<?php // +----------------------------------------------------------------------+ // | OpenConf | // +----------------------------------------------------------------------+ // | Copyright (c) 2002-2014 Zakon Group LLC. All Rights Reserved. | // +----------------------------------------------------------------------+ // | This source file is subject to the OpenConf License, available on | // | the OpenConf web site: www.OpenConf.com | // +----------------------------------------------------------------------+ require_once "../include.php"; $hdr = oc_('View File'); $hdrfn = 3; $formatDBFldName = 'format'; $fileDir = $OC_configAR['OC_paperDir']; $uploadOpen = $OC_statusAR['OC_view_file_open']; if (oc_hookSet('author-viewfile-preprocess')) { foreach ($GLOBALS['OC_hooksAR']['author-viewfile-preprocess'] as $hook) { require_once $hook; } } // Check that we're still open if (! $uploadOpen) { warn(oc_('Files may no longer be viewed'), $hdr, $hdrfn); } // Check whether this is a submission if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "View File")) { // Check inputs if (!preg_match("/^\d+$/",$_POST['pid']) || empty($_POST['pwd'])) { warn(oc_('Submission ID or password entered is incorrect'), $hdr, $hdrfn); } if (oc_hookSet('author-viewfile-validate')) { foreach ($GLOBALS['OC_hooksAR']['author-viewfile-validate'] as $hook) { require_once $hook; } } // Valid pid/pwd? $pq = "SELECT `" . $formatDBFldName . "` AS `format`, `password` FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'"; $pr = ocsql_query($pq) or err(oc_('Unable to view file'), $hdr, $hdrfn); if (ocsql_num_rows($pr) != 1) { warn(sprintf(oc_('Submission ID or password entered is incorrect'), safeHTMLstr($_POST['pid'])), $hdr, $hdrfn); } $pl = ocsql_fetch_array($pr); if (!oc_password_verify($_POST['pwd'], $pl['password']) && (!OCC_CHAIR_PWD_TRUMPS || !oc_password_verify($_POST['pwd'], $OC_configAR['OC_chair_pwd'])) ) { warn(sprintf(oc_('Submission ID or password entered is incorrect'), safeHTMLstr($_POST['pid'])), $hdr, $hdrfn); } $filename = $_POST['pid'] . '.' . $pl['format']; if (! oc_displayFile($fileDir . $filename, $pl['format'])) { warn(oc_('File does not exist'), $hdr, $hdrfn); } } printHeader($hdr, $hdrfn); print ' <form method="POST" enctype="multipart/form-data" action="' . $_SERVER['PHP_SELF'] . '"> <input type="hidden" name="ocaction" value="View File" /> <table border=0 cellspacing=0 cellpadding=5> '; if (oc_hookSet('author-viewfile-formtop')) { foreach ($GLOBALS['OC_hooksAR']['author-viewfile-formtop'] as $hook) { require_once $hook; } } print ' <tr><td><strong>' . oc_('Submission ID') . ':</strong></td><td><input name="pid" id="pid" size="5" tabindex="1"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr> <tr><td><strong>' . oc_('Password') . ':</strong></td><td><input name="pwd" type="password" size="20" maxlength="255" tabindex="2"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr> </table> <p /> <input type="submit" name="submit" value="' . oc_('View File') . '" class="submit" tabindex="3"> </form> <script language="javascript"> <!-- document.getElementById("pid").focus(); // --> </script> '; printFooter(); ?>