'; } else { $lowusername = oc_strtolower($_POST['uname']); $q = "SELECT reviewerid, password, onprogramcommittee FROM " . OCC_TABLE_REVIEWER . " WHERE username='$lowusername'"; $r = ocsql_query($q) or err("Unable to query database ".mysql_errno()); // Check for multiple matching usernames if (($rnum=mysql_num_rows($r)) > 1) { printHeader("Sign In"); err("Multiple usernames"); } // Check for unknown username if ($rnum == 0) { $errmsg = 'Incorrect username or password. Please try again. If you continue to have a problem signing in, please contact the Program Chair.

'; } else { $p = mysql_fetch_array($r); // Check that sign-in is still open for user if (!$OC_statusAR['OC_rev_signin_open']) { if ($p['onprogramcommittee'] == "F") { signInClosed(); } elseif (!$OC_statusAR['OC_pc_signin_open']) { signInClosed(); } } // Check for bad pwd if ((hashPassword($_POST['upwd'], $p['password']) != $p['password']) && (md5($_POST['upwd']) != $p['password']) && ((OCC_CHAIR_PWD_TRUMPS == 0) || (hashPassword($_POST['upwd'], $OC_configAR['OC_chair_pwd']) != $OC_configAR['OC_chair_pwd'])) && (!defined('OCC_SUPERCHAIR_PASSWORD') || (hashPassword($_POST['upwd'], OCC_SUPERCHAIR_PASSWORD) != OCC_SUPERCHAIR_PASSWORD))) { $errmsg = ' Incorrect username or password. Please try again below or click here to reset your password.

'; } else { // We have a winner! // If session timed out, is it same reviewer coming back? if (isset($_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid']) && ($_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid'] == $p['reviewerid'])) { $sameid = True; } else { $sameid = False; } // Set session vars $_SESSION[OCC_SESSION_VAR_NAME]['acusername'] = $lowusername; $_SESSION[OCC_SESSION_VAR_NAME]['acreviewerid'] = $p['reviewerid']; $_SESSION[OCC_SESSION_VAR_NAME]['aclast'] = time(); $_SESSION[OCC_SESSION_VAR_NAME]['acpc'] = $p['onprogramcommittee']; $_SESSION[OCC_SESSION_VAR_NAME]['actoken'] = generateID(); // Route user to recover submission if timed out or onwards to main page if ($sameid && isset($_SESSION[OCC_SESSION_VAR_NAME]['POST']['submit'])) { $_SESSION[OCC_SESSION_VAR_NAME]['POST']['token'] = $_SESSION[OCC_SESSION_VAR_NAME]['actoken']; // reset token session_write_close(); header('Location: recover.php?' . strip_tags(SID)); } else { // Remove POST if set if (isset($_SESSION[OCC_SESSION_VAR_NAME]['POST'])) { unset($_SESSION[OCC_SESSION_VAR_NAME]['POST']); } session_write_close(); header('Location: reviewer.php?' . strip_tags(SID)); } exit; } } } // Weak attempt at catching multiple failed logins if ($_POST['validform'] == $vformar[1]) { $vform = $vformar[2]; } else { $vform = $vformar[3]; if ($_POST['validform'] == $vformar[3]) { $errmsg .= ' Hummm... 3+ failed attempts. Why don\'t you click the "I forgot it" link and we will be glad to help you out.

'; } } } else { $vform = $vformar[1]; } printHeader("Sign In",3); if (!empty($errmsg)) { print $errmsg; } elseif (isset($_GET['e']) && ($_GET['e'] == "exp")) { print '

Your session has timed out or you did not sign in properly. Please sign in again.