'; } else { $lowusername = oc_strtolower($_POST['uname']); $q = "SELECT `reviewerid`, `name_last`, `name_first`, `password`, `onprogramcommittee` FROM `" . OCC_TABLE_REVIEWER . "` WHERE `username`='" . safeSQLstr($lowusername) . "'"; $r = ocsql_query($q) or err("Unable to query database ".ocsql_errno()); // Check for multiple matching usernames if (($rnum=ocsql_num_rows($r)) > 1) { printHeader(oc_('Sign In')); err("Multiple usernames"); } // Check for unknown username if ($rnum == 0) { //T: Use care with href - "mailto" and "subject" should not be translated $errmsg = '' . sprintf(oc_('Incorrect username or password. Please try again. If you continue to have a problem signing in, please contact the Chair.'), $OC_configAR['OC_pcemail']) . '

'; } else { $p = ocsql_fetch_array($r); // Check that sign-in is still open for user if (!$OC_statusAR['OC_rev_signin_open']) { if ($p['onprogramcommittee'] == "F") { signInClosed(); } elseif (!$OC_statusAR['OC_pc_signin_open']) { signInClosed(); } } // Check for bad pwd if (!oc_password_verify($_POST['upwd'], $p['password'], 'committee', $p['reviewerid']) && (!OCC_CHAIR_PWD_TRUMPS || !oc_password_verify($_POST['upwd'], $OC_configAR['OC_chair_pwd'])) ) { $errmsg = ' ' . sprintf(oc_('Incorrect username or password. Please try again below or click here to reset your password.'), 'reset.php') . '

'; } else { // We have a winner! // If session timed out, is it same reviewer coming back? if (isset($_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid']) && ($_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid'] == $p['reviewerid'])) { $sameid = True; } else { $sameid = False; } // Set session vars $_SESSION[OCC_SESSION_VAR_NAME]['acusername'] = $lowusername; $_SESSION[OCC_SESSION_VAR_NAME]['name'] = $p['name_first'] . ' ' . $p['name_last']; $_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid'] = $p['reviewerid']; $_SESSION[OCC_SESSION_VAR_NAME]['aclast'] = time(); $_SESSION[OCC_SESSION_VAR_NAME]['acpc'] = $p['onprogramcommittee']; $_SESSION[OCC_SESSION_VAR_NAME]['actoken'] = oc_idGen(); // Route user to recover submission if timed out or onwards to main page if ($sameid && isset($_SESSION[OCC_SESSION_VAR_NAME]['POST']['submit'])) { $_SESSION[OCC_SESSION_VAR_NAME]['POST']['token'] = $_SESSION[OCC_SESSION_VAR_NAME]['actoken']; // reset token session_write_close(); header('Location: recover.php?' . strip_tags(SID)); } else { // Remove POST if set if (isset($_SESSION[OCC_SESSION_VAR_NAME]['POST'])) { unset($_SESSION[OCC_SESSION_VAR_NAME]['POST']); } session_write_close(); header('Location: reviewer.php?' . strip_tags(SID)); } exit; } } } // Weak attempt at catching multiple failed logins if ($_POST['validform'] == $vformar[1]) { $vform = $vformar[2]; } else { $vform = $vformar[3]; if ($_POST['validform'] == $vformar[3]) { $errmsg .= ' ' . oc_('If you click the "forgot" links, we will be glad to help you out.') . '

'; } } } else { $vform = $vformar[1]; } printHeader(oc_('Sign In'),3); if (!empty($errmsg)) { print $errmsg; } elseif (isset($_GET['e']) && ($_GET['e'] == "exp")) { print '

' . oc_('Your session has timed out or you did not sign in properly. Please sign in again.') . '

' . oc_('It appears you were filling out a review form – by signing back in right now with the same username, you will have the option to save the review.') . '

'; if ($OC_configAR['OC_ReviewerTimeout'] > 0) { print '

' . sprintf(oc_('Note: Session times out after %d minutes of inactivity'), $OC_configAR['OC_ReviewerTimeout']) . '