1<?php 2// 3// GetPaper -- this is a PHP script where execution is specified in a .htaccess 4// file. This is done so the paper that is being requested is specified as a 5// suffix to the GetPaper request. This is necessary to have automatic file naming 6// work for specific browsers (I think Mozilla/netscape). 7// 8include('../Code/confHeader.inc'); 9//$_SESSION[Me] -> goIfInvalid("../index.php"); 10$Conf -> connect(); 11 12// 13// Determine the intended paper -- this code from artur 14// 15 16// $PATH_INFO is the rest of the URI (w/o ?... queries) 17// strip leading slash 18if ( ! IsSet($_REQUEST[paperId]) ) { 19 $paper = preg_replace ("/^\//", "", $PATH_INFO); 20 $found = preg_match ("/.*paper-(\d+).*$/", $paper, $match); 21 if (!$found) { 22 echo "<p>Invalid paper name $paper</p>\n"; 23 exit; 24 } else { 25 $_REQUEST[paperId] = $match[1]; 26 } 27} else { 28 // 29 // Should have a valid paperId? 30 // 31} 32// 33// Security checks - people who can download all paperss 34// are assistants, chairs & PC members. Otherwise, you need 35// to be the contact person for that paper. 36// 37// 38if ( $_SESSION[Me] -> isChair || $_SESSION[Me] -> isPC || $_SESSION[Me] -> isAssistant) { 39 $valid = 1; 40} else if ($_SESSION[Me] -> amPaperAuthor($_REQUEST[paperId], $Conf) ) { 41 $valid = 1; 42} else if ( $_SESSION[Me] -> iCanReview($_REQUEST[paperId], $Conf) ) { 43 $valid = 1; 44} else { 45 $valid = 0; 46} 47 48if ( !$valid ) { 49 print "<html>"; 50 print "<body>"; 51 $Conf->errorMsg("You are not authorized to download paper #$_REQUEST[paperId]"); 52 print "</body>"; 53 print "</html>"; 54 exit(); 55} 56 57 58if ( $Conf -> downloadPaper($_REQUEST[paperId]) ) { 59 // 60 // Happy happy joy joy - do nothing 61 // 62 $Conf->log("Downloading $_REQUEST[paperId] for review", $_SESSION[Me]); 63 exit(); 64} else { 65 echo "<html>"; 66 $Conf->header("Error Retrieving Paper #$_REQUEST[paperId]"); 67 echo " <body> <p> There appears to be a problem "; 68 echo "downloading the file </p> </body> </html>"; 69} 70?> 71