'; printFooter(); exit; } // Is this a post? if (isset($_POST['ocaction']) && ($_POST['ocaction'] == 'Check Status')) { // Check for paper ID & password if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid']) || ! isset($_POST['pwd']) || empty($_POST['pwd']) ) { warn(oc_('Submission ID or password entered is incorrect')); printFooter(); exit; } // retrieve sub $q = "SELECT `title`, `password`, `accepted` FROM `" . OCC_TABLE_PAPER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "'"; $r = ocsql_query($q) or err(oc_('Submission ID or password entered is incorrect')); if (mysql_num_rows($r) == 1) { $l = mysql_fetch_assoc($r); // check pwd if ((hashPassword($_POST['pwd'], $l['password']) == $l['password']) || (OCC_CHAIR_PWD_TRUMPS && (hashPassword($_POST['pwd'], $OC_configAR['OC_chair_pwd']) == $OC_configAR['OC_chair_pwd']))) { // display info & status print '
' . oc_('Submission ID') . ': ' . safeHTMLstr($_POST['pid']) . '
' . //T: Submission Title oc_('Title') . ': ' . safeHTMLstr($l['title']) . '
' . //T: Submission Status oc_('Status') . ': ' . (empty($l['accepted']) ? oc_('Pending') : safeHTMLstr(oc_($l['accepted']))) . '
'; // display review comments to author if (!empty($l['accepted'])) { $q2 = "SELECT `authorcomments` FROM `" . OCC_TABLE_PAPERREVIEWER . "` WHERE `paperid`='" . safeSQLstr($_POST['pid']) . "' AND `authorcomments` IS NOT NULL AND `authorcomments` != ''"; $r2 = ocsql_query($q2) or err(oc_('Unable to retrieve comments')); if (mysql_num_rows($r2) > 0) { print '' . oc_('Reviewer Comments') . ":
\n"; while ($l2 = mysql_fetch_assoc($r2)) { print '' . nl2br($l2['authorcomments']) . "