<?php

// +----------------------------------------------------------------------+
// | OpenConf                                                             |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2016 Zakon Group LLC.  All Rights Reserved.       |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on    |
// | the OpenConf web site: www.OpenConf.com                              |
// +----------------------------------------------------------------------+

$OC_DISCUSSION_showPosts = 10;	// # of latest postings to show

oc_addCSS('oc_discussion.css','oc_discussion');

$hdr = oc_('Post Comment');
require_once 'oc_discussion/validate.inc';

// Post?
$err = '';
if (isset($_POST['oc_discussion_post']) && ($_POST['oc_discussion_post'] == oc_('Post Comment'))) {
	$err = array();
	if (!preg_match("/\w/", $_POST['oc_discussion_comment'])) {
		$err = oC_('Comment needs to include some text');
	}

	if (empty($err)) {
		// add comment
		$q = "INSERT INTO `" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "` SET " .
			"`paperid`='" . safeSQLstr($_REQUEST['thread']) . "', " .
			"`accountid`='" . safeSQLstr($uid) . "', " .
			"`time`='" . safeSQLstr(time()) . "', " .
			"`content`='" . safeSQLstr($_POST['oc_discussion_comment']) . "'";
		$r = ocsql_query($q) or err('Unable to post comment');
		$postid = ocsql_insert_id();

		$location = 'http' . ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 's' : '') . '://' . safeHTMLstr($_SERVER['SERVER_NAME']) . (ctype_digit($_SERVER['SERVER_PORT']) && (($_SERVER['SERVER_PORT'] != '80')) ? (':' . $_SERVER['SERVER_PORT']) : '') . $_SERVER['PHP_SELF'] . '?module=oc_discussion&action=show_thread.php&thread=' . safeHTMLstr($_REQUEST['thread']) . '&access=2#post' . $postid;

		// email notification
		$emailAR = array();
		// if reviewer access enabled, get reviewers except for one posting
		if ($OC_configAR['OC_DISCUSSION_reviewerAccess']) {
			$q = "SELECT `" . OCC_TABLE_REVIEWER . "`.`email` FROM `" . OCC_TABLE_REVIEWER . "`, `" . OCC_TABLE_PAPERREVIEWER . "` WHERE `" . OCC_TABLE_PAPERREVIEWER . "`.`paperid`='" . safeSQLstr($_REQUEST['thread']) . "' AND `" . OCC_TABLE_PAPERREVIEWER . "`.`reviewerid`!='" . safeSQLstr($uid) . "' AND `" . OCC_TABLE_PAPERREVIEWER . "`.`reviewerid`=`" . OCC_TABLE_REVIEWER . "`.`reviewerid`";
			if ($r = ocsql_query($q)) {
				while ($l = ocsql_fetch_assoc($r)) {
					$emailAR[] = $l['email'];
				}
			}
		}
		// get advocates except for one posting
		if ($OC_configAR['OC_paperAdvocates']) {
			$q = "SELECT `" . OCC_TABLE_REVIEWER . "`.`email` FROM `" . OCC_TABLE_REVIEWER . "`, `" . OCC_TABLE_PAPERADVOCATE . "` WHERE `" . OCC_TABLE_PAPERADVOCATE . "`.`paperid`='" . safeSQLstr($_REQUEST['thread']) . "' AND `" . OCC_TABLE_PAPERADVOCATE . "`.`advocateid`!='" . safeSQLstr($uid) . "' AND `" . OCC_TABLE_PAPERADVOCATE . "`.`advocateid`=`" . OCC_TABLE_REVIEWER . "`.`reviewerid`";
			if ($r = ocsql_query($q)) {
				while ($l = ocsql_fetch_assoc($r)) {
					if (!in_array($l['email'], $emailAR)) {
						$emailAR[] = $l['email'];
					}
				}
			}
		}
		// get list of reviewers that have requested not to be notified
		$emailSkipAR = array();
		$q = "SELECT `" . OCC_TABLE_REVIEWER . "`.`email` FROM `" . OCC_TABLE_REVIEWER . "`, `" . OCC_TABLE_MODULE_OC_DISCUSSION_NOTIFICATION . "` WHERE `" . OCC_TABLE_MODULE_OC_DISCUSSION_NOTIFICATION . "`.`notification`=0 AND `" . OCC_TABLE_MODULE_OC_DISCUSSION_NOTIFICATION . "`.`accountid`=`" . OCC_TABLE_REVIEWER . "`.`reviewerid`";
		if ($r = ocsql_query($q)) {
			while ($l = ocsql_fetch_assoc($r)) {
				$emailSkipAR[] = $l['email'];
			}
		}
		// finally send out notification
		$subj = '[' . $OC_configAR['OC_confName'] . '] ' . oc_('Discussion Post Notification');
		$body = oc_('A new post has been made in the discussion of submission:') . "\n\n" . 
					$_REQUEST['thread'] . '. ' . $paper['title'] . "\n\n" .
					oc_('If you are already signed into OpenConf, you may view and reply to the post at:') . "\n\n" .
					$location . "\n\n" .
					oc_('Note that if the above web address is broken across multiple lines, you will need to copy/paste into one line.') . "\n\n" .
					oc_('The post follows below.') . "\n\n" .
					"------------------------------------------------------------------------\n\n" .
					$_POST['oc_discussion_comment'] . "\n\n";
		if ($OC_configAR['OC_reviewerSeeOtherReviewers']) {
			$body .= '- ';
			if ($uid == 0) {
				$body .=  oc_('Chair');
			} else {
				$body .= $_SESSION[OCC_SESSION_VAR_NAME]['name'];
			}
		}
		foreach ($emailAR as $emailAddress) {
			if (!in_array($emailAddress, $emailSkipAR)) {
				oc_mail($emailAddress, $subj, $body);
			}
		}

		// redirect
		if ($access != 2) {
			$location = preg_replace("/access=2/", "access=" . urlencode($access), $location);
		}
		header('Location: ' . $location);
		exit;
	}
}


$OC_displayTop = '
<a href="' . $_SERVER['PHP_SELF'] . '?module=oc_discussion&action=list_threads.php&access=' . $access . '">' . oc_('All Threads') . '</a> &#187; 
<a href="' . $_SERVER['PHP_SELF'] . '?module=oc_discussion&action=show_thread.php&thread=' . safeHTMLstr($_REQUEST['thread']) . '&access=' . $access . '">' . sprintf(oc_('Submission ID %d Discussion'), safeHTMLstr($_REQUEST['thread'])) . '</a> &#187; 
';

printHeader($hdr, $access);

// Display paper info
print '<p class="oc_discussion_paper_info">' . safeHTMLstr($_REQUEST['thread']) . '. ' . safeHTMLstr($paper['title']) . '</p>';

// Error?
if (!empty($err)) {
	print '<p class="warn" style="text-align: center">' . safeHTMLstr($err) . '</p>';
}

// Display preview?
if (isset($_POST['oc_discussion_post']) && ($_POST['oc_discussion_post'] != oc_('Post Comment'))) {
	print '
<div class="oc_discussion_post">
	<div class="oc_discussion_post_header">
		<div class="oc_discussion_post_author">' . oc_('Preview Post') . '</div>
	</div>
	<div class="oc_discussion_post_content">' . nl2br(safeHTMLstr($_POST['oc_discussion_comment'])) . '</div>
</div>
';
}

// Display post form
print '
<form method="post" action="' . OCC_SELF . '">
<div class="oc_discussion_reply">
	<div class="oc_discussion_reply_input"><textarea name="oc_discussion_comment" id="oc_discussion_comment" rows="5" cols="60">' . (isset($_POST['oc_discussion_comment']) ? safeHTMLstr($_POST['oc_discussion_comment']) : '') . '</textarea></div>
	<div class="oc_discussion_reply_submit"><input type="submit" name="oc_discussion_post" value="' . oc_('Post Comment') . '" /> &nbsp; &nbsp; &nbsp; <input type="submit" name="oc_discussion_post" value="' . oc_('Preview Comment') . '" /></div>
</div>
</form>
';

// Get last 5 posts
$q = "SELECT `" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "`.*, CONCAT_WS(' ',`" . OCC_TABLE_REVIEWER . "`.`name_first`, `" . OCC_TABLE_REVIEWER . "`.`name_last`) AS `name`, `" . OCC_TABLE_REVIEWER . "`.`email` FROM `" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "` LEFT JOIN (`" . OCC_TABLE_REVIEWER . "`) ON (`" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "`.`accountid`=`" . OCC_TABLE_REVIEWER . "`.`reviewerid`) WHERE `" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "`.`paperid`='" . safeSQLstr($_REQUEST['thread']) . "' ORDER BY  `" . OCC_TABLE_MODULE_OC_DISCUSSION_POST . "`.`time` DESC LIMIT " . $OC_DISCUSSION_showPosts;
$r = ocsql_query($q) or err('Unable to retrieve posts');

// Display posts
while ($l = ocsql_fetch_assoc($r)) {
	print '
<div class="oc_discussion_post">
	<div class="oc_discussion_post_header">
		<div class="oc_discussion_post_time">' . oc_strftime('%c',$l['time']) . ' </div>
		<div class="oc_discussion_post_author">';
		// Chair? - special set up
		if (empty($l['accountid']) || ($l['accountid'] == 0)) {
			$name = oc_('Chair');
			$l['email'] = $OC_configAR['OC_pcemail'];
		} elseif ($OC_configAR['OC_reviewerSeeOtherReviewers'] || ($_SESSION[OCC_SESSION_VAR_NAME]['acpc'] == 'T') || isset($_SESSION[OCC_SESSION_VAR_NAME]['chairlast'])) {
			$name = $l['name'];
		} else {
			//T: %d = review/program committee member ID
			$name = sprintf(oc_('Member ID %d'), $l['accountid']);
		}
		print safeHTMLstr($name) . '</div>
	</div>
	<div class="oc_discussion_post_content">' . nl2br(safeHTMLstr($l['content'])) . '</div>
</div>
';
}

//T: %1$s = UTC offset (e.g., -0400); %2$s = time
print '<div class="oc_discussion_current_time">' . sprintf(oc_('All times are UTC %1$s.  The time now is %2$s'), date('O'), oc_strftime('%X')) . '</div>';

printFooter();