function json_scoreboard() { // generate a json scoreboard // this function is so hacky.. // could probably do with a rewrite $user_types = db_select_all('user_types', array('id', 'title AS category')); if (empty($user_types)) { $user_types = array(array('id' => 0, 'category' => 'all')); } for ($i = 0; $i < count($user_types); $i++) { $scores = db_query_fetch_all(' SELECT u.id AS user_id, u.team_name, u.competing, co.country_code, SUM(c.points) AS score, MAX(s.added) AS tiebreaker FROM users AS u LEFT JOIN countries AS co ON co.id = u.country_id LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1 LEFT JOIN challenges AS c ON c.id = s.challenge WHERE u.competing = 1 AND u.user_type = :user_type GROUP BY u.id ORDER BY score DESC, tiebreaker ASC', array('user_type' => $user_types[$i]['id'])); unset($user_types[$i]['id']); for ($j = 0; $j < count($scores); $j++) { $user_types[$i]['teams'][htmlspecialchars($scores[$j]['team_name'])] = array('position' => $j + 1, 'score' => isset($scores[$j]['score']) ? $scores[$j]['score'] : 0, 'country' => $scores[$j]['country_code']); } } echo json_encode($user_types); }
public function read() { $sql = "record_id = '" . $this->id . "'"; // AND user_id = '".$this->uid()."'"; if (!empty($this->smpte)) { $sql .= " AND cuepoint = '" . $this->smpte . "'"; } $sql .= " ORDER BY record_id ASC"; $notes = db_select_all(TBL_PREFIX . TBL_HYPERNOTES, "*", $sql); foreach ($notes as $note) { $this->data[] = array("uid" => $note['user_id'], "pos" => $note['cuepoint'], "txt" => $note['hypernote']); } }
function allowed_email($email) { $allowedEmail = true; $rules = db_select_all('restrict_email', array('rule', 'white'), array('enabled' => 1), 'priority ASC'); foreach ($rules as $rule) { if (preg_match('/' . $rule['rule'] . '/', $email)) { if ($rule['white']) { $allowedEmail = true; } else { $allowedEmail = false; } } } return $allowedEmail; }
protected function query() { $records = db_select_all(TBL_PREFIX . TBL_RECORDS, "id,cache_id,sess_date,DATE_FORMAT(sess_date,'%W %D %M %Y (%H:%i:%s)') as udate,sess_time", "client_id = '" . $this->cid . "' ORDER BY id ASC"); $this->num = count($records); $count = 0; $prevRecord = null; foreach ($records as $record) { // split browsing sessions by access date if ($prevRecord && strtotime($record['sess_date']) - strtotime($prevRecord['sess_date']) > 1200) { $count++; } // this $cache query is really needed only on the 'analyze' module $cache = db_select(TBL_PREFIX . TBL_CACHE, "url", "id = '" . $record['cache_id'] . "'"); // to track the REAL clickpath we need both the id AND the trail group of each record $this->data[] = array("id" => $record['id'], "date" => $record['udate'], "time" => $record['sess_time'], "url" => $cache['url'], "trail" => $count); // update $prevRecord = $record; } }
" class="vspace">JavaScript API <small class="del">deprecated!</small></h2> <?php check_notified_request(TBL_JSOPT); ?> <p> If you wish to use the JavaScript (JS) visualization API, you can customize it here. These options are stored on your MySQL database. <em>Leave fields blank for default values</em>. </p> <p>This API will be not supported in a future, and maybe it will be removed definitely in next smt2 releases.</p> <br /> <form action="savesettings.php" method="post"> <?php $jsoption = db_select_all(TBL_PREFIX . TBL_JSOPT, "*", "1"); echo display_options($jsoption); ?> <fieldset> <input type="hidden" name="submit" value="<?php echo TBL_JSOPT; ?> " /> <input type="submit" class="button round" value="Set JS replay options" /> </fieldset> </form> --> <?php include INC_DIR . 'footer.php';
function country_select() { $countries = db_select_all('countries', array('id', 'country_name'), null, 'country_name ASC'); echo '<select name="country" class="form-control" required="required"> <option disabled selected>-- Please select a country --</option>'; foreach ($countries as $country) { echo '<option value="', htmlspecialchars($country['id']), '">', htmlspecialchars($country['country_name']), '</option>'; } echo '</select>'; }
<?php // server settings are required - relative path to smt2 root dir require '../../../config.php'; // protect extension from being browsed by anyone require SYS_DIR . 'logincheck.php'; // now you have access to all CMS API include INC_DIR . 'header.php'; // retrieve extensions $MODULES = ext_available(); // get all roles $ROLES = db_select_all(TBL_PREFIX . TBL_ROLES, "*", "1"); // query DB once $ROOT = is_root(); // helper function function table_row($role, $new = false) { global $MODULES, $ROOT; $self = $role['id'] == $_SESSION['role_id']; // wrap table row in a form, so each user can be edited separately $row = '<form action="saveroles.php" method="post">'; $row .= '<tr>'; $row .= ' <td>'; $row .= !$new ? '<strong>' . $role['name'] . '</strong>' : '<input type="text" class="text center" id="newrole" name="name" value="type role name" size="15" maxlength="100" />'; $row .= ' </td>'; $allowed = explode(",", $role['ext_allowed']); // check available extensions foreach ($MODULES as $module) { // disable admin roles (they have wide access) $disabled = $self || $role['id'] == 1 && !$new ? ' disabled="disabled"' : null; // look for registered users' roles
form_button_submit('Upload file'); echo 'Max file size: ', bytes_to_pretty_size(max_file_upload_size()); form_end(); section_subhead('Hints'); echo ' <table id="hints" class="table table-striped table-hover"> <thead> <tr> <th>Added</th> <th>Hint</th> <th>Manage</th> </tr> </thead> <tbody> '; $hints = db_select_all('hints', array('id', 'added', 'body'), array('challenge' => $_GET['id'])); foreach ($hints as $hint) { echo ' <tr> <td>', date_time($hint['added']), '</td> <td>', htmlspecialchars($hint['body']), '</td> <td><a href="edit_hint.php?id=', htmlspecialchars(short_description($hint['id'], 100)), '" class="btn btn-xs btn-primary">Edit</a></td> </tr> '; } echo ' </tbody> </table> <a href="new_hint.php?id=', htmlspecialchars($_GET['id']), '" class="btn btn-sm btn-warning">Add a new hint</a> ';
<?php require '../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); head('Dynamic pages'); menu_management(); section_head('Dynamic pages', button_link('New page', 'new_dynamic_page'), false); $pages = db_select_all('dynamic_pages', array('id', 'title', 'visibility', 'min_user_class'), null, 'title ASC'); echo ' <table id="dynamic_pages" class="table table-striped table-hover"> <thead> <tr> <th>Title</th> <th>visibility</th> <th>Min user class</th> <th>Manage</th> </tr> </thead> <tbody> '; foreach ($pages as $item) { echo ' <tr> <td>', htmlspecialchars($item['title']), '</td> <td>', visibility_enum_to_name($item['visibility']), '</td> <td>', user_class_name($item['min_user_class']), '</td> <td><a href="' . CONFIG_SITE_ADMIN_URL . 'edit_dynamic_page?id=', $item['id'], '" class="btn btn-xs btn-primary">Edit</a></td> </tr> '; } echo '
<?php require '../../include/mellivora.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); head('Site management'); menu_management(); if (array_get($_GET, 'bcc') == 'all') { $users = db_select_all('users', array('email')); $bcc = ''; foreach ($users as $user) { $bcc .= $user['email'] . ",\n"; } $bcc = trim($bcc); } section_subhead('New email'); message_inline_blue('Separate receiver emails with a comma and optional whitespace. You can use BBCode. If you do, you must send as HTML email.'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_email'); if (isset($bcc)) { form_input_text('To', CONFIG_EMAIL_FROM_EMAIL); form_input_text('CC'); form_textarea('BCC', $bcc); } else { form_input_text('To', isset($_GET['to']) ? $_GET['to'] : ''); form_input_text('CC'); form_input_text('BCC'); } form_input_text('Subject'); form_textarea('Body'); form_input_checkbox('HTML email'); form_hidden('action', 'new'); message_inline_yellow('Important email? Remember to Ctrl+C before attempting to send!');
<?php require '../../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_id($_POST['id']); validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]); if ($_POST['action'] == 'edit') { db_update('categories', array('title' => $_POST['title'], 'description' => $_POST['description'], 'exposed' => $_POST['exposed'], 'available_from' => strtotime($_POST['available_from']), 'available_until' => strtotime($_POST['available_until'])), array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'edit_category.php?id=' . $_POST['id'] . '&generic_success=1'); } else { if ($_POST['action'] == 'delete') { if (!$_POST['delete_confirmation']) { message_error('Please confirm delete'); } db_delete('categories', array('id' => $_POST['id'])); $challenges = db_select_all('challenges', array('id'), array('category' => $_POST['id'])); foreach ($challenges as $challenge) { delete_challenge_cascading($challenge['id']); } redirect(CONFIG_SITE_ADMIN_RELPATH . '?generic_success=1'); } } }
error_reporting(E_ALL); debug('Start timestamp is ' . $startTime, 40, __FILE__, __LINE__); debug('Configuration:' . print_r($iniConfig, TRUE), 40, __FILE__, __LINE__); $maxRunTime = 55; $cleanUntil = date('Y-m-d', mktime(0, 0, 0, substr($today, 5, 2), substr($today, 8, 2) - getConfigValue($link, 'keepHistoryDays'), substr($today, 0, 4))); debug('Cleaning up until ' . $cleanUntil, 40, __FILE__, __LINE__); // array containing tables to be cleaned $cleanTable = array('sites', 'traffic', 'trafficSummaries', 'users'); reset($cleanTable); while (list($key, $tableName) = each($cleanTable)) { debug('Cleaning-up ' . $tableName . '...', 40, __FILE__, __LINE__); $query = 'DELETE FROM ' . $tableName . " WHERE date<'" . $cleanUntil . "'"; db_delete($link, $query); } $query = 'SHOW TABLES'; $tables = db_select_all($link, $query); reset($tables); while (list($key, $tableName) = each($tables)) { $timestampNow = time(); debug('Now timestamp is: ' . $timestampNow . '. Script start was at: ' . $startTime, 40, __FILE__, __LINE__); debug('Checking if run time exceeded ' . $maxRunTime . ' seconds...', 40, __FILE__, __LINE__); if ($timestampNow - $startTime > $maxRunTime) { debug('YES', 40); debug('Exceeded run time', 30, __FILE__, __LINE__); my_exit($link, 0); } debug('NO', 40); $query = "OPTIMIZE TABLE {$tableName['0']}"; debug('Optimizing ' . $tableName[0] . '...', 30, __FILE__, __LINE__); db_query($link, $query); debug('Optimization finished.', 30, __FILE__, __LINE__);
$where = "id='" . $_GET['id'] . "'"; } else { if (isset($_GET['pid'])) { $where = "id='" . $_GET['pid'] . "'"; } else { if (isset($_GET['cid'])) { $where = "id='" . $_GET['cid'] . "'"; } else { $where = "1"; } } } } } // default: download all logs $records = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", $where . " ORDER BY sess_date, client_id"); if (!$records) { die("No logs found matching your criteria!"); } $format = isset($_POST['format']) ? $_POST['format'] : "csv"; switch ($format) { case 'txt': case 'xml': die("Sorry, TXT and XML formats are not yet implemented."); break; case 'csv': default: $delimiter = ";"; break; case 'tsv': $delimiter = "\t";
<div id="global"> <h1><strong>smt2</strong> uninstaller</h1> <?php if ($isInstalled) { // is root logged? if (!is_root()) { die_msg($_loginMsg["NOT_ALLOWED"]); } if (isset($_REQUEST['submit']) && isset($_REQUEST['really_sure']) && isset($_REQUEST['safety_input'])) { $msgs = array(); die('deleted'); if (isset($_REQUEST['droptables'])) { // delete cache logs first $logs = db_select_all(TBL_PREFIX . TBL_CACHE, "file", 1); foreach ($logs as $log) { if (is_file(CACHE_DIR . $log)) { unlink(CACHE_DIR . $log); } } // then delete (smt) tables foreach ($_lookupTables as $table) { db_query("DROP TABLE " . TBL_PREFIX . $table); } // notify $msgs[] = 'Tables were dropped.'; $msgs[] = 'Cache logs were deleted.'; } ?>
<?php require '../include/mellivora.inc.php'; login_session_refresh(); head('Scoreboard'); if (cache_start('scores', CONFIG_CACHE_TIME_SCORES)) { $now = time(); echo ' <div class="row"> <div class="col-lg-6">'; $user_types = db_select_all('user_types', array('id', 'title')); // no user types if (empty($user_types)) { section_head('Scoreboard', '<a href="' . CONFIG_SITE_URL . 'json?view=scoreboard"> <img src="' . CONFIG_SITE_URL . 'img/json.png" title="View json" alt="json" class="discreet-inline small-icon" /> </a>', false); $scores = db_query_fetch_all(' SELECT u.id AS user_id, u.team_name, u.competing, co.id AS country_id, co.country_name, co.country_code, SUM(c.points) AS score, MAX(s.added) AS tiebreaker FROM users AS u LEFT JOIN countries AS co ON co.id = u.country_id LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1 LEFT JOIN challenges AS c ON c.id = s.challenge WHERE u.competing = 1
echo '<th>action</th>'; } ?> </tr> </thead> <?php // build query $sql = "id ='" . array_shift($diff) . "'"; if (count($diff) > 0) { foreach ($diff as $value) { $sql .= " OR id='" . $value . "'"; } } // select orphan logs $cache = db_select_all(TBL_PREFIX . TBL_CACHE, "*", $sql); $rows = ""; foreach ($cache as $log) { $rows .= '<tr>' . PHP_EOL; $rows .= '<td class="pl pr"><a href="' . $log['url'] . '" rel="external" title="' . $log['title'] . '">' . trim_text($log['title']) . '</a></td>' . PHP_EOL; $rows .= '<td class="pl pr">' . $log['saved'] . '</td>' . PHP_EOL; if ($ROOT) { $rows .= '<td class="pl pr"><a class="del" href="delete.php?pid=' . $log['id'] . '">delete</a></td>' . PHP_EOL; } $rows .= '</tr>' . PHP_EOL; } ?> <tbody> <?php echo $rows;
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false); } else { echo '<p><a href="actions/hints.php?action=purchase&id=' . $hint['id'] . '" class="btn btn-xs btn-info">Purchase hint</a><strong> [This hint is available for purchase at ' . $hint['value'] . ' points.]</strong></p>'; } } } cache_end('hints_challenge_' . $challenge['id']); } if ($remaining_submissions) { if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) { message_inline_blue('Your submission is awaiting manual marking.'); } // write out files if (cache_start('files_' . $challenge['id'], CONFIG_CACHE_TIME_FILES)) { $files = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['id'])); $filesDuplicate = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['cloneOf'])); if (count($files) || count($filesDuplicate)) { print_attachments($files); print_attachments($filesDuplicate); } cache_end('files_' . $challenge['id']); } echo ' <div class="challenge-submit"> <form method="post" class="form-flag" action="actions/challenges"> <textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea> <input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" /> <input type="hidden" name="action" value="submit_flag" />'; form_xsrf_token(); if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) { display_captcha();
<?php require '../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_USER, true); $time = time(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]); if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) { validate_captcha(); } if ($_POST['action'] == 'submit_flag') { validate_id($_POST['challenge']); if (empty($_POST['flag'])) { message_error('Did you really mean to submit an empty flag?'); } $submissions = db_select_all('submissions', array('correct', 'added'), array('user_id' => $_SESSION['id'], 'challenge' => $_POST['challenge'])); // make sure user isn't "accidentally" submitting a correct flag twice $latest_submission_attempt = 0; $num_attempts = 0; foreach ($submissions as $submission) { $latest_submission_attempt = max($submission['added'], $latest_submission_attempt); if ($submission['correct']) { message_error('You may only submit a correct flag once.'); } $num_attempts++; } // get challenge information $challenge = db_select_one('challenges', array('flag', 'category', 'case_insensitive', 'automark', 'available_from', 'available_until', 'num_attempts_allowed', 'min_seconds_between_submissions'), array('id' => $_POST['challenge'])); $seconds_since_submission = $time - $latest_submission_attempt; if ($seconds_since_submission < $challenge['min_seconds_between_submissions']) { message_generic('Sorry', 'You may not submit another solution for this challenge for another ' . seconds_to_pretty_time($challenge['min_seconds_between_submissions'] - $seconds_since_submission));
function user_ip_log($user_id) { validate_id($user_id); echo ' <table id="files" class="table table-striped table-hover"> <thead> <tr> <th>IP</th> <th>Hostname</th> <th>First used</th> <th>Last used</th> <th>Times used</th> </tr> </thead> <tbody> '; $entries = db_select_all('ip_log', array('INET_NTOA(ip) AS ip', 'added', 'last_used', 'times_used'), array('user_id' => $_GET['id'])); foreach ($entries as $entry) { echo ' <tr> <td><a href="list_ip_log.php?ip=', htmlspecialchars($entry['ip']), '">', htmlspecialchars($entry['ip']), '</a></td> <td>', CONFIG_GET_IP_HOST_BY_ADDRESS ? gethostbyaddr($entry['ip']) : '<i>Lookup disabled in config</i>', '</td> <td>', date_time($entry['added']), '</td> <td>', date_time($entry['last_used']), '</td> <td>', number_format($entry['times_used']), '</td> </tr> '; } echo ' </tbody> </table> '; }
<div class="challenge-description"> ', $bbc->parse($challenge['description']), ' </div> <!-- / challenge-description -->'; } // write out hints if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) { $hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id'])); foreach ($hints as $hint) { message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false); } cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']); } // write out files $files = cache_array_get(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES); if (!is_array($files)) { $files = db_select_all('files', array('id', 'title', 'size', 'md5', 'download_key'), array('challenge' => $challenge['id'])); cache_array_save($files, CONST_CACHE_NAME_FILES . $challenge['id']); } if (count($files)) { print_attachments($files); } // only show the hints and flag submission form if we're not already correct and if the challenge hasn't expired if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) { if ($remaining_submissions) { if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) { message_inline_blue('Your submission is awaiting manual marking.'); } echo ' <div class="challenge-submit"> <form method="post" class="form-flag" action="actions/challenges"> <textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<p>Choose a domain to analyze</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?> " method="post"> <?php $s = '<select id="domain" name="domain_id" class="mr">'; $s .= '<option value="">---</option>'; // FIXME: couple domain IDs to user roles // This would allow to limit which domains can be inspected, e.g. "id < 3 ORDER BY id DESC" $rows = db_select_all(TBL_PREFIX . TBL_DOMAINS, "id, domain", "1 ORDER BY id DESC"); // GROUP BY domain? foreach ($rows as $row) { $select = isset($_SESSION['domain_id']) && $row['id'] == $_SESSION['domain_id'] ? 'selected="selected"' : null; $s .= '<option ' . $select . ' value="' . $row['id'] . '">' . $row['domain'] . '</option>'; } $s .= '</select>'; echo $s; ?> <input type="submit" class="button round" value="Classify" /> </form>
// domain id $sql .= '`domain` VARCHAR(255) NOT NULL, '; // domain name $sql .= 'PRIMARY KEY (`id`) '; $sql .= ') DEFAULT CHARSET utf8'; db_query($sql); $UPGRADED = true; } // check if domains should be updated $res = db_query("SHOW COLUMNS FROM " . TBL_PREFIX . TBL_RECORDS . " LIKE 'domain_id'"); if (!mysql_num_rows($res)) { // create new column $sql = "ALTER TABLE `" . TBL_PREFIX . TBL_RECORDS . "` ADD `domain_id` SMALLINT unsigned NOT NULL AFTER `cache_id`"; db_query($sql); // and update old DB records with the new values $pages = db_select_all(TBL_PREFIX . TBL_CACHE, "id,url", "1"); foreach ($pages as $page) { $domain = url_get_domain($page['url']); $d = db_select(TBL_PREFIX . TBL_DOMAINS, "id", "domain='" . $domain . "'"); if (!$d) { $did = db_insert(TBL_PREFIX . TBL_DOMAINS, "domain", "'" . $domain . "'"); } else { $did = $d['id']; } db_update(TBL_PREFIX . TBL_RECORDS, "domain_id='" . $did . "'", "cache_id='" . $page['id'] . "'"); } $UPGRADED = true; } // define helper function function update_cms($table, $fields, $values, $condition) {
<?php require '../../include/mellivora.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); validate_id($_GET['id']); head('Site management'); menu_management(); section_subhead('Edit dynamic menu item'); $menu_item = db_select_one('dynamic_menu', array('*'), array('id' => $_GET['id'])); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item'); form_input_text('Title', $menu_item['title']); form_input_text('Permalink', $menu_item['permalink']); dynamic_visibility_select($menu_item['visibility']); $pages = db_select_all('dynamic_pages', array('id', 'title')); array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---')); form_select($pages, 'Internal page', 'id', $menu_item['internal_page'], 'title'); user_class_select($menu_item['min_user_class']); form_input_text('URL', $menu_item['url']); form_input_text('Priority', $menu_item['priority']); form_hidden('action', 'edit'); form_hidden('id', $_GET['id']); form_button_submit('Save changes'); form_end(); section_subhead('Delete menu item'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); form_hidden('id', $_GET['id']); form_button_submit('Delete menu item', 'danger'); form_end(); foot();
exit; } prefer_ssl(); head('Register'); if (CONFIG_ACCOUNTS_SIGNUP_ALLOWED) { echo ' <h2>Register your team</h2> <p> ', lang_get('account_signup_information', array('password_information' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('email_password_on_signup') : '')), ' </p> <form method="post" id="registerForm" class="form-signin" action="actions/register"> <input name="team_name" type="text" class="form-control" placeholder="Team name" minlength="', CONFIG_MIN_TEAM_NAME_LENGTH, '" maxlength="', CONFIG_MAX_TEAM_NAME_LENGTH, '" required /> <input name="', md5(CONFIG_SITE_NAME . 'USR'), '" type="email" class="form-control" placeholder="Email address" required /> ', !CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? '<input name="' . md5(CONFIG_SITE_NAME . 'PWD') . '" type="password" class="form-control" placeholder="Password" required />' : ''; if (cache_start(CONST_CACHE_NAME_REGISTER, CONFIG_CACHE_TIME_REGISTER)) { $user_types = db_select_all('user_types', array('id', 'title', 'description')); if (!empty($user_types)) { echo '<select name="type" class="form-control"> <option disabled selected>-- Please select team type --</option>'; foreach ($user_types as $user_type) { echo '<option value="', htmlspecialchars($user_type['id']), '">', htmlspecialchars($user_type['title'] . ' - ' . $user_type['description']), '</option>'; } echo '</select>'; } country_select(); cache_end(CONST_CACHE_NAME_REGISTER); } if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) { display_captcha(); } echo '
function select_fps() { $s = '<label for="fps">FPS</label> '; $s .= '<select id="fps" name="fps" class="mr">'; $s .= '<option value="">---</option>'; $rows = db_select_all(TBL_PREFIX . TBL_RECORDS, "DISTINCT fps", "1"); foreach ($rows as $row) { $select = isset($_SESSION['fps']) && $row['fps'] == $_SESSION['fps'] ? 'selected="selected"' : null; $s .= '<option ' . $select . ' value="' . $row['fps'] . '">' . $row['fps'] . '</option>'; } $s .= '</select>'; return $s; }
function delete_challenge_cascading($id) { if (!is_valid_id($id)) { message_error('Invalid ID.'); } try { db_begin_transaction(); db_delete('challenges', array('id' => $id)); db_delete('submissions', array('challenge' => $id)); db_delete('hints', array('challenge' => $id)); $files = db_select_all('files', array('id'), array('challenge' => $id)); foreach ($files as $file) { delete_file($file['id']); } db_end_transaction(); } catch (PDOException $e) { db_rollback_transaction(); log_exception($e); } }
<?php $rows = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", "domain_id='" . $_POST['domain_id'] . "' ORDER BY id DESC"); if (count($rows) > 0) { $users = array(); $pages = array(); $dict_user = array(); $dict_page = array(); foreach ($rows as $row) { // extract mouse features $mf = new MouseFeat(array('x' => $row['coords_x'], 'y' => $row['coords_y'], 'c' => $row['clicks'], 'f' => $row['fps'], 'w' => $row['vp_width'], 'h' => $row['vp_height'])); // and use (some of) those features to cluster user behaviors (more features lead to slower computation!) $users[] = array($mf->time, $mf->numClicks, $mf->activity, $mf->distance['x'], $mf->scrollReach['y']); // those behaviors may belong to different pages $cache = db_select(TBL_PREFIX . TBL_CACHE, "url", "id = '" . $row['cache_id'] . "'"); $url = $cache['url']; // check whether URLs should be merged (just remove query string) if (db_option(TBL_PREFIX . TBL_CMS, "mergeCacheUrl")) { $urlparts = explode("?", $url); $url = $urlparts[0]; } if (isset($pages[$url])) { $pages[$url] += 1; } else { $pages[$url] = 1; } $dict_user[] = $row['id']; $dict_page[] = $url; } $n = count($pages); $k = ceil(sqrt($n / 2));
$coordsY = $log['coords_y']; $hovered = $log['hovered']; $clicked = $log['clicked']; $replaytime = count(explode(",", $clicks)) / $fps; // $log['sess_time'] is approximate $hn = new Hypernote($_GET['id'], $_SESSION['login']); $hypernotes = $hn->getData(false); // build JavaScript object $JSON[] = '{' . '"id": ' . $_GET['id'] . ', ' . '"xcoords": [' . $coordsX . '], ' . '"ycoords": [' . $coordsY . '], ' . '"clicks": [' . $clicks . '], ' . '"timestamp": "' . $timestamp . '", ' . '"hypernotes": ' . json_encode($hypernotes) . ', ' . '"wprev": ' . $log['vp_width'] . ', ' . '"hprev": ' . $log['vp_height'] . ', ' . '"time": ' . $replaytime . '' . '}'; } else { if (!empty($_GET['pid'])) { // get page identifier $pgid = (int) $_GET['pid']; // merge logs? $qadd = db_option(TBL_PREFIX . TBL_CMS, "mergeCacheUrl") ? get_cache_common_url($pgid) : null; $logs = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", "cache_id = '" . $pgid . "'" . $qadd); // layout type is common to grouped logs $cache = db_select(TBL_PREFIX . TBL_CACHE, "layout", "id = '" . $pgid . "'"); $layoutType = $cache['layout']; $sampleSize = db_option(TBL_PREFIX . TBL_CMS, "maxSampleSize"); if ($sampleSize > 0) { $keys = array_rand($logs, $sampleSize); } // group metrics $hovered = ""; $clicked = ""; foreach ($logs as $i => $log) { if (isset($keys) && !in_array($i, $keys)) { continue; } $vpw = (int) $log['vp_width'];
menu_management(); check_server_configuration(); $categories = db_query_fetch_all('SELECT * FROM categories ORDER BY title'); if (empty($categories)) { message_generic('Welcome', 'Your CTF is looking a bit empty! Start by adding a category using the menu above.'); } section_subhead('CTF Overview', '<a href="' . CONFIG_SITE_ADMIN_URL . 'visualise">Visualise challenge availability</a>', false); foreach ($categories as $category) { echo ' <h4> ', htmlspecialchars($category['title']), ' <a href="edit_category.php?id=', htmlspecialchars($category['id']), '" class="btn btn-xs btn-primary">Edit category</a> <a href="new_challenge.php?category=', htmlspecialchars($category['id']), '" class="btn btn-xs btn-primary">Add challenge</a> </h4> '; $challenges = db_select_all('challenges', array('id', 'title', 'description', 'exposed', 'available_from', 'available_until', 'points'), array('category' => $category['id']), 'points ASC'); if (empty($challenges)) { message_inline_blue('This category is empty! Use the link above to add a challenge.'); } else { echo ' <table class="table table-striped table-hover"> <thead> <tr> <th>Title</th> <th>Description</th> <th class="center">Points</th> <th class="center">Visibility</th> <th class="center">Manage</th> </tr> </thead> <tbody>
if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) { // write out hints if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) { $hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id'])); foreach ($hints as $hint) { message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false); } cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']); } if ($remaining_submissions) { if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) { message_inline_blue('Your submission is awaiting manual marking.'); } // write out files if (cache_start(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES)) { $files = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['id'])); if (count($files)) { print_attachments($files); } cache_end(CONST_CACHE_NAME_FILES . $challenge['id']); } echo ' <div class="challenge-submit"> <form method="post" class="form-flag" action="actions/challenges"> <textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea> <input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" /> <input type="hidden" name="action" value="submit_flag" />'; form_xsrf_token(); if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) { display_captcha(); }