View This Submission | View All Submissions

'; } elseif (! $uploadOpen) { // Check that we're still open warn(oc_('File upload is not available')); } // Check whether this is a submission if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "Upload File")) { if ($chair && !validToken('chair')) { warn(oc_('Invalid submission')); } // Check inputs if (!preg_match("/^\d+$/",$_POST['pid']) || (! $chair && empty($_POST['pwd'])) || empty($_FILES['file']['name']) || ! in_array($_POST['format'], $extAR) ) { warn(''); } // Set PID to intval in case of leading 0's $usepid = intval($_POST['pid']); // Retrieve pwd, format, & contact author email $pq = "SELECT `" . OCC_TABLE_PAPER . "`.`" . $formatDBFldName . "`, `" . OCC_TABLE_PAPER . "`.`accepted`, `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_AUTHOR . "`.`email` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_AUTHOR . "` ON (`" . OCC_TABLE_PAPER . "`.`paperid`=`" . OCC_TABLE_AUTHOR . "`.`paperid` AND `" . OCC_TABLE_PAPER . "`.`contactid`=`" . OCC_TABLE_AUTHOR . "`.`position`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . $usepid . "'"; $pr = ocsql_query($pq) or err("Unable to upload file (" . mysql_errno() . ")"); if (mysql_num_rows($pr) != 1) { warn(oc_('Submission ID or password entered is incorrect')); } $pl = mysql_fetch_array($pr); // Valid pid/pwd?; check for chair pwd first to save db call if (! $chair && (! OCC_CHAIR_PWD_TRUMPS || (hashPassword($_POST['pwd'], $OC_configAR['OC_chair_pwd']) != $OC_configAR['OC_chair_pwd'])) && (hashPassword($_POST['pwd'], $pl['password']) != $pl['password']) ) { warn(oc_('Submission ID or password entered is incorrect')); } // Was a file successfully loaded & filesize > 0? if (!isset($_FILES['file']['error']) || $_FILES['file']['error'] || ! is_uploaded_file($_FILES['file']['tmp_name']) || ($_FILES['file']['size'] <= 0)) { warn(sprintf(oc_('The file failed to load. Please try again. If the problem persists, contact the Chair'), $_SERVER['PHP_SELF'], $OC_configAR['OC_pcemail'])); } if (oc_hookSet('author-upload-validate')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-validate'] as $hook) { require_once $hook; } } // Delete old file? $oldFileName = $uploadDir . $usepid . '.' . $pl[$formatDBFldName]; oc_deleteFile($oldFileName); // Move new file $err = 0; $newFileName = $uploadDir . $usepid . '.' . $_POST['format']; // Check whether file uploaded if (is_uploaded_file($_FILES['file']['tmp_name']) && oc_saveFile($_FILES['file']['tmp_name'], $newFileName, $_POST['format']) ) { $confirmmsg = sprintf(oc_('Submission ID %s has been uploaded.'), $usepid); // Set lastupdate date, and format if needed $eq = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . date("Y-m-d") . "'"; // also update format if changed if ($_POST['format'] != $pl[$formatDBFldName]) { $eq .= ", `" . $formatDBFldName . "`='" . safeSQLstr($_POST['format']) . "'"; } $eq .= " WHERE `paperid`='" . $usepid . "'"; if ( ! ocsql_query($eq)) { $confirmmsg .= "\n\n" . oc_('However, we were unable to update the format.') . "\n"; $err = 1; } if (oc_hookSet('author-upload-preconfirm')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-preconfirm'] as $hook) { require_once $hook; } } // Send email confirmation if ( $OC_configAR['OC_emailAuthorOnUpload'] && ! $chair) { $to = $pl['email']; } else { $to = NULL; } sendEmail($to, sprintf(oc_('Submission ID %s file uploaded'), $usepid), $confirmmsg, $OC_configAR['OC_notifyAuthorUpload']); if (!$err) { print $confirmmsg; } else { err($confirmmsg); } } else { // file failed to upload or move properly print '' . sprintf(oc_('The file failed to load properly. Please email it directly to the Chair'), $OC_configAR['OC_pcemail'], $OC_configAR['OC_confName'], $usepid) . ''; } printFooter(); exit; } print '

'; if ($chair) { print ' '; } print ''; if (oc_hookSet('author-upload-formtop')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-formtop'] as $hook) { require_once $hook; } } if (! $chair) { print ' '; } else { print ' '; } print ' '; if (oc_hookSet('author-upload-formbottom')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-formbottom'] as $hook) { require_once $hook; } } print '

' . oc_('Submission ID') . ':

( ' . oc_('forgot ID?') . ' )

' . oc_('Password') . ':

( ' . oc_('forgot password?') . ' )

' . oc_('File') . ':

' . //T: File format oc_('Format') . ': '; print '

\n"; print '

' . nl2br($notice) . '

' . sprintf(oc_('File limit is %1$s. If your file is larger, leave the File field empty and contact the Chair.'), $OC_maxFileSize, 'contact.php') . '

'; printFooter(); ?>