<?php
// +----------------------------------------------------------------------+
// | OpenConf |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2016 Zakon Group LLC. All Rights Reserved. |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on |
// | the OpenConf web site: www.OpenConf.com |
// +----------------------------------------------------------------------+
require_once "../include.php";
$uploadDir = $OC_configAR['OC_paperDir'];
$uploadOpen = $OC_statusAR['OC_upload_open'];
$extAR = $OC_configAR['OC_extar'];
$fileNotice = ( isset($OC_configAR['OC_paperFldNote']) ? $OC_configAR['OC_paperFldNote'] : '' );
$formatDBFldName = 'format';
if (OCC_CHAIR_PWD_TRUMPS && isset($_REQUEST['c']) && ($_REQUEST['c'] == 1)) {
$hdrfn = 1;
beginChairSession();
$chair = TRUE;
} else {
$hdrfn = 3;
$chair = FALSE;
}
// Print appropriate header
printHeader(oc_('Upload File'), $hdrfn);
if (oc_hookSet('author-upload-preprocess')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-preprocess'] as $hook) {
require_once $hook;
}
}
if ($chair) { // display back links
print '<p style="text-align: center"><a href="../chair/show_paper.php?pid=' . safeHTMLstr($_REQUEST['pid']) . '">View This Submission</a> | <a href="../chair/list_papers.php">View All Submissions</a></p><br />';
} elseif (! $uploadOpen) { // Check that we're still open
warn(oc_('File upload is not available'));
}
// Check whether this is a submission
if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "Upload File")) {
if ($chair && !validToken('chair')) {
warn(oc_('Invalid submission'));
}
// Check inputs
if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) {
warn(oc_('Submission ID is invalid') . '. <a href="upload.php">' . oc_('Try again') . '</a>');
} elseif (
(! $chair && (!isset($_POST['pwd']) || empty($_POST['pwd'])))
|| (!isset($_FILES['file']['name']) || empty($_FILES['file']['name']))
|| (!isset($_POST['format']) || !in_array($_POST['format'], $extAR))
) {
warn('<form method="post" action="upload.php">' . oc_('Please fill in all fields.') . ' <input type="hidden" name="c" value="' . ($chair ? 1 : 0) . '" /><input type="hidden" name="pid" value="' . safeHTMLstr(varValue('pid', $_POST)) . '" /><input type="submit" value="' . oc_('Try again') . '" /></form>');
}
// Set PID to intval in case of leading 0's
$usepid = intval($_POST['pid']);
// Retrieve pwd, format, & contact author email
$pq = "SELECT `" . OCC_TABLE_PAPER . "`.`" . $formatDBFldName . "`, `" . OCC_TABLE_PAPER . "`.`accepted`, `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_AUTHOR . "`.`email` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_AUTHOR . "` ON (`" . OCC_TABLE_PAPER . "`.`paperid`=`" . OCC_TABLE_AUTHOR . "`.`paperid` AND `" . OCC_TABLE_PAPER . "`.`contactid`=`" . OCC_TABLE_AUTHOR . "`.`position`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . $usepid . "'";
$pr = ocsql_query($pq) or err("Unable to upload file (" . ocsql_errno() . ")");
if (ocsql_num_rows($pr) != 1) {
warn(oc_('Submission ID or password entered is incorrect'));
}
$pl = ocsql_fetch_array($pr);
// Valid pid/pwd?; check for chair pwd first to save db call
if (! $chair
&& !oc_password_verify($_POST['pwd'], $pl['password'])
) {
warn(oc_('Submission ID or password entered is incorrect'));
}
// Was a file successfully loaded
if (!isset($_FILES['file']['error']) // bad upload
|| $_FILES['file']['error'] // error
|| ! is_uploaded_file($_FILES['file']['tmp_name']) // fake upload
|| ($_FILES['file']['size'] <= 0) // empty file
|| (!empty($OC_configAR['OC_fileLimit']) && ($_FILES['file']['size'] > ($OC_configAR['OC_fileLimit'] * 1024 * 1024))) // file size > limit
) {
warn(sprintf(oc_('The file failed to load. Please <a href="%1$s">try again</a>. If the problem persists, contact the <a href="mailto:%2$s?subject=File Upload failed">Chair</a>'), $_SERVER['PHP_SELF'], $OC_configAR['OC_pcemail']));
}
if (oc_hookSet('author-upload-validate')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-validate'] as $hook) {
require_once $hook;
}
}
// Delete old file?
$oldFileName = $uploadDir . $usepid . '.' . $pl[$formatDBFldName];
oc_deleteFile($oldFileName);
// Move new file
$err = 0;
$newFileName = $uploadDir . $usepid . '.' . $_POST['format'];
// Check whether file uploaded
if (is_uploaded_file($_FILES['file']['tmp_name'])
&& oc_saveFile($_FILES['file']['tmp_name'], $newFileName, $_POST['format'])
) {
//T: %s = submission ID (number)
$confirmmsg = sprintf(oc_('Submission ID %s has been uploaded.'), $usepid);
// Get and update notification template
// ocIgnore included so poEdit picks up (DB) template translation
//T: [:sid:] is the numeric submission ID
$ocIgnoreSubject = oc_('Submission ID [:sid:] file uploaded');
//T: [:sid:] is the numeric submission ID
$ocIgnoreBody = oc_('Submission ID [:sid:] has been uploaded.
[:error:]');
list($mailsubject, $mailbody) = oc_getTemplate('author-upload');
$templateExtraAR = array(
'sid' => $usepid,
'error' => ''
);
// Set lastupdate date, and format if needed
$eq = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "'";
// also update format if changed
if ($_POST['format'] != $pl[$formatDBFldName]) {
$eq .= ", `" . $formatDBFldName . "`='" . safeSQLstr($_POST['format']) . "'";
}
$eq .= " WHERE `paperid`='" . $usepid . "'";
if ( ! ocsql_query($eq)) {
$templateExtraAR['error'] = oc_('However, we were unable to update the format.');
$confirmmsg .= "\n\n" . oc_('However, we were unable to update the format.');
$err = 1;
}
$mailsubject = oc_replaceVariables($mailsubject, $templateExtraAR);
$mailbody = oc_replaceVariables($mailbody, $templateExtraAR);
if (oc_hookSet('author-upload-preconfirm')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-preconfirm'] as $hook) {
require_once $hook;
}
}
// Send email confirmation
if ( $OC_configAR['OC_emailAuthorOnUpload'] && ! $chair) {
$to = $pl['email'];
} else {
$to = NULL;
}
sendEmail($to, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorUpload']);
if (!$err) {
print $confirmmsg;
} else {
err($confirmmsg);
}
// log
ocsql_query("INSERT INTO `" . OCC_TABLE_LOG . "` SET `datetime`='" . safeSQLstr(gmdate('Y-m-d H:i:s')) . "', `type`='submission', `entry`='" . safeSQLstr('Submission ID ' . $usepid . ' file upload' . (isset($_POST['oc_multifile_type']) ? (' (MultiFile Type: ' . $_POST['oc_multifile_type'] . ')') : '')) . "'");
} else { // file failed to upload or move properly
print '<span class="err">' . sprintf(oc_('The file failed to load properly. Please email it directly to the <a href="mailto:%1$s?subject=%2$s File failed - submission ID %3$s">Chair</a>'), $OC_configAR['OC_pcemail'], $OC_configAR['OC_confName'], $usepid) . '</span>';
}
printFooter();
exit;
}
print '
<form method="POST" enctype="multipart/form-data" action="upload.php" id="uploadform">
<input type="hidden" name="ocaction" value="Upload File" />
';
if ($chair) {
print '
<input type="hidden" name="c" value="1">
<input type="hidden" name="token" value="' . safeHTMLstr($_SESSION[OCC_SESSION_VAR_NAME]['chairtoken']) . '" />
<input type="hidden" name="pid" value="' . safeHTMLstr($_REQUEST['pid']) . '" />
';
}
print '<table border=0 cellspacing=0 cellpadding=5>';
if (oc_hookSet('author-upload-formtop')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-formtop'] as $hook) {
require_once $hook;
}
}
if (! $chair) {
print '
<tr id="subid"><td style="font-weight: bold; white-space: nowrap;"><label for="pid">' . oc_('Submission ID') . ':</label></td><td><input name="pid" id="pid" size="5" tabindex="1" value="' . ((isset($_GET['id']) && ctype_digit($_GET['id'])) ? safeHTMLstr($_GET['id']) : '') . '"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr>
<tr id="pwd"><td><strong><label for="pwdfld">' . oc_('Password') . ':</label></strong></td><td><input name="pwd" id="pwdfld" type="password" size="20" maxlength="255" tabindex="2"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr>
';
} else {
print '
<div style="display: none;"><div id="subid"></div><div id="pwd"></div></div>
';
}
print '
<tr id="filerow"><td valign="top"><strong><label for="file">' . oc_('File') . ':</label></strong></td><td><input type="file" name="file" id="file" size="30" tabindex="3"> <strong><label for="format">' .
//T: File format
oc_('Format') . ':</label></strong>
';
print '<select name="format" id="format">';
$formatoptions = "";
foreach ($extAR as $fval) {
$formatoptions .= '<option value="' . $fval . '"> ' . $OC_formatAR[$fval] . '</option>';
}
print $formatoptions;
print "</select><p />\n";
print '
<div class="note2" id="fldnote">' . nl2br($fileNotice) . '</div>
';
if (empty($OC_configAR['OC_fileLimit'])) {
print '<p class="note">' . sprintf(oc_('File limit is %1$s. If your file is larger, leave the File field empty and contact the <a href="%2$s">Chair</a>.'), $OC_maxFileSize, 'contact.php') . '</p>';
}
print '
</td></tr>
';
if (oc_hookSet('author-upload-formbottom')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-formbottom'] as $hook) {
require_once $hook;
}
}
print '
</table>
<p>
<div id="sub"><input type="submit" name="subaction" class="submit" value="' . oc_('Upload File') . '" tabindex="4"></div>
</form>
<p>
';
if (oc_hookSet('author-upload-bottom')) {
foreach ($GLOBALS['OC_hooksAR']['author-upload-bottom'] as $hook) {
require_once $hook;
}
}
printFooter();
?>