function decryptData($crypttext, $key, $txt = '')
{
$crypttext = base64_decode($crypttext);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$test1 = '';
$test2 = 'x';
$clen = strlen($crypttext);
if ($clen > $iv_size) {
$iv = substr($crypttext, $clen - $iv_size, $iv_size);
$crypttext = substr($crypttext, 0, $clen - $iv_size);
$key = myhash($key . "123456789012345678901234567890");
// . myhash($key);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key), 0, 32), $crypttext, MCRYPT_MODE_CBC, $iv);
$pos = strrpos($decrypttext, "#");
$iscompressed = false;
if (substr($decrypttext, $pos - 1, 1) == '@') {
$iscompressed = true;
}
$ll = strlen(myshorthash("x"));
$test2 = substr($decrypttext, $pos - 1 - $ll, $ll);
$decrypttext = substr($decrypttext, 0, $pos - 1 - $ll);
$test1 = myshorthash($decrypttext);
}
if ($test1 != $test2) {
if ($txt == '') {
MSGError("Decryption error -- contact an admin now (" . getFunctionName() . ")");
}
// LogError("Decryption error -- contact an admin, possibly password wrong (" . getFunctionName() .",$txt)");
return "";
}
if ($iscompressed) {
return unzipstr($decrypttext);
}
return $decrypttext;
}
function zipstr($str)
{
if (!function_exists('gzcompress')) {
MSGError("Compression error -- zlib not installed (" . getFunctionName() . ")");
LogError("Compression error -- zlib not installed (" . getFunctionName() . ")");
}
return gzcompress($str . '#' . myshorthash($str));
}
header("Content-Disposition: attachment; filename=" . basename($dir . '.zip'));
ob_end_flush();
echo $str;
exit;
} else {
@unlink($tfile);
ob_end_flush();
MSGError('Could not write to temporary directory');
}
}
ForceLoad('problem.php');
}
if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") {
if (strpos(trim($_POST["problemname"]), ' ') !== false) {
$_POST["confirmation"] = '';
MSGError('Problem short name cannot have spaces');
} else {
if ($_POST["confirmation"] == "confirm") {
if ($_FILES["probleminput"]["name"] != "") {
$type = myhtmlspecialchars($_FILES["probleminput"]["type"]);
$size = myhtmlspecialchars($_FILES["probleminput"]["size"]);
$name = myhtmlspecialchars($_FILES["probleminput"]["name"]);
$temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]);
if (!is_uploaded_file($temp)) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
} else {
$name = "";
}
$param = array();
}
}
if (isset($_POST["open"]) && $_POST["open"] == "Open selected runs for rejudging") {
DBGiveUpRunAutojudging($_SESSION["usertable"]["contestnumber"], $run[$i]["site"], $run[$i]["number"]);
if (DBChiefRunGiveUp($run[$i]["number"], $run[$i]["site"], $_SESSION["usertable"]["contestnumber"])) {
$nreopen++;
}
}
}
}
if ($nrenew > 0) {
MSGError($nrenew . " runs renewed for autojudging.");
ForceLoad($runphp);
}
if ($nreopen > 0) {
MSGError($nreopen . " runs reopened.");
ForceLoad($runphp);
}
}
for ($i = 0; $i < count($run); $i++) {
if ($run[$i]["answer1"] != 0 && $run[$i]["answer2"] != 0 && $run[$i]["status"] != "judged") {
if ($runphp == "runchief.php") {
echo " <tr bgcolor=\"ff0000\">\n";
} else {
echo "<tr>\n";
}
echo " <td nowrap bgcolor=\"ff0000\">";
} else {
echo " <tr><td nowrap>";
}
echo "<input type=\"checkbox\" name=\"cbox_" . $run[$i]["number"] . "_" . $run[$i]["site"] . "\" />";
$number = myhtmlspecialchars($_POST["number"]);
// $notuser = myhtmlspecialchars($_POST["notifyuser"]);
// $updscore = myhtmlspecialchars($_POST["updatescore"]);
DBUpdateRun($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $answer);
//, $notuser, $updscore);
}
ForceLoad("run.php");
}
if (!isset($_GET["runnumber"]) || !isset($_GET["runsitenumber"]) || !is_numeric($_GET["runnumber"]) || !is_numeric($_GET["runsitenumber"])) {
IntrusionNotify("tried to open the judge/runedit.php with wrong parameters.");
ForceLoad("run.php");
}
$runsitenumber = myhtmlspecialchars($_GET["runsitenumber"]);
$runnumber = myhtmlspecialchars($_GET["runnumber"]);
if (($a = DBGetRunToAnswer($runnumber, $runsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) {
MSGError("Another judge got it first.");
ForceLoad("run.php");
}
$b = DBGetProblemData($_SESSION["usertable"]["contestnumber"], $a["problemnumber"]);
?>
<br><br><center><b>Use the following fields to judge the run:
</b></center>
<form name="form1" method="post" action="runedit.php">
<input type=hidden name="confirmation" value="noconfirm" />
<center>
<table border="1">
<tr>
<td width="27%" align=right><b>Site:</b></td>
<td width="83%">
<input type=hidden name="sitenumber" value="<?php
echo $a["sitenumber"];
function DBNewUser($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['user'])) {
$param['user'] = $param['number'];
}
$ac = array('contest', 'site', 'user');
$ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra');
$typei['contest'] = 1;
$typei['updatetime'] = 1;
$typei['site'] = 1;
$typei['user'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewUser param error: {$key} not found");
return false;
}
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$username = "******" . $user;
$updatetime = -1;
$pass = null;
$usericpcid = '';
$userfull = '';
$userdesc = '';
$type = 'team';
$enabled = 'f';
$changepass = '******';
$multilogin = '******';
$permitip = '';
$usersession = null;
$usersessionextra = null;
$userip = null;
$userlastlogin = null;
$userlastlogout = null;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
}
}
$t = time();
if ($updatetime <= 0) {
$updatetime = $t;
}
if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") {
$type = "team";
}
if ($type == "admin") {
$changepass = "******";
}
if ($enabled != "f") {
$enabled = "t";
}
if ($multilogin != "t") {
$multilogin = "******";
}
if ($changepass != "t") {
$changepass = "******";
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewUser(begin)");
}
DBExec($c, "lock table usertable", "DBNewUser(lock)");
$r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)");
$n = DBnlines($r);
if ($n == 0) {
DBExec($c, "rollback work", "DBNewUser(no-site)");
MSGError("DBNewUser param error: site {$site} does not exist");
return false;
}
if ($pass != myhash("") && $type != "admin" && $changepass != "t") {
$pass = '******' . $pass;
}
$r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)");
$n = DBnlines($r);
$ret = 1;
if ($n == 0) {
$sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}";
$a = DBGetRow($sql, 0, $c);
if ($a == null) {
$ret = 2;
$sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}";
$aa = DBGetRow($sql, 0);
if ($aa == null) {
DBExec($c, "rollback work");
MSGError("Site {$site} does not exist");
return false;
}
$sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')";
DBExec($c, $sql, "DBNewUser(insert)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2);
} else {
if ($updatetime > $a['updatetime']) {
$ret = 2;
$sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', ";
if ($pass != null && $pass != myhash("")) {
$sql .= "userpassword='******', ";
}
if ($usersession != null) {
$sql .= "usersession='{$usersession}', ";
}
if ($usersessionextra != null) {
$sql .= "usersessionextra='{$usersessionextra}', ";
}
if ($userip != null) {
$sql .= "userip='{$userip}', ";
}
if ($userlastlogin != null) {
$sql .= "userlastlogin='******', ";
}
if ($userlastlogout != null) {
$sql .= "userlastlogout='{$userlastlogout}', ";
}
$sql .= "userenabled='{$enabled}', usermultilogin='******'";
$sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
$r = DBExec($c, $sql, "DBNewUser(update)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2);
}
}
} else {
DBExec($c, "rollback work");
LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1);
MSGError("Update problem for user {$user}, site {$site} (maybe username already in use).");
return false;
}
return $ret;
}
//INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
//PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER
//OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR
//CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
//PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
//OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
///////////////////////////////////////////////////////////////////////////////////////////
// created 14/June/2011 by cassio@ime.usp.br
require 'header.php';
if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) {
ForceLoad("../index.php");
}
if (($st = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"])) == null) {
ForceLoad("../index.php");
}
$fn = tempnam("/tmp", "bkp-");
$fout = fopen($fn, "wb");
echo $_POST;
echo $_POST['data'];
fwrite($fout, base64_decode($_POST['data']));
fclose($fout);
$size = filesize($fn);
$name = $_POST['name'];
if ($size > $ct["contestmaxfilesize"] || strlen($name) > 100 || strlen($name) < 1) {
LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . ":{$name}: with {$size} bytes.", 1);
MSGError("File size exceeds the limit allowed or invalid name.");
} else {
DBNewBkp($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $name, $fn, $size);
}
@unlink($fn);
ForceLoad("../index.php");
break;
}
if (isset($param['unlockkey']) && $param['unlockkey'] != '') {
$pass = decryptData(substr($key, 15), $param['unlockkey'], 'includekeys');
if (substr($pass, 0, 5) != '#####') {
MSGError('Invalid key in the file -- not importing any keys');
$dd = 0;
break;
}
}
$ar[$val] = $key;
$dd++;
}
if ($dd > 0) {
$param['keys'] = implode(',', $ar);
MSGError(count($ar) . ' keys are being imported from the file');
DBClearProblemTmp($_SESSION["usertable"]["contestnumber"]);
}
}
$param['atualizasites'] = $at;
}
DBUpdateContest($param);
if (strlen($param['unlockkey']) > 1) {
DBClearProblemTmp($_SESSION["usertable"]["contestnumber"]);
DBGetFullProblemData($_SESSION["usertable"]["contestnumber"], true);
}
}
ForceLoad("contest.php");
}
?>
<br>
$param['site'] = $_SESSION["usertable"]["usersitenumber"];
$param['user'] = $_SESSION["usertable"]["usernumber"];
$param['desc'] = "Staff assistance";
DBNewTask($param);
}
ForceLoad("task.php");
}
if (isset($_FILES["filename"]) && isset($_POST["Submit"]) && $_FILES["filename"]["name"] != "") {
if ($_POST["confirmation"] == "confirm") {
$type = myhtmlspecialchars($_FILES["filename"]["type"]);
$size = myhtmlspecialchars($_FILES["filename"]["size"]);
$name = myhtmlspecialchars($_FILES["filename"]["name"]);
$temp = myhtmlspecialchars($_FILES["filename"]["tmp_name"]);
if ($size > $ct["contestmaxfilesize"]) {
LOGLevel("User {$_SESSION["usertable"]["username"]} tried to print file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1);
MSGError("File size exceeds the limit allowed.");
ForceLoad("task.php");
}
if (!is_uploaded_file($temp)) {
IntrusionNotify("Printing file upload problem");
ForceLoad("../index.php");
}
$param['contest'] = $_SESSION["usertable"]["contestnumber"];
$param['site'] = $_SESSION["usertable"]["usersitenumber"];
$param['user'] = $_SESSION["usertable"]["usernumber"];
$param['desc'] = "File to print";
$param['filename'] = $name;
$param['filepath'] = $temp;
DBNewTask($param);
}
ForceLoad("task.php");
function DBNewProblem($contestnumber, $param, $c = null)
{
if (isset($param["action"]) && $param["action"] == "delete") {
return DBDeleteProblem($contestnumber, $param);
}
$ac = array('number', 'name');
$type['number'] = 1;
$type['updatetime'] = 1;
$ac1 = array('colorname', 'fake', 'color', 'updatetime', 'fullname', 'basename', 'inputfilename', 'inputfilepath');
$colorname = '';
$color = '';
$fake = 'f';
foreach ($ac as $key) {
if (!isset($param[$key])) {
MSGError("DBNewProblem param error: {$key} is not set");
return false;
}
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewProblem param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$basename = '';
$inputfilename = '';
$inputfilepath = '';
$fullname = '';
$updatetime = -1;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewProblem param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
}
$t = time();
if ($updatetime <= 0) {
$updatetime = $t;
}
$inputhash = '';
$sql2 = "select * from problemtable where contestnumber={$contestnumber} and problemnumber={$number} for update";
// "select * from problemtable where contestnumber=$contestnumber and problemnumber=$number " .
// "and probleminputfilename='$inputfilename'";
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewProblem(transaction)");
}
$r = DBExec($c, $sql2, "DBNewProblem(get problem for update)");
$n = DBnlines($r);
$ret = 1;
$oldfullname = '';
$deservesupdatetime = false;
if ($n == 0) {
DBExec($c, "insert into problemtable (contestnumber, problemnumber, problemname, problemcolor) values " . "({$contestnumber}, {$number}, '{$name}','-1')", "DBNewProblem(insert problem)");
$deservesupdatetime = true;
$s = "created";
} else {
$lr = DBRow($r, 0);
$t = $lr['updatetime'];
$oldfullname = $lr['problemfullname'];
$s = "updated";
$inputhash = $lr['probleminputfilehash'];
}
if ($s == "created" || $updatetime > $t) {
if (substr($inputfilepath, 0, 7) != "base64:") {
if ($inputfilepath != "") {
$hash = myshorthash(file_get_contents($inputfilepath));
if ($hash != $inputhash) {
$oldoid = '';
if (isset($lr)) {
$oldoid = $lr['probleminputfile'];
}
if (($oid1 = DB_lo_import($c, $inputfilepath)) === false) {
DBExec($c, "rollback work", "DBNewProblem(rollback-input)");
LOGError("Unable to create a large object for file {$inputfilename}.");
MSGError("problem importing file to database. See log for details!");
exit;
}
if ($oldoid != '') {
DB_lo_unlink($c, $oldoid);
}
$inputhash = DBcrc($contestnumber, $oid1, $c);
} else {
$oid1 = $lr['probleminputfile'];
}
}
} else {
$inputfilepath = base64_decode(substr($inputfilepath, 7));
$hash = myshorthash($inputfilepath);
if ($hash != $inputhash) {
$oldoid = '';
if (isset($lr)) {
$oldoid = $lr['probleminputfile'];
}
if (($oid1 = DB_lo_import_text($c, $inputfilepath)) == null) {
DBExec($c, "rollback work", "DBNewProblem(rollback-i-import)");
LOGError("Unable to import the large object for file {$inputfilename}.");
MSGError("problem importing file to database. See log for details!");
exit;
}
if ($oldoid != '') {
DB_lo_unlink($c, $oldoid);
}
$inputhash = DBcrc($contestnumber, $oid1, $c);
} else {
$oid1 = $lr['probleminputfile'];
}
}
if ($name != "") {
DBExec($c, "update problemtable set problemname='{$name}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update name)");
}
if ($fullname != "" || strpos($oldfullname, '(DEL)') !== false) {
$deservesupdatetime = true;
DBExec($c, "update problemtable set problemfullname='{$fullname}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update fullname)");
}
if ($basename != "") {
$deservesupdatetime = true;
DBExec($c, "update problemtable set problembasefilename='{$basename}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update basename)");
}
if ($colorname != "") {
DBExec($c, "update problemtable set problemcolorname='{$colorname}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update colorname)");
}
if ($color != "") {
DBExec($c, "update problemtable set problemcolor='{$color}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update color)");
}
if ($inputfilename != "") {
$deservesupdatetime = true;
DBExec($c, "update problemtable set probleminputfilename='{$inputfilename}' where " . "contestnumber={$contestnumber} and problemnumber={$number} ", "DBNewProblem(update inputfilename)");
}
if ($inputfilepath != "") {
$deservesupdatetime = true;
DBExec($c, "update problemtable set probleminputfile={$oid1},probleminputfilehash='{$inputhash}' where contestnumber={$contestnumber} and " . "problemnumber={$number} ", "DBNewProblem(update inputfile)");
}
if ($fake == "t") {
$deservesupdatetime = true;
DBExec($c, "update problemtable set fake='{$fake}' where contestnumber={$contestnumber} and " . "problemnumber={$number}", "DBNewProblem(update fake)");
}
if ($deservesupdatetime) {
$ds = DIRECTORY_SEPARATOR;
if ($ds == "") {
$ds = "/";
}
@unlink($_SESSION["locr"] . $ds . "private" . $ds . "problemtmp" . $ds . "contest" . $contestnumber . "-problem" . $number . '.name');
DBExec($c, "update problemtable set updatetime=" . $updatetime . " where contestnumber={$contestnumber} and problemnumber={$number}", "DBNewProblem(time)");
}
if ($cw) {
DBExec($c, "commit work", "DBNewProblem(commit)");
}
LOGLevel("Problem {$number} (inputfile={$inputfilename}) {$s} (user="******"usertable"]["usernumber"] . ",site=" . $_SESSION["usertable"]["usersitenumber"] . ",contest={$contestnumber})", 2);
$ret = 2;
} else {
if ($cw) {
DBExec($c, "commit work", "DBNewProblem(commit)");
}
}
return $ret;
}
function DBNewBkp($contest, $site, $user, $filename, $filepath, $size)
{
$c = DBConnect();
DBExec($c, "begin work", "DBNewBkp(transaction)");
DBExec($c, "lock table bkptable");
$sql = "select count(*) as n from " . "bkptable where sitenumber={$site} and contestnumber={$contest} and usernumber={$user} and bkpstatus='active'";
$r = DBExec($c, $sql, "DBNewBkp(get bkp of user)");
if (DBnlines($r) != 1) {
DBExec($c, "rollback work", "DBNewBkp(rollback-toomanyerror)");
LOGError("Error in bkp table. SQL=(" . $sql . ")");
MSGError("Error in bkp table.");
exit;
}
$a = DBRow($r, 0);
if ($a['n'] > 100) {
DBExec($c, "rollback work", "DBNewBkp(rollback-toomany)");
LOGError("Too many bkps from user={$user}, site={$site}, contest={$contest}.", 2);
MSGError("Too many bkp files. Try remove some of them before uploading another.");
return false;
}
$sql = "select max(bkpnumber) as nextbkp from " . "bkptable where sitenumber={$site} and contestnumber={$contest}";
$r = DBExec($c, $sql, "DBNewBkp(get bkp for update)");
if (DBnlines($r) != 1) {
DBExec($c, "rollback work", "DBNewBkp(rollback-max)");
LOGError("Error in bkp table. SQL=(" . $sql . ")");
MSGError("Error in bkp table.");
exit;
}
$a = DBRow($r, 0);
$t = time();
$n = $a["nextbkp"] + 1;
if (($oid = DB_lo_import($c, $filepath)) === false) {
DBExec($c, "rollback work", "DBNewBkp(rollback-import)");
LOGError("Unable to create a large object for file {$filepath}.");
MSGError("problem importing bkp to database. Contact an admin now!");
exit;
}
DBExec($c, "INSERT INTO bkptable (contestnumber, sitenumber, bkpnumber, usernumber, bkpdate, bkpfilename, bkpdata, bkpstatus, bkpsize) " . "VALUES ({$contest}, {$site}, {$n}, {$user}, {$t}, '{$filename}', {$oid}, 'active', {$size})", "DBNewBkp(insert bkp)");
DBExec($c, "commit work", "DBNewBkp(commit)");
LOGLevel("User {$user} submitted a bkp (#{$n}) on site #{$site} " . "(filename={$filename}, contest={$contest}).", 2);
/* // isso gera problemas de portabilidade e de seguranca (quando outros usuarios tambem tem shell
// no servidor e podem construir paginas web. Eles podem usar essas paginas para acessar esses arquivos,
// pois os mesmos ficaram com dono apache/www-data/etc)
umask(0077);
@mkdir("/tmp/boca");
if (!move_uploaded_file ($filepath,
"/tmp/boca/contest${contest}.site${site}.run${n}.user${user}.problem${problem}.time${t}.${filename}"))
LOGLevel("Run not saved as file (run=$n,site=$site,contest=$contest", 1);
*/
}
@unlink($dir . '.zip');
@unlink($tfile);
header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-transfer-encoding: binary\n");
header("Content-type: application/force-download");
header("Content-Disposition: attachment; filename=" . basename($dir . '.zip'));
ob_end_flush();
echo $str;
exit;
} else {
@unlink($tfile);
ob_end_flush();
MSGError('Could not write to temporary directory');
}
}
ForceLoad('problem.php');
}
if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") {
if ($_POST["confirmation"] == "confirm") {
if ($_FILES["probleminput"]["name"] != "") {
$type = myhtmlspecialchars($_FILES["probleminput"]["type"]);
$size = myhtmlspecialchars($_FILES["probleminput"]["size"]);
$name = myhtmlspecialchars($_FILES["probleminput"]["name"]);
$temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]);
if (!is_uploaded_file($temp)) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
function DBNewAnswer($contest, $param, $c = null)
{
if (isset($param["action"]) && $param["action"] == "delete") {
return DBDeleteAnswer($contestnumber, $param, $c);
}
$ac = array('number', 'name', 'yes');
$type['number'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key])) {
MSGError("DBNewAnswer param error: {$key} is not set");
return false;
}
${$key} = sanitizeText($param[$key]);
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewAnswer param error: {$key} is not numeric");
return false;
}
}
$t = time();
$updatetime = $t;
if (isset($param['updatetime']) && is_numeric($param["updatetime"])) {
$updatetime = $param["updatetime"];
}
if ($yes != "t") {
$y = "f";
} else {
$y = "t";
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewAnswer(transaction)");
}
$r = DBExec($c, "select * from answertable as a where a.contestnumber={$contest} and a.answernumber={$number} for update", "DBNewAnswer(get answer)");
$n = DBnlines($r);
$ret = 1;
if ($n == 0) {
$ret = 2;
DBExec($c, "insert into answertable (contestnumber, answernumber, runanswer, yes, updatetime) values " . "({$contest}, {$number}, '{$name}', '{$y}', {$t})", "DBNewAnswer(insert answer)");
if ($cw) {
DBExec($c, "commit work", "DBNewAnswer(commit)");
}
LOGLevel("Answer {$number} inserted (contest={$contest},user="******"usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")", 2);
} else {
$lr = DBRow($r, 0);
if ($updatetime > $lr['updatetime']) {
$ret = 2;
DBExec($c, "update answertable set runanswer='{$name}', yes='{$y}', updatetime=" . $updatetime . " where " . "contestnumber={$contest} and answernumber={$number} and fake='f'", "DBNewAnswer(update answer)");
if ($cw) {
DBExec($c, "commit work", "DBNewAnswer(commit)");
}
LOGLevel("Answer {$number} updated (contest={$contest},user="******"usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")", 2);
} else {
if ($cw) {
DBExec($c, "commit work", "DBNewAnswer(commit)");
}
}
}
return $ret;
}
}
cleardir($webcastdir);
@mkdir($webcastdir);
if (is_writable($webcastdir)) {
file_put_contents($webcastdir . $ds . 'runs', $runfile);
file_put_contents($webcastdir . $ds . 'contest', $contestfile);
file_put_contents($webcastdir . $ds . 'version', $versionfile);
file_put_contents($webcastdir . $ds . 'time', $timefile);
if (@create_zip($webcastparentdir, array('webcast'), $webcastdir . ".tmp") != 1) {
LOGError("Cannot create score webcast.tmp file");
MSGError("Cannot create score webcast.tmp file");
} else {
$cf = globalconf();
file_put_contents($webcastdir . ".tmp", encryptData(file_get_contents($webcastdir . ".tmp"), $cf["key"], false));
@rename($webcastdir . ".tmp", $webcastdir . '.zip');
}
echo "<br><br><br><center>";
echo "<a href=\"{$locr}/filedownload.php?" . filedownload(-1, $webcastdir . '.zip') . "\">CLICK TO DOWNLOAD</a>";
echo "</center>";
} else {
LOGError('Error creating the folder for the ZIP file: ' . $webcastdir);
MSGError('Error creating the folder for the ZIP file: ' . $webcastdir);
ForceLoad("../index.php");
}
echo "<br><br><br>\n";
echo "<br><br><br>\n";
echo "<br><br><br>\n";
echo "<br><br><br>\n";
echo "<br><br><br>\n";
echo "<br><br><br>\n";
include "{$locr}/footnote.php";
function IntrusionNotify($where)
{
$msg = "Security Violation: {$where}";
if (isset($_SESSION["usertable"]["username"])) {
$msg .= " (" . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")";
}
unset($_SESSION["usertable"]);
LOGLevel($msg, 1);
MSGError("Violation ({$where}). Admin warned.");
}
$param['duration'] = $_POST["duration"] * 60;
$param['lastmileanswer'] = $_POST["lastmileanswer"] * 60;
$param['lastmilescore'] = $_POST["lastmilescore"] * 60;
$param['penalty'] = $_POST["penalty"] * 60;
$param['maxfilesize'] = $_POST["maxfilesize"] * 1000;
$param['active'] = $ac;
$param['mainsite'] = $_POST["mainsite"];
$param['localsite'] = $_POST["localsite"];
$param['mainsiteurl'] = $_POST["mainsiteurl"];
DBUpdateContest($param);
if ($ac == 1 && $_POST["contest"] != $_SESSION["usertable"]["contestnumber"]) {
$cf = globalconf();
if ($cf["basepass"] == "") {
MSGError("You must log in the new contest. The standard admin password is empty (if not changed yet).");
} else {
MSGError("You must log in the new contest. The standard admin password is " . $cf["basepass"] . " (if not changed yet).");
}
ForceLoad("../index.php");
}
}
ForceLoad("contest.php?contest=" . $_POST["contest"]);
}
?>
<br>
<form name="form1" enctype="multipart/form-data" method="post" action="contest.php">
<input type=hidden name="confirmation" value="noconfirm" />
<script language="javascript">
function conf() {
if (confirm("Confirm?")) {
document.form1.confirmation.value='confirm';
function DBNewLanguage($contestnumber, $param, $c = null)
{
if (isset($param["action"]) && $param["action"] == "delete") {
return DBDeleteLanguage($contestnumber, $param, $c);
}
$ac = array('number', 'name');
$ac1 = array('updatetime', 'extension');
$type['number'] = 1;
$type['updatetime'] = 1;
$extension = '';
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewLanguage param error: {$key} not found");
return false;
}
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewLanguage param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$updatetime = -1;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewLanguage param error: {$key} is not numeric");
return false;
}
}
}
$t = time();
if ($updatetime <= 0) {
$updatetime = $t;
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewLanguage(transaction)");
}
$sql2 = "select * from langtable where contestnumber={$contestnumber} and langnumber={$number}";
$r = DBExec($c, $sql2 . " for update", "DBNewLanguage(get lang)");
$n = DBnlines($r);
$ret = 1;
if ($n == 0) {
DBExec($c, "insert into langtable (contestnumber,langnumber, langname,langextension) values " . "({$contestnumber}, {$number}, '{$name}','{$extension}')", "DBNewLanguage(insert lang)");
$s = "created";
} else {
$lr = DBRow($r, 0);
$t = $lr['updatetime'];
if ($updatetime > $t) {
if ($name != "") {
DBExec($c, "update langtable set langname='{$name}', updatetime={$updatetime} where contestnumber={$contestnumber} " . "and langnumber={$number}", "DBNewLanguage(update lang)");
}
if ($extension != "") {
DBExec($c, "update langtable set langextension='{$extension}', updatetime={$updatetime} where contestnumber={$contestnumber} " . "and langnumber={$number}", "DBNewLanguage(update lang)");
}
}
$s = "updated";
}
if ($cw) {
DBExec($c, "commit work", "DBNewLanguage(commit)");
}
if ($s == "created" || $updatetime > $t) {
LOGLevel("Language {$number} updated (user="******"usertable"]["usernumber"] . ",site=" . $_SESSION["usertable"]["usersitenumber"] . ",contest={$contestnumber})", 2);
$ret = 2;
}
return $ret;
}
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
// Last modified 05/aug/2012 by cassio@ime.usp.br
require 'header.php';
if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) {
ForceLoad("{$loc}/index.php");
}
if (isset($_GET["delete"]) && is_numeric($_GET["delete"])) {
$param["number"] = $_GET["delete"];
if (!DBDeleteAnswer($_SESSION["usertable"]["contestnumber"], $param)) {
MSGError('Error deleting answer');
LogError('Error deleting answer');
}
ForceLoad("answer.php");
}
if (isset($_POST["Submit3"]) && isset($_POST["answernumber"]) && is_numeric($_POST["answernumber"]) && isset($_POST["answername"]) && $_POST["answername"] != "" && isset($_POST["answeryes"])) {
if ($_POST["confirmation"] == "confirm") {
$param["number"] = $_POST["answernumber"];
$param["name"] = $_POST["answername"];
$param["yes"] = $_POST["answeryes"];
DBNewAnswer($_SESSION["usertable"]["contestnumber"], $param);
}
ForceLoad("answer.php");
}
?>
<br>
}
}
$strtmp .= " <td nowrap>" . $score[$e]["totalcount"] . " (" . $score[$e]["totaltime"] . ")</td>\n";
$strtmp .= " </tr>\n";
$n++;
}
}
$strtmp .= "</table>";
if ($n == 0) {
$strtmp .= "<br><center><b><font color=\"#ff0000\">SCOREBOARD IS EMPTY</font></b></center>";
} else {
if (!$des) {
if ($level > 0) {
$strtmp .= "<br><font color=\"#ff0000\">P.S. Problem names are hidden.</font>";
} else {
$strtmp .= "<br><font color=\"#ff0000\">P.S. Problem data are hidden.</font>";
}
}
}
$conf = globalconf();
$strtmp = "<!-- " . time() . " --> <?php exit; ?>\n" . encryptData($strtmp, $conf["key"], false);
if (file_put_contents($scoretmp, $strtmp, LOCK_EX) === FALSE) {
if ($_SESSION["usertable"]["usertype"] == 'admin') {
MSGError("Cannot write to the score cache file -- performance might be compromised");
}
LOGError("Cannot write to the " . $_SESSION["usertable"]["usertype"] . "-score cache file -- performance might be compromised");
}
$conf = globalconf();
$strtmp = decryptData(substr($strtmp, strpos($strtmp, "\n")), $conf["key"]);
}
echo $strtmp;
if ($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) {
if ($param['usernumber'] != 1000 && DBNewUser($param)) {
$oklines++;
} else {
unset($userlist[$param['site'] . '-' . $param['usernumber']]);
break;
}
}
}
}
MSGError($oklines . ' users included/updated successfully');
} else {
for ($i = 0; $i < count($ar) && strpos($ar[$i], "[user]") === false; $i++) {
}
if ($i >= count($ar)) {
MSGError('File format not recognized');
}
for ($i++; $i < count($ar) && $ar[$i][0] != "["; $i++) {
$x = trim($ar[$i]);
if (strpos($x, "user") !== false && strpos($x, "user") == 0) {
$param = array();
$param['changepass'] = '******';
while (strpos($x, "user") !== false && strpos($x, "user") == 0) {
$tmp = explode("=", $x, 2);
switch (trim($tmp[0])) {
case "usersitenumber":
$param['site'] = trim($tmp[1]);
break;
case "username":
$param['username'] = trim($tmp[1]);
break;
if ($size > $ct["contestmaxfilesize"]) {
LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1);
MSGError("File size exceeds the limit allowed.");
ForceLoad($runteam);
}
if (!is_uploaded_file($temp) || strlen($name) > 100) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
}
if (strpos($name, ' ') === true || strpos($temp, ' ') === true || strpos($name, '/') === true || strpos($temp, '/') === true || strpos($name, '`') === true || strpos($temp, '`') === true || strpos($name, '\'') === true || strpos($temp, '\'') === true || strpos($name, "\"") === true || strpos($temp, "\"") === true || strpos($name, '$') === true || strpos($temp, '$') === true) {
if (isset($_POST['name']) && $_POST['name'] != '') {
echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)";
exit;
}
MSGError("File name cannot contain spaces.");
ForceLoad($runteam);
}
$ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath');
$ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
$param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp);
if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') {
$pastcode = myhtmlspecialchars($_POST["pastcode"]);
if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) {
$pasthash = myhtmlspecialchars($_POST["pasthash"]);
$pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]);
$pastval = myhtmlspecialchars($_POST["pastval"]);
$pastabs = myhtmlspecialchars($_POST["pastabs"]);
if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) {
$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval);
if ($pastsubmission != $pastvalhash) {
function DBNewTask($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['tasknumber'])) {
$param['tasknumber'] = $param['number'];
}
$ac = array('contest', 'site', 'user', 'desc');
$ac1 = array('color', 'colorname', 'updatetime', 'filename', 'filepath', 'sys', 'tasknumber', 'status', 'taskdate', 'taskdatediff', 'taskdatediffans', 'taskstaffnumber', 'taskstaffsite');
$type['contest'] = 1;
$type['updatetime'] = 1;
$type['site'] = 1;
$type['user'] = 1;
$type['tasknumber'] = 1;
$type['taskdate'] = 1;
$type['taskdatediff'] = 1;
$type['taskdatediffans'] = 1;
$type['taskstaffnumber'] = 1;
$type['taskstaffsite'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewTask param error: {$key} not found");
return false;
}
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewTask param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$taskstaffnumber = -1;
$taskstaffsite = -1;
$t = time();
$taskdate = $t;
$sys = 'f';
$filename = '';
$filepath = '';
$color = '';
$colorname = '';
$tasknumber = -1;
$taskdatediffans = 999999999;
$updatetime = -1;
$status = 'opentask';
$taskdatediff = -1;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewTask param error: {$key} is not numeric");
return false;
}
}
}
if ($updatetime <= 0) {
$updatetime = $t;
}
if ($sys != 't') {
$sys = 'f';
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewTask(transaction)");
}
$insert = true;
if ($tasknumber < 0) {
$sql = "select sitenexttask as nexttask, sitemaxtask as maxtask from " . "sitetable where sitenumber={$site} and contestnumber={$contest} for update";
$r = DBExec($c, $sql, "DBNewTask(get site for update)");
if (DBnlines($r) != 1) {
DBExec($c, "rollback work", "DBNewTask(rollback-site)");
LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")");
MSGError("Unable to find a unique site/contest in the database.");
exit;
}
$a = DBRow($r, 0);
$b = DBSiteInfo($contest, $site, $c);
$dif = $b["currenttime"];
if ($taskdatediff < 0) {
$taskdatediff = $dif;
}
if ($sys != 't' && DBCountOpenTasks($contest, $site, $user) > $a["maxtask"]) {
DBExec($c, "rollback work", "DBNewTask(rollback-maxtask)");
LOGError("Too many open tasks for user={$user}, site={$site}, contest={$contest}");
MSGError("Too many open tasks! Task not included.");
exit;
}
if ($sys != 't' && $dif < 0) {
DBExec($c, "rollback work", "DBNewTask(rollback-started)");
LOGError("Tried to submit a task but the contest is not started. SQL=(" . $sql . ")");
MSGError("The contest is not started yet!");
exit;
}
if ($sys != 't' && !$b["siterunning"]) {
DBExec($c, "rollback work", "DBNewTask(rollback-over)");
LOGError("Tried to submit a task but the contest is over. SQL=(" . $sql . ")");
MSGError("The contest is over!");
exit;
}
$tasknumber = $a["nexttask"] + 1;
} else {
$sql = "select * from tasktable as t where t.contestnumber={$contest} and " . "t.sitenumber={$site} and t.tasknumber={$tasknumber}";
$r = DBExec($c, $sql . " for update", "DBNewTask(get task for update)");
$n = DBnlines($r);
if ($n > 0) {
$insert = false;
$lr = DBRow($r, 0);
$t = $lr['updatetime'];
}
}
DBExec($c, "update sitetable set sitenexttask={$tasknumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenexttask<{$tasknumber}", "DBNewTask(update site)");
$ret = 1;
if ($insert) {
if ($filename != "" && $filepath != "") {
if (substr($filepath, 0, 7) != "base64:") {
if (($oid = DB_lo_import($c, $filepath)) === false) {
DBExec($c, "rollback work", "DBNewTask(rollback-import)");
LOGError("DBNewTask: Unable to create a large object for file {$filepath}.");
MSGError("problem importing file to database. Contact an admin now!");
exit;
}
} else {
$filepath = base64_decode(substr($filepath, 7));
if (($oid = DB_lo_import_text($c, $filepath)) == null) {
DBExec($c, "rollback work", "DBNewTask(rollback-import)");
LOGError("DBNewTask: Unable to create a large object for file.");
MSGError("problem importing file to database. Contact an admin now!");
exit;
}
}
} else {
$oid = "NULL";
}
DBExec($c, "INSERT INTO tasktable (contestnumber, sitenumber, tasknumber, usernumber, taskdate, " . "taskdatediff, taskdatediffans, taskfilename, taskdata, taskstatus, taskdesc, tasksystem, " . "color, colorname, updatetime) " . "VALUES ({$contest}, {$site}, {$tasknumber}, {$user}, {$taskdate}, {$taskdatediff}, {$taskdatediffans}, '{$filename}', {$oid}, '{$status}', " . "'{$desc}', '{$sys}', '{$color}', '{$colorname}', {$updatetime})", "DBNewTask(insert task)");
if ($sys == "t") {
$u = "System";
} else {
$u = "User {$user}";
}
if ($cw) {
DBExec($c, "commit work", "DBNewTask(commit-insert)");
LOGLevel("{$u} submitted a task (#{$tasknumber}) on site #{$site} " . "(filename={$filename}, contest={$contest}).", 2);
}
$ret = 2;
} else {
if ($updatetime > $t) {
$ret = 2;
$sql = "update tasktable set usernumber={$user}, taskdesc='{$desc}', " . "color='{$color}',colorname='{$colorname}',taskstatus='{$status}',";
if ($taskstaffnumber > 0) {
$sql .= "taskstaffnumber={$taskstaffnumber}, ";
}
if ($taskstaffsite > 0) {
$sql .= "taskstaffsite={$taskstaffsite}, ";
}
$sql .= "taskdatediffans={$taskdatediffans}, updatetime={$updatetime} where " . "contestnumber={$contest} and sitenumber={$site} and tasknumber={$tasknumber}";
DBExec($c, $sql, "DBNewTask(update task)");
}
if ($cw) {
DBExec($c, "commit work", "DBNewTask(commit-update)");
}
}
return $ret;
}
echo "<script>window.close();</script></html>";
exit;
}
ob_end_flush();
// echo "</pre>\n";
DB_lo_close($lo);
if ($msg != '') {
// echo " <a href=\"#\" onClick=\"window.print()\"><h1>".$_GET["msg"]."</h1></a>";
echo "\n\n\n" . $msg . "\n";
echo $msg . "\n";
echo $msg . "\n";
}
DBExec($c, "commit work");
DBClose($c);
} else {
header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if (($str = file_get_contents($fname)) === false) {
header("Content-type: text/html");
echo "<html><head><title>View Page</title>";
MSGError("Unable to open file (" . basename($fname) . ")");
LOGError("Unable to open file (" . basename($fname) . ")");
echo "<script>window.close();</script></html>";
exit;
}
header("Content-type: text/plain");
echo decryptData($str, $cf["key"]);
ob_end_flush();
}
function DBCreateDatabase()
{
$conf = globalconf();
if ($conf["dblocal"] == "true") {
$conn = pg_connect("connect_timeout=10 dbname=template1 user="******"dbsuperuser"] . " password="******"dbsuperpass"]);
} else {
$conn = pg_connect("connect_timeout=10 host=" . $conf["dbhost"] . " port=" . $conf["dbport"] . " dbname=template1 user="******"dbsuperuser"] . " password="******"dbsuperpass"]);
}
if (!$conn) {
MSGError("Unable to connect to xtemplate1 as " . $conf["dbsuperuser"]);
exit;
}
if (isset($conf["dbencoding"])) {
$r = DBExec($conn, "create database {$conf["dbname"]} with encoding = '{$conf["dbencoding"]}'", "DBCreateDatabase(create)");
} else {
$r = DBExec($conn, "create database {$conf["dbname"]} with encoding = 'UTF8'", "DBCreateDatabase(create)");
}
}
if (!$usertable) {
ForceLoad("index.php");
} else {
if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) {
ForceLoad("index.php");
}
if ($ct["contestlocalsite"] == $ct["contestmainsite"]) {
$main = true;
} else {
$main = false;
}
if (isset($_GET['action']) && $_GET['action'] == 'scoretransfer') {
echo "SCORETRANSFER OK";
} else {
if ($main && $_SESSION["usertable"]["usertype"] == 'site') {
MSGError('Direct login of this user is not allowed');
unset($_SESSION["usertable"]);
ForceLoad("index.php");
exit;
}
echo "<script language=\"JavaScript\">\n";
echo "document.location='" . $_SESSION["usertable"]["usertype"] . "/index.php';\n";
echo "</script>\n";
}
exit;
}
}
} else {
echo "<script language=\"JavaScript\">\n";
echo "alert('Unable to load config files. Possible file permission problem in the BOCA directory.');\n";
echo "</script>\n";
function DBNewClar($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['clarnumber'])) {
$param['clarnumber'] = $param['number'];
}
$ac = array('contest', 'site', 'user', 'problem', 'question');
$ac1 = array('clarnumber', 'clardate', 'clardatediff', 'clardatediffans', 'claranswer', 'clarstatus', 'clarjudge', 'clarjudgesite', 'updatetime');
$type['contest'] = 1;
$type['problem'] = 1;
$type['updatetime'] = 1;
$type['site'] = 1;
$type['user'] = 1;
$type['clarnumber'] = 1;
$type['clardatediffans'] = 1;
$type['clardatediff'] = 1;
$type['clardate'] = 1;
$type['clarjudge'] = 1;
$type['clarjudgesite'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewClar param error: {$key} not found");
return false;
}
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewClar param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$t = time();
$clarnumber = -1;
$updatetime = -1;
$clardatediff = -1;
$clardate = $t;
$claranswer = '';
$clardatediffans = 999999999;
$clarjudge = 'NULL';
$clarjudgesite = 'NULL';
$clarstatus = 'openclar';
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewClar param error: {$key} is not numeric");
return false;
}
}
}
if ($updatetime < 0) {
$updatetime = $t;
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewClar(transaction)");
}
$insert = true;
if ($clarnumber < 0) {
$sql = "select sitenextclar as nextclar from sitetable where sitenumber={$site} and contestnumber={$contest} for update";
$r = DBExec($c, $sql, "DBNewClar(get site for update)");
if (DBnlines($r) != 1) {
DBExec($c, "rollback work", "DBNewClar(rollback-site)");
LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")");
MSGError("Unable to find a unique site/contest in the database. Contact an admin now!");
exit;
}
$a = DBRow($r, 0);
$n = $a["nextclar"] + 1;
$clarnumber = $n;
} else {
$sql = "select * from clartable as t where t.contestnumber={$contest} and " . "t.clarsitenumber={$site} and t.clarnumber={$clarnumber}";
$r = DBExec($c, $sql . " for update", "DBNewClar(get clar for update)");
$n = DBnlines($r);
if ($n > 0) {
$insert = false;
$lr = DBRow($r, 0);
$t = $lr['updatetime'];
}
$n = $clarnumber;
}
DBExec($c, "update sitetable set sitenextclar={$clarnumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenextclar<{$clarnumber}", "DBNewClar(update site)");
if ($clardatediff < 0) {
$b = DBSiteInfo($contest, $site, $c);
$dif = $b["currenttime"];
$clardatediff = $dif;
if ($dif < 0) {
DBExec($c, "rollback work", "DBNewClar(rollback-started)");
LOGError("Tried to submit a clarification but the contest is not started. SQL=(" . $sql . ")");
MSGError("The contest is not started yet!");
return false;
}
if (!$b["siterunning"]) {
DBExec($c, "rollback work", "DBNewClar(rollback-over)");
LOGError("Tried to submit a clarification but the contest is over. SQL=(" . $sql . ")");
MSGError("The contest is over!");
return false;
}
} else {
$dif = $clardatediff;
}
$ret = 1;
if ($insert) {
DBExec($c, "INSERT INTO clartable (contestnumber, clarsitenumber, clarnumber, usernumber, clardate, " . "clardatediff, clardatediffans, clarproblem, clardata, claranswer, clarjudge, clarjudgesite, clarstatus, updatetime) VALUES " . "({$contest}, {$site}, {$n}, {$user}, {$clardate}, {$clardatediff}, {$clardatediffans}, {$problem}, '{$question}', " . "'{$claranswer}', {$clarjudge}, {$clarjudgesite}, '{$clarstatus}', {$updatetime})", "DBNewClar(insert clar)");
if ($cw) {
DBExec($c, "commit work", "DBNewClar(commit-insert)");
}
LOGLevel("User {$user} submitted a clarification (#{$n}) on site #{$site} " . "(problem={$problem}, contest={$contest}).", 2);
$ret = 2;
} else {
if ($updatetime > $t) {
$ret = 2;
DBExec($c, "update clartable set clardate={$clardate}, clardatediff={$clardatediff}, " . "clardatediffans={$clardatediffans}, claranswer='{$claranswer}', clarstatus='{$clarstatus}', " . "clarjudge={$clarjudge}, clarjudgesite={$clarjudgesite}, updatetime={$updatetime}, clardata='{$question}', clarproblem={$problem} " . "where clarnumber={$clarnumber} and contestnumber={$contest} and clarsitenumber={$site}", "DBNewClar(update clar)");
}
if ($cw) {
DBExec($c, "commit work", "DBNewClar(commit-update)");
}
}
return $ret;
/* // isso gera problemas de portabilidade e de seguranca se os demais usuarios tiverem shell no servidor
// por outro lado, garante que as coisas estao guardadas em arquivos fora do banco, caso haja outros problemas.
umask(0077);
@mkdir("/tmp/boca");
$fp = fopen("/tmp/boca/contest${contest}.site${site}.clar${n}.user${user}.problem${problem}.time${t}", "w");
if ($fp) {
fwrite($fp, $question);
fclose($fp);
} else
LOGLevel("Clarification not saved as file (clar=$n,site=$site,contest=$contest)", 1);
*/
}
function DBNewRun($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['runnumber'])) {
$param['runnumber'] = $param['number'];
}
if (isset($param['runlangnumber']) && !isset($param['lang'])) {
$param['lang'] = $param['runlangnumber'];
}
if (isset($param['runproblem']) && !isset($param['problem'])) {
$param['problem'] = $param['runproblem'];
}
$ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath');
$ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
$type['contest'] = 1;
$type['autobegindate'] = 1;
$type['autoenddate'] = 1;
$type['problem'] = 1;
$type['updatetime'] = 1;
$type['site'] = 1;
$type['user'] = 1;
$type['runnumber'] = 1;
$type['rundatediffans'] = 1;
$type['rundatediff'] = 1;
$type['rundate'] = 1;
$type['runanswer'] = 1;
$type['runjudge'] = 1;
$type['runjudgesite'] = 1;
$type['runjudge1'] = 1;
$type['runjudgesite1'] = 1;
$type['runanswer1'] = 1;
$type['runjudge2'] = 1;
$type['runjudgesite2'] = 1;
$type['runanswer2'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewRun param error: {$key} not found");
return false;
}
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewRun param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$t = time();
$autoip = '';
$autobegindate = 'NULL';
$autoenddate = 'NULL';
$autoanswer = '';
$autostdout = '';
$autostderr = '';
$runjudge = 'NULL';
$runjudgesite = 'NULL';
$runjudge1 = 'NULL';
$runjudgesite1 = 'NULL';
$runanswer1 = 0;
$runjudge2 = 'NULL';
$runjudgesite2 = 'NULL';
$runanswer2 = 0;
$runnumber = -1;
$updatetime = -1;
$rundatediff = -1;
$rundate = $t;
$runanswer = 0;
$rundatediffans = 999999999;
$runstatus = 'openrun';
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($type[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewRun param error: {$key} is not numeric");
return false;
}
}
}
if ($updatetime < 0) {
$updatetime = $t;
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewRun(transaction)");
}
$insert = true;
$oid1 = '';
$oid2 = '';
$oldold1 = '';
$oldold2 = '';
$sql = "select sitenextrun as nextrun from " . "sitetable where sitenumber={$site} and contestnumber={$contest} for update";
$r = DBExec($c, $sql, "DBNewRun(get site for update)");
if (DBnlines($r) != 1) {
DBExec($c, "rollback work", "DBNewRun(rollback-site)");
LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")");
MSGError("Unable to find a unique site/contest in the database.");
return false;
}
$a = DBRow($r, 0);
$n = $a["nextrun"] + 1;
if ($runnumber > 0) {
$sql = "select * from runtable as t where t.contestnumber={$contest} and " . "t.runsitenumber={$site} and t.runnumber={$runnumber}";
$r = DBExec($c, $sql . " for update", "DBNewRun(get run for update)");
$n = DBnlines($r);
if ($n > 0) {
$insert = false;
$lr = DBRow($r, 0);
$t = $lr['updatetime'];
if (isset($lr['autostdout'])) {
$oid1 = $lr['autostdout'];
}
if (isset($lr['autostderr'])) {
$oid2 = $lr['autostderr'];
}
}
$n = $runnumber;
} else {
$runnumber = $n;
}
if ($rundatediff < 0) {
$b = DBSiteInfo($contest, $site, $c);
$dif = $b["currenttime"];
$rundatediff = $dif;
if ($dif < 0) {
if (!isset($param['allowneg'])) {
DBExec($c, "rollback work", "DBNewRun(rollback-started)");
LOGError("Tried to submit a run but the contest is not started. SQL=(" . $sql . ")");
MSGError("The contest is not started yet!");
return 0;
}
}
if (!$b["siterunning"]) {
DBExec($c, "rollback work", "DBNewRun(rollback-over)");
LOGError("Tried to submit a run but the contest is over. SQL=(" . $sql . ")");
MSGError("The contest is over!");
return 0;
}
} else {
$dif = $rundatediff;
}
if ($updatetime > $t || $insert) {
DBExec($c, "update sitetable set sitenextrun={$runnumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenextrun<{$runnumber}", "DBNewRun(update site)");
// LOGError($autostdout);
if (substr($autostdout, 0, 7) == "base64:") {
$autostdout = base64_decode(substr($autostdout, 7));
$oldoid1 = $oid1;
if (($oid1 = DB_lo_import_text($c, $autostdout)) == null) {
DBExec($c, "rollback work", "DBNewRun(rollback-import stdout)");
LOGError("Unable to create a large object for file stdout (run={$runnumber},site={$site},contest={$contest}).");
MSGError("problem importing stdout to database. Contact an admin now!");
return false;
}
} else {
if ($autostdout != '') {
DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)");
LOGError("Unable to create a large object for file stdout that is not BASE64 (run={$runnumber},site={$site},contest={$contest}).");
MSGError("problem importing stdout (not BASE64) to database. Contact an admin now!");
return false;
}
$oid1 = 'NULL';
}
if (substr($autostderr, 0, 7) == "base64:") {
// LOGError($autostderr);
$autostderr = base64_decode(substr($autostderr, 7));
$oldoid2 = $oid2;
if (($oid2 = DB_lo_import_text($c, $autostderr)) == null) {
DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)");
LOGError("Unable to create a large object for file stderr (run={$runnumber},site={$site},contest={$contest}).");
MSGError("problem importing stderr to database. Contact an admin now!");
return false;
}
} else {
if ($autostderr != '') {
DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)");
LOGError("Unable to create a large object for file stderr that is not BASE64 (run={$runnumber},site={$site},contest={$contest}).");
MSGError("problem importing stderr (not BASE64) to database. Contact an admin now!");
return false;
}
$oid2 = 'NULL';
}
}
$ret = 1;
if ($insert) {
if (substr($filepath, 0, 7) != "base64:") {
if (($oid = DB_lo_import($c, $filepath)) === false) {
DBExec($c, "rollback work", "DBNewRun(rollback-import)");
LOGError("DBNewRun: Unable to create a large object for file {$filepath}.");
MSGError("problem importing file {$filepath} to database. Contact an admin now!");
return false;
}
} else {
$filepath = base64_decode(substr($filepath, 7));
if (($oid = DB_lo_import_text($c, $filepath)) == null) {
DBExec($c, "rollback work", "DBNewRun(rollback-import)");
LOGError("DBNewRun: Unable to create a large object for file.");
MSGError("problem importing file to database. Contact an admin now!");
return false;
}
}
DBExec($c, "INSERT INTO runtable (contestnumber, runsitenumber, runnumber, usernumber, rundate, " . "rundatediff, rundatediffans, runproblem, runfilename, rundata, runanswer, runstatus, runlangnumber, " . "runjudge, runjudgesite, runanswer1, runjudge1, runjudgesite1, runanswer2, runjudge2, runjudgesite2, " . "autoip, autobegindate, autoenddate, autoanswer, autostdout, autostderr, updatetime) " . "VALUES ({$contest}, {$site}, {$n}, {$user}, {$rundate}, {$rundatediff}, {$rundatediffans}, {$problem}, '{$filename}', {$oid}, {$runanswer}, " . "'{$runstatus}', {$lang}, {$runjudge}, {$runjudgesite}, {$runanswer1}, {$runjudge1}, {$runjudgesite1}, {$runanswer2}, {$runjudge2}, " . "{$runjudgesite2}, '{$autoip}', {$autobegindate}, {$autoenddate}, '{$autoanswer}', {$oid1}, {$oid2}, {$updatetime})", "DBNewRun(insert run)");
if ($cw) {
DBExec($c, "commit work", "DBNewRun(commit)");
LOGLevel("User {$user} submitted a run (#{$n}) on site #{$site} " . "(problem={$problem},filename={$filename},lang={$lang},contest={$contest},date={$t},datedif={$dif},oid={$oid}).", 2);
}
$ret = 2;
} else {
if ($updatetime > $t) {
$ret = 2;
DBExec($c, "update runtable set rundate={$rundate}, rundatediff={$rundatediff}, " . "rundatediffans={$rundatediffans}, runanswer={$runanswer}, runanswer1={$runanswer1}, runanswer2={$runanswer2}, runstatus='{$runstatus}', " . "runjudge1={$runjudge1}, runjudgesite1={$runjudgesite1}, runjudge2={$runjudge2}, runjudgesite2={$runjudgesite2}, " . "runjudge={$runjudge}, runjudgesite={$runjudgesite}, updatetime={$updatetime}, " . "autoip='{$autoip}', autobegindate={$autobegindate}, autoenddate={$autoenddate}, autoanswer='{$autoanswer}', " . "autostdout={$oid1}, autostderr={$oid2} " . "where runnumber={$runnumber} and contestnumber={$contest} and runsitenumber={$site}", "DBNewRun(update run)");
if (is_numeric($oldoid1)) {
DB_lo_unlink($c, $oldoid1);
}
if (is_numeric($oldoid2)) {
DB_lo_unlink($c, $oldoid2);
}
}
if ($cw) {
DBExec($c, "commit work", "DBNewRun(commit-update)");
}
}
return $ret;
/* // isso gera problemas de portabilidade e de seguranca (quando outros usuarios tambem tem shell
// no servidor e podem construir paginas web. Eles podem usar essas paginas para acessar esses arquivos,
// pois os mesmos ficaram com dono apache/www-data/etc)
umask(0077);
@mkdir("/tmp/boca");
if (!move_uploaded_file ($filepath,
"/tmp/boca/contest${contest}.site${site}.run${n}.user${user}.problem${problem}.time${t}.${filename}"))
LOGLevel("Run not saved as file (run=$n,site=$site,contest=$contest", 1);
*/
}
function DBLogInContest($name, $pass, $contest, $msg = true)
{
$b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)");
if ($b == null) {
LOGLevel("There is no contest {$contest}.", 0);
if ($msg) {
MSGError("There is no contest {$contest}, contact an admin.");
}
return false;
}
$d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false);
if ($d == null) {
if ($msg) {
MSGError("There is no active site, contact an admin.");
}
return false;
}
$a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)");
if ($a == null) {
if ($msg) {
LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2);
MSGError("User does not exist or incorrect password.");
}
return false;
}
$a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false);
$_SESSION['usertable'] = $a;
$p = myhash($a["userpassword"] . session_id());
$_SESSION['usertable']['userpassword'] = $p;
if ($a["userpassword"] != "" && $p != $pass) {
LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2);
if ($msg) {
MSGError("Incorrect password.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2);
if ($msg) {
MSGError("Logins are not allowed.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($a["userenabled"] != "t") {
LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2);
if ($msg) {
MSGError("User disabled.");
}
unset($_SESSION["usertable"]);
return false;
}
$gip = getIP();
if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1);
if ($msg && $a["usertype"] != "admin") {
MSGError("You are using two distinct IPs. Admin notified.");
}
}
if ($a["userpermitip"] != "") {
$ips = explode(';', $a["userpermitip"]);
$gips = explode(';', $gip);
if (count($gips) < count($ips)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
for ($ipss = 0; $ipss < count($ips); $ipss++) {
$gipi = $gips[$ipss];
$ipi = $ips[$ipss];
if (!match_network($ipi, $gipi)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
}
}
$c = DBConnect();
$t = time();
if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") {
$r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)");
} else {
DBExec($c, "begin work");
$sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")";
DBExec($c, $sql);
DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)");
if ($name == 'admin') {
list($clockstr, $clocktime) = siteclock();
if ($clocktime < -600) {
DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)");
}
}
DBExec($c, "commit work");
}
LOGLevel("User {$name} authenticated (" . $gip . ")", 2);
return $a;
}
if (($st = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"])) != null) {
$clar = DBUserClars($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]);
for ($i = 0; $i < count($clar); $i++) {
if ($clar[$i]["anstime"] > $_SESSION["usertable"]["userlastlogin"] - $st["sitestartdate"] && $clar[$i]["anstime"] < $st['siteduration'] && trim($clar[$i]["answer"]) != '' && !isset($_SESSION["popups"]['clar' . $i . '-' . $clar[$i]["anstime"]])) {
$_SESSION["popups"]['clar' . $i . '-' . $clar[$i]["anstime"]] = "(Clar for problem " . $clar[$i]["problem"] . " answered)\n";
}
}
$run = DBUserRuns($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]);
for ($i = 0; $i < count($run); $i++) {
if ($run[$i]["anstime"] > $_SESSION["usertable"]["userlastlogin"] - $st["sitestartdate"] && $run[$i]["anstime"] < $st['sitelastmileanswer'] && $run[$i]["ansfake"] != "t" && !isset($_SESSION["popups"]['run' . $i . '-' . $run[$i]["anstime"]])) {
$_SESSION["popups"]['run' . $i . '-' . $run[$i]["anstime"]] = "(Run " . $run[$i]["number"] . " result: " . $run[$i]["answer"] . ')\\n';
}
}
}
$str = '';
if (isset($_SESSION["popups"])) {
foreach ($_SESSION["popups"] as $key => $value) {
if ($value != '') {
$str .= $value;
$_SESSION["popups"][$key] = '';
}
}
if ($str != '') {
MSGError('YOU GOT NEWS:\\n' . $str . '\\n');
}
}
}
?>
</div>
function DBScoreSite($contest, $site, $verifylastmile, $hor = -1, $data = null)
{
if (($blocal = DBSiteInfo($contest, $_SESSION["usertable"]["usersitenumber"])) == null) {
exit;
}
if (($b = DBSiteInfo($contest, $site, null, false)) == null) {
$b = $blocal;
}
if (($ct = DBContestInfo($contest)) == null) {
exit;
}
$t = time();
$ta = $blocal["currenttime"];
if ($hor >= 0) {
$ta = $hor;
}
if ($verifylastmile) {
$tf = $b["sitelastmilescore"];
} else {
$tf = $b["siteduration"];
}
if ($data != null && is_numeric($data)) {
if ($data < $ta) {
$ta = $data;
}
$data = null;
}
$data0 = array();
if ($data == null) {
$c = DBConnect();
$resp = array();
$r = DBExec($c, "select * from usertable where contestnumber={$contest} and usersitenumber={$site} and " . "usertype='team' and userlastlogin is not null and userenabled='t'", "DBScoreSite(get users)");
$n = DBnlines($r);
for ($i = 0; $i < $n; $i++) {
$a = DBRow($r, $i);
$resp[$a["usernumber"]]["user"] = $a["usernumber"];
$resp[$a["usernumber"]]["site"] = $a["usersitenumber"];
$resp[$a["usernumber"]]["username"] = $a["username"];
$resp[$a["usernumber"]]["usertype"] = $a["usertype"];
$resp[$a["usernumber"]]["userfullname"] = $a["userfullname"];
$resp[$a["usernumber"]]["totaltime"] = 0;
$resp[$a["usernumber"]]["totalcount"] = 0;
$resp[$a["usernumber"]]["problem"] = array();
}
$r = DBExec($c, "select r.usernumber as user, p.problemname as problemname, r.runproblem as problem, " . "p.problemcolor as color, p.problemcolorname as colorname, " . "r.rundatediff as time, r.rundatediffans as anstime, a.yes as yes, r.runanswer as answer from " . "runtable as r, answertable as a, problemtable as p where r.runanswer=a.answernumber and " . "a.contestnumber={$contest} and p.problemnumber=r.runproblem and p.contestnumber={$contest} and " . "r.contestnumber={$contest} and r.runsitenumber={$site} and (r.runstatus ~ 'judged' or r.runstatus ~ 'judged+') and " . "r.rundatediff>=0 and r.rundatediff<={$tf} and r.rundatediffans<={$ta} " . "order by r.usernumber, r.runproblem, r.rundatediff", "DBScoreSite(get runs)");
$n = DBnlines($r);
$a = array();
for ($i = 0; $i < $n; $i++) {
$a[$i] = DBRow($r, $i);
}
$data0['n'] = $n;
$data0['resp'] = $resp;
$data0['a'] = $a;
$data0['site'] = $site;
} else {
$resp = $data['resp'];
$n = $data['n'];
$a = $data['a'];
}
$i = 0;
while ($i < $n) {
if ($a[$i]["anstime"] > $ta) {
$i++;
continue;
}
$user = $a[$i]["user"];
$problem = $a[$i]["problem"];
$time = 0;
$k = 0;
if (!isset($resp[$user])) {
$i++;
continue;
}
$resp[$user]["user"] = $user;
$resp[$user]["site"] = $site;
$resp[$user]["problem"][$problem]["name"] = $a[$i]["problemname"];
$resp[$user]["problem"][$problem]["color"] = $a[$i]["color"];
$resp[$user]["problem"][$problem]["colorname"] = $a[$i]["colorname"];
$resp[$user]["problem"][$problem]["solved"] = false;
$resp[$user]["problem"][$problem]["judging"] = false;
$resp[$user]["problem"][$problem]["time"] = 0;
$resp[$user]["problem"][$problem]["penalty"] = 0;
$resp[$user]["problem"][$problem]["count"] = 0;
while ($i < $n && $a[$i]["anstime"] <= $ta && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem && $a[$i]["yes"] != 't') {
$time += (int) ($ct["contestpenalty"] / 60);
$k++;
$i++;
}
$resp[$user]["problem"][$problem]["count"] = $k;
if ($i >= $n) {
break;
}
if ($a[$i]["anstime"] <= $ta && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem && $a[$i]["yes"] == 't') {
$timet = (int) ($a[$i]["time"] / 60);
if (!isset($resp[$user]["first"]) || $timet < $resp[$user]["first"]) {
$resp[$user]["first"] = $timet;
}
$time += $timet;
$resp[$user]["problem"][$problem]["time"] = $timet;
$resp[$user]["problem"][$problem]["penalty"] = $time;
$resp[$user]["problem"][$problem]["solved"] = true;
$resp[$user]["problem"][$problem]["count"]++;
$resp[$user]["totaltime"] += $time;
$resp[$user]["totalcount"]++;
}
while ($i < $n && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem) {
$i++;
}
}
if ($data == null) {
$aa = DBRecentNews($contest, $site, $verifylastmile, $ta);
$data0['aa'] = $aa;
} else {
$aa = $data['aa'];
}
for ($i = 0; $i < count($aa); $i++) {
if ($aa[$i]["fut"] == 't') {
$resp[$aa[$i]["usernumber"]]["problem"][$aa[$i]["problemnumber"]]["judging"] = true;
}
}
if (($result = ordena($resp)) === false) {
LOGError("Error while sorting scores (contest={$contest}, site={$site}).");
MSGError("Error while sorting scores. Contact an admin now!");
}
return array($result, $data0);
}
