . OCC_TABLE_PAPERTOPIC . "` (`paperid`,`topicid`) VALUES";
				foreach ($tfields as $t) {
					$q .= " (" . safeSQLstr($_POST['pid']) . ",$t),";
				}
				$r = ocsql_query(rtrim($q, ',')) or err(oc_('Unable to add topics'));
			}
	
			$mailbody = oc_('Submission ID') . ': ' . $_POST['pid'] . "\n\n" . oc_genFieldMessage($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST);
			$mailsubject = sprintf(oc_('Submission Update ID %s'), $_POST['pid']);

			$confirmmsg = '<p><strong>' . oc_('The submission has been updated.  Below is the information submitted.') . '</strong></p><pre>' . safeHTMLstr($mailbody) . '</pre>';
			if (! $chair) {
				$confirmmsg .= '<p><strong>' . sprintf(oc_('A copy has also been emailed to the contact author.  If you notice any problems or do <em>not</em> receive the email within 24 hours, please contact the <a href="mailto:%1$s?subject=submission edit problem - %2$s">Chair</a>.'), $OC_configAR['OC_pcemail'], $_POST['pid']) . '</strong></p>';
			}
			
			if (oc_hookSet('author-edit-save')) {
				foreach ($GLOBALS['OC_hooksAR']['author-edit-save'] as $hook) {
					require_once $hook;
				}
			}

			//confirm it
			print $confirmmsg;
			if (! $chair) {
				sendEmail($contactemail, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorEdit']);
 			}

			printFooter();
			exit;
  		} // else no $err
	} // if Submit Changes
	
	
	// Display form
	print '
<form method="post" id="editsub" enctype="multipart/form-data" action="' . $_SERVER['PHP_SELF'] . '" class="ocform">
<input type="hidden" name="ocaction" value="Submit Changes" />
<input type="hidden" name="pid" value="' . safeHTMLstr($_POST['pid']) . '">
<input type="hidden" name="authornum" id="authornum" value="' . $oc_authorNum . '" />
';

	if ($chair) {
		print '
<input type="hidden" name="c" value="1">
<input type="hidden" name="token" value="' . $_SESSION[OCC_SESSION_VAR_NAME]['chairtoken'] . '" />
';
	} else {
		print '
<input type="hidden" name="edittoken" value="' . safeHTMLstr($_POST['edittoken']) . '" />
';
	}

	oc_displayFieldSet($OC_submissionFieldSetAR, $OC_submissionFieldAR, $_POST);

	if (oc_hookSet('author-edit-fields')) {
		foreach ($GLOBALS['OC_hooksAR']['author-edit-fields'] as $hook) {
			require_once $hook;
		}
	}

	print '<input type="submit" id="submit" name="submit" value="' . oc_('Submit Changes') . '" class="submit" />';
	
	if (! $chair) {
		print '
&nbsp; &nbsp; &nbsp; &nbsp;
<a href="' . $_SERVER['PHP_SELF'] . '?ocaction=cancel&pid=' . urlencode($_POST['pid']) . '&edittoken=' . urlencode(varValue('edittoken', $_POST)) . '&c=' . ($chair ? 1 : 0) . '">' . oc_('Cancel Changes') . '</a>
<p />
';
	}
	
	print '
<span id="processing" style="position: relative; visibility: hidden;">' . oc_('Processing...') . '</span>
</form>
<script type="text/javascript">
oc_setupProcessingForm("editsub");
</script>
';
	
	printFooter();
	exit;

} // if Submission

// display login form by default
print '
<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<input type="hidden" name="ocaction" value="Edit Submission" />
<table border=0 cellspacing=0 cellpadding=5>
<tr><td><strong><label for="pid">' . oc_('Submission ID') . '</label>:</strong></td><td><input name="pid" id="pid" size="5" tabindex="1"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr>
<tr><td><strong><label for="passwordfld">' . oc_('Password') . '</label>:</strong></td><td><input name="passwordfld" id="passwordfld" type="password" tabindex="2" size="20" maxlength="255"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr>
</table>
<p />
<input type="submit" name="submit" class="submit" value="' . oc_('Edit Submission') . '" tabindex="3" />
</form>
<p class="note">' . sprintf(oc_('There is a %d hour limit to complete updates'), $editTimeout) . '</p>
<script language="javascript">
<!--
document.forms[0].elements[0].focus();
// -->
</script>

';

printFooter();

exit;

?>