README.md
1HotCRP Conference Review Software [![Build Status](https://travis-ci.org/kohler/hotcrp.svg?branch=master)](https://travis-ci.org/kohler/hotcrp)
2=================================
3
4HotCRP is the best available software for managing the conference
5review process, including paper submission, review and comment
6management, rebuttals, and the PC meeting. Its main strengths are
7flexibility and ease of use in the review process, especially through
8smart paper search and an extensive tagging facility. It is widely
9used in computer science conferences and for internal review processes
10at several large companies.
11
12Multitrack conferences with per-track deadlines should use other software.
13
14HotCRP is the open-source version of the software running on
15[hotcrp.com](https://hotcrp.com). If you want to run HotCRP without setting
16up your own server, use hotcrp.com.
17
18Prerequisites
19-------------
20
21HotCRP runs on Unix, including Mac OS X. It requires the following
22software:
23
24* Nginx, http://nginx.org/ or Apache, http://apache.org/
25 (You may be able to use another web server that works with PHP.)
26* PHP version 5.6 or higher, http://php.net/
27 - Including MySQL support
28* MySQL version 5 or higher, http://mysql.org/
29* The zip compressor, http://www.info-zip.org/
30* Poppler’s version of pdftohtml, http://poppler.freedesktop.org/ (only
31 required for format checking)
32
33Apache is preloaded on most Linux distributions. You may need to install
34additional packages, such as php71, php71-fpm, php71-mysqlnd, zip,
35poppler-utils, and sendmail or postfix. You may need to restart the Apache web
36server after installing these packages (`sudo apachectl graceful` or `sudo
37apache2ctl graceful`). If using nginx, you will need php-fpm.
38
39Installation
40------------
41
421. Run `lib/createdb.sh` to create the database. Use
43`lib/createdb.sh OPTIONS` to pass options to MySQL, such as `--user`
44and `--password`. Many MySQL installations require privilege to create
45tables, so you may need `sudo lib/createdb.sh OPTIONS`. Run
46`lib/createdb.sh --help` for more information. You will need to
47decide on a name for your database (no spaces allowed).
48
49 The username and password information for the conference database is
50stored in `conf/options.php`, which HotCRP marks as world-unreadable. You must
51ensure that your PHP can read this file.
52
532. Edit `conf/options.php`, which is annotated to guide you.
54(`lib/createdb.sh` creates this file based on `src/distoptions.php`.)
55
563. Configure your web server to access HotCRP. The right way to do this
57depends on which server you’re running.
58
59 **Nginx**: Configure Nginx to access `php-fpm` for anything under
60the HotCRP URL path. All accesses should be redirected to `index.php`.
61This example, which would go in a `server` block, makes `/testconf`
62point at a HotCRP installation in /home/kohler/hotcrp (assuming
63`php-fpm` is listening on port 9000):
64
65 location /testconf/ {
66 fastcgi_pass 127.0.0.1:9000;
67 fastcgi_split_path_info ^(/testconf)(/.*)$;
68 fastcgi_param PATH_INFO $fastcgi_path_info;
69 fastcgi_param SCRIPT_FILENAME /home/kohler/hotcrp/index.php;
70 include fastcgi_params;
71 }
72
73 You may also set up separate `location` blocks so that Nginx
74serves files under `images/`, `scripts/`, and `stylesheets/` directly.
75
76 **Apache**: Generally you must add a `<Directory>` to `httpd.conf`
77(or one of its inclusions) for the HotCRP directory, and an `Alias`
78redirecting your preferred URL path to that directory. This example
79makes `/testconf` point at a HotCRP installation in
80/home/kohler/hotcrp:
81
82 # Apache 2.2 and earlier:
83 <Directory "/home/kohler/hotcrp">
84 Options Indexes Includes FollowSymLinks
85 AllowOverride all
86 Order allow,deny
87 Allow from all
88 </Directory>
89 Alias /testconf /home/kohler/hotcrp
90
91 # Apache 2.4 and later:
92 <Directory "/home/kohler/hotcrp">
93 Options Indexes Includes FollowSymLinks
94 AllowOverride all
95 Require all granted
96 </Directory>
97 Alias /testconf /home/kohler/hotcrp
98
99 Note that the first argument to Alias should NOT end in a slash.
100The `AllowOverride all` directive is required.
101
102 Everything under HotCRP’s URL path (here, `/testconf`) should be
103served by HotCRP. This normally happens automatically. However, if
104the URL path is `/`, you may need to turn off your server’s default
105handlers for subdirectories such as `/doc`.
106
1074. Update PHP settings.
108
109 The first three settings, `upload_max_filesize`, `post_max_size`, and
110`max_input_vars`, may be changed system-wide or in HotCRP’s `.htaccess` and
111`.user.ini` files.
112
113 * `upload_max_filesize`: Set to the largest file upload HotCRP should accept.
114 `15M` is a good default.
115
116 * `post_max_size`: Set to the largest total upload HotCRP should accept. Must
117 be at least as big as `upload_max_filesize`. `20M` is a good default.
118
119 * `max_input_vars`: Set to the largest number of distinct input variables
120 HotCRP should accept. `4096` is a good default.
121
122 The last setting, `session.gc_maxlifetime`, must be changed globally. This
123provides an upper bound on HotCRP session lifetimes (the amount of idle time
124before a user is logged out automatically). On Unix machines, systemwide PHP
125settings are often stored in `/etc/php.ini`. The suggested value for this
126setting is 86400, e.g., 24 hours:
127
128 session.gc_maxlifetime = 86400
129
130 If you want sessions to expire sooner, we recommend you set
131`session.gc_maxlifetime` to 86400 anyway, then edit `conf/options.php`
132to set `$Opt["sessionLifetime"]` to the correct session timeout.
133
1345. Edit MySQL’s my.cnf (typical locations: `/etc/mysql/my.cnf` or
135`/etc/mysql/mysql.conf.d/mysqld.cnf`) to ensure that MySQL can handle
136paper-sized objects. It should contain something like this:
137
138 [mysqld]
139 max_allowed_packet=32M
140
141 max_allowed_packet must be at least as large as the largest paper
142you are willing to accept. It defaults to 1M on some systems, which is
143not nearly large enough. HotCRP will warn you if it is too small. Some
144MySQL setups, such as on Mac OS X, may not have a my.cnf by default;
145just create one. If you edit my.cnf, also restart the mysqld server.
146On Linux try something like `sudo /etc/init.d/mysql restart`.
147
1486. Enable a mail transport agent, such as Postfix or Sendmail. You may need
149help from an administrator to ensure HotCRP can send mail.
150
1517. Sign in to the site to create an account. The first account created
152automatically receives system administrator privilege.
153
154You can set up everything else through the web site itself.
155
156* Configuration notes
157
158 - Uploaded papers and reviews are limited in size by several PHP
159 configuration variables, set by default to 15 megabytes in the HotCRP
160 directory’s `.htaccess` (or `.user.ini` if you are using php-fpm).
161
162 - HotCRP PHP scripts can take a lot of memory, particularly if they're
163 doing things like generating MIME-encoded mail messages. By default
164 HotCRP sets the PHP memory limit to 128MB.
165
166 - HotCRP benefits from Apache’s `mod_expires` and `mod_rewrite`
167 modules; consider enabling them.
168
169 - Most HotCRP settings are assigned in the conference database’s
170 Settings table. The Settings table can also override values in
171 `conf/options.php`: a Settings record with name "opt.XXX" takes
172 precedence over option $Opt["XXX"].
173
174Database access
175---------------
176
177Run `lib/backupdb.sh` at the shell prompt to back up the database.
178This will write the database’s current structure and comments to the
179standard output. As typically configured, HotCRP stores all paper
180submissions in the database, so the backup file may be quite large.
181
182Run `lib/restoredb.sh BACKUPFILE` at the shell prompt to restore the
183database from a backup stored in `BACKUPFILE`.
184
185Run `lib/runsql.sh` at the shell prompt to get a MySQL command prompt
186for the conference database.
187
188Updates
189-------
190
191HotCRP code can be updated at any time without bringing down the site.
192If you obtained the code from git, use `git pull`. if you obtained
193the code from a tarball, copy the new version over your old code,
194preserving `conf/options.php`. For instance, using GNU tar:
195
196 % cd HOTCRPINSTALLATION
197 % tar --strip=1 -xf ~/hotcrp-NEWVERSION.tar.gz
198
199Multiconference support
200-----------------------
201
202HotCRP can run multiple conferences from a single installation. The
203last directory component of the URL will define the conference ID.
204For instance:
205
206 http://read.seas.harvard.edu/conferences/testconf/doc/testconf-paper1.pdf
207 ^^^^^^^^
208 conference ID
209
210The conference ID can only contain characters in `[-_.A-Za-z0-9]`, and
211it must not start with a period. HotCRP will check for funny
212conference IDs and replace them with `__invalid__`.
213
214To turn on multiconference support:
215
2161. Set your Web server to use the HotCRP install directory for all relevant
217 URLs. For Apache, this may require an `Alias` directive per conference.
218
2192. Set `$Opt["multiconference"]` to true in `conf/options.php`. This will set
220 the conference ID to the last directory component as described above.
221 Alternately, set `$Opt["multiconferenceAnalyzer"]` to a regular expression,
222 a space, and a replacement pattern. HotCRP matches the full input URL to
223 the regex, then uses the replacement pattern as the conference ID. For
224 example, this setting will use "conf_CONFNAME" as the conference ID for a
225 URL like "http://CONFNAME.crap.com/":
226
227 $Opt["multiconferenceAnalyzer"] = '\w+://([^./]+)\.crap\.com\.?/ conf_$1';
228
2293. Set HotCRP options to locate the options relevant for each conference. The
230 best mechanism is to use `$Opt["include"]` to include a conference-specific
231 options file. For example (note the single quotes):
232
233 $Opt["include"] = 'conf/options-${confid}.php';
234
235 The `${confid}` substring is replaced with the conference ID. HotCRP will
236refuse to proceed if the conference-specific options file doesn’t exist. To
237ignore nonexistent options files, use wildcards:
238
239 $Opt["include"] = 'conf/[o]ptions-${confid}.php';
240
241 `${confid}` replacement is also performed on these $Opt settings: dbName,
242dbUser, dbPassword, sessionName, downloadPrefix, conferenceSite, paperSite,
243defaultPaperSite, contactName, contactEmail, emailFrom, emailSender, emailCc,
244emailReplyTo, and docstore.
245
2464. Each conference needs its own database. Create one using the
247 `lib/createdb.sh` script (the `-c CONFIGFILE` option will be useful).
248
249License
250-------
251
252HotCRP is available under the Click license, a BSD-like license. See the
253LICENSE file for full license terms.
254
255Authors
256-------
257
258Eddie Kohler, Harvard/UCLA
259
260* HotCRP is based on CRP, which was written by Dirk Grunwald,
261 University of Colorado
262* [banal by Geoff Voelker, UCSD](http://www.sysnet.ucsd.edu/sigops/banal/)
263