kohler / hotcrp Goto Github PK

InnoDB has some nice resiliency properties when compared to MyISAM, so it would be nice to allow its use.

I'm trying this out by converting my HotCRP test to InnoDB. To do this I first had to drop the FULLTEXT indices because they are not supported in InnoDB prior to MySQL 5.6.4.

I hacked together some SQL to generate the right SQL for dropping the indices and converting the table. YMMV; do check the output before running it. Replace <INSERT DATABASE NAME HERE> with the database name.

mysql --skip-column-names -B -e "select distinct CONCAT(\"DROP INDEX \", index_name, \" ON \", table_name, \";\") from information_schema.statistics where index_type='FULLTEXT' and table_schema='<INSERT DATABASE NAME HERE>'"
mysql --skip-column-names -B -e "select distinct CONCAT(\"ALTER TABLE \", table_name, \" ENGINE=InnoDB;\") from information_schema.tables where table_schema='<INSERT DATABASE NAME HERE>'"

Like review fields.

—Save changes at top & bottom
—Button to replace the PDF?

Hi,

Thanks a lot for your great work.
When an author posts a response to a reviewer, can the reviewer be notified about this response by email ? If not, what is the right way so that the reviewer may acceed to all the responses to his comments ?

Best,
Thibaud.

—Check that connectionsharing works
—Make a single connection first to see that the comet server is up
—What is with CLOSE_WAIT

Our instance is creating new submissions with the ID incrementing by 5 for each submission. The list of IDs for our submissions looks like the following.

1,6,11,16,21,26,31,....

I've searched for any setting like this but haven't found anything I believe is causing this problem.

We're currently running: 4972c80

Otherwise everything is operating as expected.

After tomorrow I'll be happy to mess with it and debug if that would help find the root cause.

Vimal Jeyakumar reported the following error:

"After submitting a paper, when I click on the PDF link, I get a 403 forbidden error."

I was able to reproduce this problem for my own paper.

The error is generated by Apache, not PHP.

I'm guessing this is a problem with the default .htaccess?

Thanks!
-Colin

To recreate with a fresh install:

• add a "text" type submission option (works as expected)
• add a "pdf" type submission option

what happens:

• browser shows blank page, devtools shows 500 error, no error output on server

doesn't happen in cc8961a, but stops me in my tracks in ff30184.

Since test.hotcrp.com doesn't host its Javascript on a different domain

We find that it would be very useful if we let the discussion lead of a paper to enter a final verdict on the paper (Accept, Reject, Discuss) after the discussions. Looks like this function is not there yet.

Hi

I downloaded the latest source just few minutes back and set up hotcrp on my Linux mint 15 based on ubuntu 12.04.

I followed your installation guide and got two problems.

1. While logging in, "Enable cookie message" even when cookies are enabled. Somehow this goes away if you type the URL again and press enter.
2. If I try to create a new user, I get this error
   "Database error while selecting people (select u.contactId, u.contactId as paperId, firstName, lastName, email, affiliation, roles, contactTags, voicePhoneNumber, u.collaborators, lastLogin, disabled, visits, note, group_concat(PaperConflict.paperId) as paperIds from ContactInfo u left join PaperConflict on (PaperConflict.contactId=u.contactId and PaperConflict.conflictType>=9) group by u.contactId order by lastName, firstName, email): Unknown column 'note' in 'field list'"

I did run createdb.sh before launching hotcrp. I also checked schema.sql in lib folder. It's missing the column 'note' in ContactInfo table.

If you haven't updated schema.sql, let me know the variable type and other contraints you might have set for that column 'note'.

—Don't set a limit on votes, instead report when someone is over
—Or maybe remove votes altogether!

Hello,
it looks like 89eddf3 introduced a bug in the "grace period" feature. We just got hit by this for the ACM COSN conference (https://hotcrp.cosn2015.com/.), running v2.94. Fix is as follows (I don't have time to do proper pull request, etc.)

diff --git a/src/conference.php b/src/conference.php
index de01227..f9a9724 100644
--- a/src/conference.php
+++ b/src/conference.php
@@ -984,7 +984,7 @@ class Conference {
             return false;
         $t = @$this->settings[$name2];
         if ($t !== null && $t > 0 && $grace && ($g = @$this->settings[$grace]))
-            $t += $grace;
+            $t += $g;
         return $t === null || $t <= 0 || $t >= $Now;
     }

Behavior until now: $grace is a string, so whatever the grace period, nothing gets added to $t.

Let me know if you need more details. Best,
Lucas

While adding a comment to a review, HotCRP gave the following error and
cancelled the comment.

Database error while loading comments (select PaperComment.*,
firstName reviewFirstName, lastName reviewLastName, email reviewEmail
from PaperComment join ContactInfo on
(contactInfo.contactId=PaperComment.contactId) where commentId=15
order by commentId): Unknown column 'contactInfo.contactId' in 'on
clause'

I don't see anything in the apache error log, so I assume this was caught gracefully on line 1384 of conference.php.

When I try to click on user in 2.90 in order to give them PC access, I only get taken to my own users page, no matter who I click.

(There was also an issue with editing submission fields, where fields got reordered and sometimes the changes I made didn't stick after hitting "save" - maybe there's a more fundamental REST bug here somewhere?)

I can give you access to the installation, if that helps debugging.

One security-concious user just pointed out that the account creation email has a confirmation URL that is "http" even when the server runs "https", and that the password is transmitted in the clear.

Both would probably be good to fix at some point.

From Fred Douglis

Since 2.61 has issues with adding "Submission options" fields; any plans to release 2.90 soon-ish?

When searching papers on /search, no results are returned. For example:

http://sigcomm14.cs.washington.edu/search?t=s&q=re:katerina.argyraki%40epfl.ch

returns no results, when we know that it should.

After visiting that page, I see the following log message in /var/log/apache2/errors.log:

[Tue Feb 04 18:00:54 2014] [error] [client 67.168.73.228] PHP Fatal error:  Call to undefined method stdClass::contact_info() in /home/cs/hotcrp/src/contact.php on line 727

(Just did a git pull, and the problem still seems to be there)

Unless a score is mentioned.

Apologies if this is known/fixed; eyeballing this issue history I didn't see anything.

When I'm logged on and I'm trying to access a paper that I shouldn't, different error messages are returned depending on whether that paper exists. Given that paper IDs are sequential, this gives away the number of registered papers

For example, I can deduce that there are 301 registered papers to NSDI 2015:

Accessing https://nsdi15.usenix.hotcrp.com/paper/301:

You don’t have permission to view paper #301. Enter a paper number above, or list the papers you can view.

vs.

Accessing https://nsdi15.usenix.hotcrp.com/paper/302

No such paper #302. Enter a paper number above, or list the papers you can view.

Is this leaked information meaningful? I am not the one to judge.

[Sun Jan 19 11:26:38 2014] [error] [client 128.32.45.60] PHP Fatal error: Using $this when not in object context in /home/cs/hotcrp/mail.php on line 9, referer: http://sigcomm14.cs.washington.edu/index

No HTML is returned.

All other HotCRP pages seem to work.

My software versions:

cs@hydralisk:~/hotcrp$ git rev-parse HEAD
b5c10bc

cs@hydralisk:~/hotcrp$ php --version
PHP 5.3.10-1ubuntu3.9 with Suhosin-Patch (cli) (built: Dec 12 2013 04:27:25)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies

Apache/2.2.22 (Ubuntu)

cs@hydralisk:~/hotcrp$ uname -a
Linux hydralisk 3.2.0-58-generic #88-Ubuntu SMP Tue Dec 3 17:37:58 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

cs@hydralisk:~/hotcrp$ apachectl -t -D DUMP_MODULES
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
mime_module (shared)
negotiation_module (shared)
php5_module (shared)
proxy_module (shared)
python_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
ssl_module (shared)
status_module (shared)
userdir_module (shared)
Syntax OK

Thanks!

I find that when I review, I notice a correlation between paper numbering and paper quality: low-numbered papers tend to be those which have been previously rejected from other venues, and which are being resubmitted with only minor revisions. High-numbered papers tend to be those which were revised right up to the deadline.

There's no real reason to tell the program committee this information: just as we can review papers without knowing authors' identities and affiliations, we can review papers without guessing about the writing process so much.

Solutions here could include assigning a random identifier to each paper as it arrives, or shuffling the order of the papers before assigning them to reviewers.

This is a feature request. There's nothing more invigorating than logging in and seeing that a reviewer has changed the score on a submitted review. Do I, as the author, deserve notification when that happens? I think so.

If you agree that this is a reasonable idea: consider also that the chair might like to turn off score-change notifications for the PC discussion/meeting period so that authors don't get to see last-minute score churn (which happens).

Don’t use Tagger, instead use the Assignment stuff. Add separate permissions calls for adding and removing tags.

Hi,
we found a bug that when I add a 'checkbox' to the submission form to ask the authors/confirm something this checkbox cannot be unchecked once it was saved to the database.
In fact this seems to be due to the way html forms are posted: unset checkboxes are removed from the post data - thus htcrp assumes the old value.

Hotfix: Change the Checkbox to a Dropdown with default No and second selection Yes. The Database will store the value 1 for the field if the checkbox was set and the dropdown will then show YES for value 1 and No for value 0 (unchecked).

to recreate:

• fresh install
• log out
• attempt password reset
• click link
• link is fully formed in address bar (includes capability string)
• try to create new custom or use random password
• click reset password
• receive "You didn’t enter the full password reset link into your browser." error, password has not been changed

I'm seeing a fatal error:

[Wed Feb 05 13:51:40 2014] [error] [client 130.132.173.91] PHP Fatal error:  Call to a member function timeAuthorViewReviews() on a non-object in /home/cs/hotcrp/src/paperlist.php on line 903, referer: http://sigcomm14.cs.washington.edu/index

The same line of code is crashing from multiple referers. One of the consequences seems to be that some author's "Submitted papers" list are showing up as empty.

Not a big deal, just a heads up.

In a hotcrp instance, I've submitted 2-3 test papers. If I go to "Assign Reviews" -> "Manual" (tab), I get the following extra lines on my page.

Assignments for
Notice: Undefined offset: 1 in /home/aashish/Documents/hotcrp-master/manualassign.php on line 147

Notice: Undefined offset: 1 in /home/aashish/Documents/hotcrp-master/manualassign.php on line 147

Notice: Trying to get property of non-object in /home/aashish/Documents/hotcrp-master/manualassign.php on line 147

Is this normal? Should I be following a different procedure to manual assign reviewers?

For their managed papers only.

who are not authors

I'm trying to configure hotcrp to use ldap authentication. However, I'm unable to sign in or add any users getting an error. "Database error while adding your account". It appears when I authenticate with an ldap username, hotcrp then tries to validate that username as an email address while adding the account and then promptly fails.

I tracked this down to lib/login.php: line 137

       if (!($user = Contact::find_by_email($_REQUEST["email"], $reg)))
            return $Conf->errorMsg($Conf->db_error_html(true, "while adding your account"));

Where $_REQUEST["email"] is the username entered on the sign in page.

find_by_email is failing in src/contact.php: line 859

   if (!$reg || !validate_email($email))
        return null;

validate_email is failing because it's taking an ldap username and trying to validate it as an email address.

$_REQUEST["preferredEmail"] contains the proper email address from the mail attribute in the ldap entry which I think find_by_email was expecting.

If you have any questions or need more details, please let me know.

The help text for formulas, eg at https://pldi15.hotcrp.com/help/formulas, says that equality testing is == but the actual syntax seems to be =.

The first screenshot is the dates which are already in the system while editing them.

After saving, the deadlines become.

The timezone in options.php is set to Asia/Kolkata. Unless, I'm doing something wrong, this should be a bug.

Please advise.

Once use case for HotCRP is the hybrid conference/journal model (e.g. VLDB, EVT/WOTE, PETS). Here there's one mainly static program committee, with each issue being a "conference" in HotCRP's multi-conference model.

It would help here if the PC from one issue could be moved to the next. I did this through the following SQL, but it's a bit of a hack. This also doesn't migrate conference settings because I wasn't sure what items in the Settings table was safe to copy over. I presume both conferences need the same passwordHmacKey to make this work.

First get a list of the contactId's for PC members, Chairs, and Sysadmins:

SELECT GROUP_CONCAT(contactId) FROM (SELECT contactId from Chair UNION DISTINCT SELECT contactId from ChairAssistant UNION DISTINCT SELECT contactId FROM PCMember) AS T GROUP BY NULL;

which returns something like:

1,2,4,5,6,7

Then dump the tables which you want to copy all of:

mysqldump OLD_DATABASE Chair ChairAssistant TopicArea PCMember > DUMPFILE

Then dump the information needed just for the selected contactId's:

mysqldump -w "contactId IN (1,2,4,5,6,7,...)" OLD_DATABASE ContactInfo TopicInterest >> DUMPFILE

Then restore the tables in a freshly created conference:

mysql NEW_DATABASE < DUMPFILE

Line breaks are ignored in multi-line comments/responses when counting words. For example, the following comments is considered as a single word comment:

first-line
second-line

This happens only in PHP not in JavaScript.