<?php

// +----------------------------------------------------------------------+
// | OpenConf                                                             |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2016 Zakon Group LLC.  All Rights Reserved.       |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on    |
// | the OpenConf web site: www.OpenConf.com                              |
// +----------------------------------------------------------------------+

require_once "../include.php";

$uploadDir = $OC_configAR['OC_paperDir'];
$uploadOpen = $OC_statusAR['OC_upload_open'];
$extAR = $OC_configAR['OC_extar'];
$fileNotice = ( isset($OC_configAR['OC_paperFldNote']) ? $OC_configAR['OC_paperFldNote'] : '' );
$formatDBFldName = 'format';

if (OCC_CHAIR_PWD_TRUMPS && isset($_REQUEST['c']) && ($_REQUEST['c'] == 1)) {
	$hdrfn = 1;
	beginChairSession();
	$chair = TRUE;
} else {
	$hdrfn = 3;
	$chair = FALSE;
}

// Print appropriate header
printHeader(oc_('Upload File'), $hdrfn);

if (oc_hookSet('author-upload-preprocess')) {
	foreach ($GLOBALS['OC_hooksAR']['author-upload-preprocess'] as $hook) {
		require_once $hook;
	}
}

if ($chair) { // display back links
	print '<p style="text-align: center"><a href="../chair/show_paper.php?pid=' . safeHTMLstr($_REQUEST['pid']) . '">View This Submission</a> | <a href="../chair/list_papers.php">View All Submissions</a></p><br />';
} elseif (! $uploadOpen) { // Check that we're still open
	warn(oc_('File upload is not available'));
}

// Check whether this is a submission
if (isset($_POST['ocaction']) && ($_POST['ocaction'] == "Upload File")) {
	if ($chair && !validToken('chair')) {
		warn(oc_('Invalid submission'));
	}

	// Check inputs
	if (! isset($_POST['pid']) || ! preg_match("/^\d+$/", $_POST['pid'])) {
		warn(oc_('Submission ID is invalid') . '. <a href="upload.php">' . oc_('Try again') . '</a>');
	} elseif (
		(! $chair && (!isset($_POST['pwd']) || empty($_POST['pwd'])))
		|| (!isset($_FILES['file']['name']) || empty($_FILES['file']['name']))
		|| (!isset($_POST['format']) || !in_array($_POST['format'], $extAR))
	) {
		warn('<form method="post" action="upload.php">' . oc_('Please fill in all fields.') . '  <input type="hidden" name="c" value="' . ($chair ? 1 : 0) . '" /><input type="hidden" name="pid" value="' . safeHTMLstr(varValue('pid', $_POST)) . '" /><input type="submit" value="' . oc_('Try again') . '" /></form>');
	}

	// Set PID to intval in case of leading 0's
	$usepid = intval($_POST['pid']);

	// Retrieve pwd, format, & contact author email
	$pq = "SELECT `" . OCC_TABLE_PAPER . "`.`" . $formatDBFldName . "`, `" . OCC_TABLE_PAPER . "`.`accepted`, `" . OCC_TABLE_PAPER . "`.`password`, `" . OCC_TABLE_AUTHOR . "`.`email` FROM `" . OCC_TABLE_PAPER . "` LEFT JOIN `" . OCC_TABLE_AUTHOR . "` ON (`" . OCC_TABLE_PAPER . "`.`paperid`=`" . OCC_TABLE_AUTHOR . "`.`paperid` AND `" . OCC_TABLE_PAPER . "`.`contactid`=`" . OCC_TABLE_AUTHOR . "`.`position`) WHERE `" . OCC_TABLE_PAPER . "`.`paperid`='" . $usepid . "'";
	$pr = ocsql_query($pq) or err("Unable to upload file (" . ocsql_errno() . ")");
	if (ocsql_num_rows($pr) != 1) {
		warn(oc_('Submission ID or password entered is incorrect'));
	}
	$pl = ocsql_fetch_array($pr);

	// Valid pid/pwd?; check for chair pwd first to save db call
	if (! $chair
		&& !oc_password_verify($_POST['pwd'], $pl['password'])
	) {
		warn(oc_('Submission ID or password entered is incorrect'));
	}
	
	// Was a file successfully loaded
	if (!isset($_FILES['file']['error']) 						// bad upload
			|| $_FILES['file']['error'] 						// error
			|| ! is_uploaded_file($_FILES['file']['tmp_name']) 	// fake upload
			|| ($_FILES['file']['size'] <= 0)					// empty file
			|| (!empty($OC_configAR['OC_fileLimit']) && ($_FILES['file']['size'] > ($OC_configAR['OC_fileLimit'] * 1024 * 1024)))	// file size > limit
	) {
		warn(sprintf(oc_('The file failed to load.  Please <a href="%1$s">try again</a>.  If the problem persists, contact the <a href="mailto:%2$s?subject=File Upload failed">Chair</a>'), $_SERVER['PHP_SELF'], $OC_configAR['OC_pcemail']));
	}

	if (oc_hookSet('author-upload-validate')) {
		foreach ($GLOBALS['OC_hooksAR']['author-upload-validate'] as $hook) {
			require_once $hook;
		}
	}
	
	// Delete old file?
	$oldFileName = $uploadDir . $usepid . '.' . $pl[$formatDBFldName];
	oc_deleteFile($oldFileName);

	// Move new file
	$err = 0;
	$newFileName = $uploadDir . $usepid . '.' . $_POST['format'];
	
    // Check whether file uploaded
    if (is_uploaded_file($_FILES['file']['tmp_name'])
		&& oc_saveFile($_FILES['file']['tmp_name'], $newFileName, $_POST['format'])
	) {
		//T: %s = submission ID (number)
		$confirmmsg = sprintf(oc_('Submission ID %s has been uploaded.'), $usepid);

		// Get and update notification template
		// ocIgnore included so poEdit picks up (DB) template translation
		//T: [:sid:] is the numeric submission ID
		$ocIgnoreSubject = oc_('Submission ID [:sid:] file uploaded');
		//T: [:sid:] is the numeric submission ID
		$ocIgnoreBody = oc_('Submission ID [:sid:] has been uploaded.

[:error:]');
		list($mailsubject, $mailbody) = oc_getTemplate('author-upload');
		$templateExtraAR = array(
			'sid' => $usepid,
			'error' => ''
		);

		// Set lastupdate date, and format if needed
		$eq = "UPDATE `" . OCC_TABLE_PAPER . "` SET `lastupdate`='" . safeSQLstr(date("Y-m-d")) . "'";
		// also update format if changed
		if ($_POST['format'] != $pl[$formatDBFldName]) {
			$eq .= ", `" . $formatDBFldName . "`='" . safeSQLstr($_POST['format']) . "'";
		}
		$eq .= " WHERE `paperid`='" . $usepid . "'";
		if ( ! ocsql_query($eq)) {
			$templateExtraAR['error'] = oc_('However, we were unable to update the format.');
			$confirmmsg .= "\n\n" . oc_('However, we were unable to update the format.');
			$err = 1;
		}

		$mailsubject = oc_replaceVariables($mailsubject, $templateExtraAR);
		$mailbody = oc_replaceVariables($mailbody, $templateExtraAR);

		if (oc_hookSet('author-upload-preconfirm')) {
			foreach ($GLOBALS['OC_hooksAR']['author-upload-preconfirm'] as $hook) {
				require_once $hook;
			}
		}

		// Send email confirmation
		if ( $OC_configAR['OC_emailAuthorOnUpload'] && ! $chair) {
			$to = $pl['email'];
		} else {
			$to = NULL;
		}

   		sendEmail($to, $mailsubject, $mailbody, $OC_configAR['OC_notifyAuthorUpload']);

		if (!$err) {
			print $confirmmsg;
		} else {
			err($confirmmsg);
		}
		
		// log
		ocsql_query("INSERT INTO `" . OCC_TABLE_LOG . "` SET `datetime`='" . safeSQLstr(gmdate('Y-m-d H:i:s')) . "', `type`='submission', `entry`='" . safeSQLstr('Submission ID ' . $usepid . ' file upload' . (isset($_POST['oc_multifile_type']) ? (' (MultiFile Type: ' . $_POST['oc_multifile_type'] . ')') : '')) . "'");

	} else { // file failed to upload or move properly
		print '<span class="err">' . sprintf(oc_('The file failed to load properly.  Please email it directly to the <a href="mailto:%1$s?subject=%2$s File failed - submission ID %3$s">Chair</a>'), $OC_configAR['OC_pcemail'], $OC_configAR['OC_confName'], $usepid) . '</span>';
	}

	printFooter();
	exit;
}

print '
<form method="POST" enctype="multipart/form-data" action="upload.php" id="uploadform">
<input type="hidden" name="ocaction" value="Upload File" />
';

if ($chair) {
	print '
<input type="hidden" name="c" value="1">
<input type="hidden" name="token" value="' . safeHTMLstr($_SESSION[OCC_SESSION_VAR_NAME]['chairtoken']) . '" />
<input type="hidden" name="pid" value="' . safeHTMLstr($_REQUEST['pid']) . '" />
';
}

print '<table border=0 cellspacing=0 cellpadding=5>';

if (oc_hookSet('author-upload-formtop')) {
	foreach ($GLOBALS['OC_hooksAR']['author-upload-formtop'] as $hook) {
		require_once $hook;
	}
}

if (! $chair) {
	print '
<tr id="subid"><td style="font-weight: bold; white-space: nowrap;"><label for="pid">' . oc_('Submission ID') . ':</label></td><td><input name="pid" id="pid" size="5" tabindex="1" value="' . ((isset($_GET['id']) && ctype_digit($_GET['id'])) ? safeHTMLstr($_GET['id']) : '')  . '"> ( <a href="email_papers.php">' . oc_('forgot ID?') . '</a> )</td></tr>
<tr id="pwd"><td><strong><label for="pwdfld">' . oc_('Password') . ':</label></strong></td><td><input name="pwd" id="pwdfld" type="password" size="20" maxlength="255" tabindex="2"> ( <a href="reset.php">' . oc_('forgot password?') . '</a> )</td></tr>
';
} else {
	print '
<div style="display: none;"><div id="subid"></div><div id="pwd"></div></div>
';
}

print '
<tr id="filerow"><td valign="top"><strong><label for="file">' . oc_('File') . ':</label></strong></td><td><input type="file" name="file" id="file" size="30" tabindex="3"> &nbsp; &nbsp; <strong><label for="format">' . 
//T: File format
oc_('Format') . ':</label></strong>
';

print '<select name="format" id="format">';
$formatoptions = "";
foreach ($extAR as $fval) {
	$formatoptions .= '<option value="' . $fval . '"> ' . $OC_formatAR[$fval] . '</option>';
}
print $formatoptions;
print "</select><p />\n";

print '
<div class="note2" id="fldnote">' . nl2br($fileNotice) . '</div>
';

if (empty($OC_configAR['OC_fileLimit'])) {
	print '<p class="note">' . sprintf(oc_('File limit is %1$s.  If your file is larger, leave the File field empty and contact the <a href="%2$s">Chair</a>.'), $OC_maxFileSize, 'contact.php') . '</p>';
}

print '
</td></tr>
';

if (oc_hookSet('author-upload-formbottom')) {
	foreach ($GLOBALS['OC_hooksAR']['author-upload-formbottom'] as $hook) {
		require_once $hook;
	}
}

print '
</table>
<p>
<div id="sub"><input type="submit" name="subaction" class="submit" value="' . oc_('Upload File') . '" tabindex="4"></div>
</form>
<p>
';

if (oc_hookSet('author-upload-bottom')) {
	foreach ($GLOBALS['OC_hooksAR']['author-upload-bottom'] as $hook) {
		require_once $hook;
	}
}

printFooter();

?>