View This Submission | View All Submissions

'; } elseif (! $uploadOpen) { // Check that we're still open warn(oc_('File upload is not available')); } // Check whether this is a submission if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "Upload File")) { if ($chair && !validToken('chair')) { warn(oc_('Invalid submission')); } // Check inputs if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) { warn(oc_('Submission ID is invalid') . '. ' . oc_('Try again') . ''); } elseif ( (! $chair && (!isset($_POST['pwd']) || empty($_POST['pwd']))) || (!isset($_FILES['file']['name']) || empty($_FILES['file']['name'])) || (!isset($_POST['format']) || !in_array($_POST['format'], $extAR)) ) { warn(''); } // Set PID to intval in case of leading 0's $usepid = intval($_POST['pid']); // Retrieve pwd, format, & contact author email $pq = "SELECT `" . OCC_TABLE_PAPER . "`.`" . $formatDBFldName . "`, `" . OCC_TABLE_PAPER . "`.`accepted`, `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_AUTHOR . "`.`email` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_AUTHOR . "` ON (`" . OCC_TABLE_PAPER . "`.`paperid`=`" . OCC_TABLE_AUTHOR . "`.`paperid` AND `" . OCC_TABLE_PAPER . "`.`contactid`=`" . OCC_TABLE_AUTHOR . "`.`position`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . $usepid . "'"; $pr = ocsql_query($pq) or err("Unable to upload file (" . ocsql_errno() . ")"); if (ocsql_num_rows($pr) != 1) { warn(oc_('Submission ID or password entered is incorrect')); } $pl = ocsql_fetch_array($pr); // Valid pid/pwd?; check for chair pwd first to save db call if (! $chair && !oc_password_verify($_POST['pwd'], $pl['password']) ) { warn(oc_('Submission ID or password entered is incorrect')); } // Was a file successfully loaded if (!isset($_FILES['file']['error']) // bad upload || $_FILES['file']['error'] // error || ! is_uploaded_file($_FILES['file']['tmp_name']) // fake upload || ($_FILES['file']['size'] <= 0) // empty file || (!empty($OC_configAR['OC_fileLimit']) && ($_FILES['file']['size'] > ($OC_configAR['OC_fileLimit'] * 1024 * 1024))) // file size > limit ) { warn(sprintf(oc_('The file failed to load. Please try again. If the problem persists, contact the Chair'), $_SERVER['PHP_SELF'], $OC_configAR['OC_pcemail'])); } if (oc_hookSet('author-upload-validate')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-validate'] as $hook) { require_once $hook; } } // Delete old file? $oldFileName = $uploadDir . $usepid . '.' . $pl[$formatDBFldName]; oc_deleteFile($oldFileName); // Move new file $err = 0; $newFileName = $uploadDir . $usepid . '.' . $_POST['format']; // Check whether file uploaded if (is_uploaded_file($_FILES['file']['tmp_name']) && oc_saveFile($_FILES['file']['tmp_name'], $newFileName, $_POST['format']) ) { //T: %s = submission ID (number) $confirmmsg = sprintf(oc_('Submission ID %s has been uploaded.'), $usepid); // Get and update notification template // ocIgnore included so poEdit picks up (DB) template translation //T: [:sid:] is the numeric submission ID $ocIgnoreSubject = oc_('Submission ID [:sid:] file uploaded'); //T: [:sid:] is the numeric submission ID $ocIgnoreBody = oc_('Submission ID [:sid:] has been uploaded. [:error:]'); list($mailsubject, $mailbody) = oc_getTemplate('author-upload'); $templateExtraAR = array( 'sid' => $usepid, 'error' => '' ); // Set lastupdate date, and format if needed $eq = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "'"; // also update format if changed if ($_POST['format'] != $pl[$formatDBFldName]) { $eq .= ", `" . $formatDBFldName . "`='" . safeSQLstr($_POST['format']) . "'"; } $eq .= " WHERE `paperid`='" . $usepid . "'"; if ( ! ocsql_query($eq)) { $templateExtraAR['error'] = oc_('However, we were unable to update the format.'); $confirmmsg .= "\n\n" . oc_('However, we were unable to update the format.'); $err = 1; } $mailsubject = oc_replaceVariables($mailsubject, $templateExtraAR); $mailbody = oc_replaceVariables($mailbody, $templateExtraAR); if (oc_hookSet('author-upload-preconfirm')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-preconfirm'] as $hook) { require_once $hook; } } // Send email confirmation if ( $OC_configAR['OC_emailAuthorOnUpload'] && ! $chair) { $to = $pl['email']; } else { $to = NULL; } sendEmail($to, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorUpload']); if (!$err) { print $confirmmsg; } else { err($confirmmsg); } // log ocsql_query("INSERT INTO `" . OCC_TABLE_LOG . "` SET `datetime`='" . safeSQLstr(gmdate('Y-m-d H:i:s')) . "', `type`='submission', `entry`='" . safeSQLstr('Submission ID ' . $usepid . ' file upload' . (isset($_POST['oc_multifile_type']) ? (' (MultiFile Type: ' . $_POST['oc_multifile_type'] . ')') : '')) . "'"); } else { // file failed to upload or move properly print '' . sprintf(oc_('The file failed to load properly. Please email it directly to the Chair'), $OC_configAR['OC_pcemail'], $OC_configAR['OC_confName'], $usepid) . ''; } printFooter(); exit; } print '

'; if ($chair) { print ' '; } print ''; if (oc_hookSet('author-upload-formtop')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-formtop'] as $hook) { require_once $hook; } } if (! $chair) { print ' '; } else { print ' '; } print ' '; if (oc_hookSet('author-upload-formbottom')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-formbottom'] as $hook) { require_once $hook; } } print '

' . oc_('Submission ID') . ':

( ' . oc_('forgot ID?') . ' )

' . oc_('Password') . ':

( ' . oc_('forgot password?') . ' )

' . oc_('File') . ':

' . //T: File format oc_('Format') . ': '; print '

\n"; print '

' . nl2br($fileNotice) . '

'; if (empty($OC_configAR['OC_fileLimit'])) { print '

' . sprintf(oc_('File limit is %1$s. If your file is larger, leave the File field empty and contact the Chair.'), $OC_maxFileSize, 'contact.php') . '

'; } print '

'; if (oc_hookSet('author-upload-bottom')) { foreach ($GLOBALS['OC_hooksAR']['author-upload-bottom'] as $hook) { require_once $hook; } } printFooter(); ?>