public function execute()
{
$back = '';
$write = false;
if (true === isset($_GET['delete'])) {
$write = true;
if (false === GWF_PageLinks::deleteLink($_GET['delete'])) {
$back .= $this->module->error('err_deleting_failed');
}
}
if (true === isset($_POST['add'])) {
$url = Common::getPostString('url');
$href = Common::getPostString('href');
if ('' !== $url && '' !== $href) {
if ($url[0] === '/') {
$url = substr($url, 1);
}
if (true === GWF_PB_Rewrites::matchURL(Common::substrUntil(GWF_PB_Rewrites::replaceRewriteURL($url), '/'))) {
$back .= $this->module->error('err_url_exists');
} else {
$write = true;
GWF_PageLinks::insertLink($url, $href);
}
} else {
$back .= $this->module->error('err_parame');
}
}
if (true === $write && false === $this->module->writeHTA()) {
$back .= $this->module->error('err_htaccess_writing');
}
return $back . $this->templateLinks();
}
public function isFlooding()
{
$uid = GWF_Session::getUserID();
$uname = GWF_Shoutbox::generateUsername();
$euname = GDO::escape($uname);
$table = GDO::table('GWF_Shoutbox');
$max = $uid === 0 ? $this->module->cfgMaxPerDayGuest() : $this->module->cfgMaxPerDayUser();
// $cut = GWF_Time::getDate(GWF_Time::LEN_SECOND, time()-$this->module->cfgTimeout());
// $cnt = $table->countRows("shout_uname='$euname' AND shout_date>'$cut'");
# Check captcha
if ($this->module->cfgCaptcha()) {
require_once GWF_CORE_PATH . 'inc/3p/Class_Captcha.php';
if (!PhpCaptcha::Validate(Common::getPostString('captcha'), true)) {
return GWF_HTML::err('ERR_WRONG_CAPTCHA');
}
}
# Check date
$timeout = $this->module->cfgTimeout();
$last_date = $table->selectVar('MAX(shout_date)', "shout_uid={$uid} AND shout_uname='{$euname}'");
$last_time = $last_date === NULL ? 0 : GWF_Time::getTimestamp($last_date);
$next_time = $last_time + $timeout;
if ($last_time + $timeout > time()) {
return $this->module->error('err_flood_time', array(GWF_Time::humanDuration($next_time - time())));
}
# Check amount
$today = GWF_Time::getDate(GWF_Date::LEN_SECOND, time() - $timeout);
$count = $table->countRows("shout_uid={$uid} AND shout_date>='{$today}'");
if ($count >= $max) {
return $this->module->error('err_flood_limit', array($max));
}
# All fine
return false;
}
public function execute()
{
# Plaintext if called directly
if ($_GET['mo'] . '_' . $_GET['me'] === __CLASS__) {
$_GET['ajax'] = 1;
}
# The navigation called should have pid == 0
$name = Common::getPostString('navigation', 'PageMenu');
# Select all subnavigations from $name
$id = GWF_Navigations::getIdByName($name);
if (false === ($selects = GDO::table('GWF_Navigations')->selectAll('navis_id', 'navis_pid=' . $id))) {
//$this->module->error();
$selects = array();
}
$navis = array();
foreach ($selects as $n) {
if (false === ($navi = $this->getNavigation($n['navis_id']))) {
# Should not happen
$this->module->error(sprintf('Navigation: could not add navigation with id %s', $n['navis_id']));
$navi = array();
}
$navis[] = $navi;
}
$tVars = array('navis' => $navis);
return $this->templateShow($this->_tpl, $tVars);
}
public function validate_password2($chall, $arg)
{
if (Common::getPostString('password1') !== $arg) {
return $chall->lang('err_retype');
}
return false;
}
public function getForm()
{
$langid = Common::getPostString('langid', GWF_Language::getEnglish()->getID());
require_once GWF_CORE_PATH . 'module/Category/GWF_CategorySelect.php';
//key => array(TYPE, default, text, classname)
// GWF_Language::setShowSupported(true);
$data = array('langid' => array(GWF_Form::SELECT, GWF_LangSelect::single(GWF_Language::SUPPORTED, 'langid', $langid), $this->module->lang('th_langid')), 'catid' => array(GWF_Form::SELECT, GWF_CategorySelect::single('catid', Common::getPostString('catid', '1'), 0), $this->module->lang('th_category')), 'title' => array(GWF_Form::STRING, '', $this->module->lang('th_title')), 'message' => array(GWF_Form::MESSAGE, '', $this->module->lang('th_message')), 'div1' => array(GWF_Form::DIVIDER), 'div2' => array(GWF_Form::DIVIDER), 'preview' => array(GWF_Form::SUBMIT, $this->module->lang('btn_preview'), ''), 'add' => array(GWF_Form::SUBMIT, $this->module->lang('btn_add'), ''));
return new GWF_Form($this, $data);
}
public function execute()
{
if (false === ($order = GWF_Order::getByToken(Common::getPostString('gwf_token')))) {
return $this->module->error('err_order');
}
if (!$order->isCreated()) {
return $this->module->error('err_order');
}
$gdo = $order->getOrderData();
$user = $order->getOrderUser();
# GWF_User::getStaticOrGuest();
/* The servername and serverport tells PayPal where the buyer
should be directed back to after authorizing payment.
In this case, its the local webserver that is running this script
Using the servername and serverport, the return URL is the first
portion of the URL that buyers will return to after authorizing payment
*/
/* The returnURL is the location where buyers return when a
payment has been succesfully authorized.
The cancelURL is the location buyers are sent to when they hit the
cancel button during authorization of payment during the PayPal flow
*/
$successURL = urlencode($this->get2ndStepURL($order, $gdo));
$cancelURL = urlencode(Common::getAbsoluteURL($gdo->getOrderCancelURL($user), false));
$shipping = $gdo->needsShipping($user) ? '0' : '1';
/* Construct the parameter string that describes the PayPal payment
the varialbes were set in the web form, and the resulting string
is stored in $nvpstr
*/
$paymentAmount = $order->getOrderPriceTotal(2);
$paymentType = "Sale";
$currencyCodeType = $order->getOrderCurrency();
$nvpstr = "&Amt={$paymentAmount}" . "&PAYMENTACTION={$paymentType}" . "&ReturnUrl={$successURL}" . "&CANCELURL={$cancelURL}" . "&CURRENCYCODE={$currencyCodeType}" . "&no_shipping={$shipping}" . "&LOCALECODE=" . strtoupper(GWF_Language::getCurrentISO());
// var_dump($nvpstr);
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray = Paypal_Util::hash_call('SetExpressCheckout', $nvpstr);
// var_dump($resArray);
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
// Redirect to paypal.com here
$token = urldecode($resArray["TOKEN"]);
if (false === $order->saveVar('order_xtoken', $token)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$payPalURL = PAYPAL_URL . $token;
header("Location: " . $payPalURL);
echo 'The browser should redirect you to: ' . $payPalURL . PHP_EOL;
die;
} else {
return Paypal_Util::paypalError($resArray);
}
}
public function getForm(WC_Site $site, $is_admin)
{
$data = array();
$data['site_name'] = array(GWF_Form::STRING, $site->getVar('site_name'), $this->module->lang('th_site_name'));
if ($is_admin) {
$data['site_classname'] = array(GWF_Form::STRING, $site->getVar('site_classname'), $this->module->lang('th_site_classname'));
$data['site_basescore'] = array(GWF_Form::INT, $site->getVar('site_basescore'), $this->module->lang('th_site_basescore'));
$data['site_usercount'] = array(GWF_Form::INT, $site->getVar('site_usercount'), $this->module->lang('th_site_usercount'));
$data['site_challcount'] = array(GWF_Form::INT, $site->getVar('site_challcount'), $this->module->lang('th_site_challcount'));
$data['site_powarg'] = array(GWF_Form::INT, $site->getVar('site_powarg'), $this->module->lang('th_site_powarg'));
$data['site_spc'] = array(GWF_Form::INT, $site->getVar('site_spc'), $this->module->lang('th_site_spc'));
$data['site_color'] = array(GWF_Form::STRING, $site->getVar('site_color'), $this->module->lang('th_site_color'));
}
$data['site_status'] = array(GWF_Form::SELECT, $this->getStatusSelect($site), $this->module->lang('th_site_status'));
$data['no_urlencode'] = array(GWF_Form::CHECKBOX, $site->isOptionEnabled(WC_Site::NO_URLENCODE), $this->module->lang('th_no_urlencode'));
$data['auto_update'] = array(GWF_Form::CHECKBOX, $site->hasAutoUpdate(), $this->module->lang('th_autoupdate'));
$data['onsite_rank'] = array(GWF_Form::CHECKBOX, $site->hasOnSiteRank(), $this->module->lang('th_site_has_osr'));
$data['default_hide'] = array(GWF_Form::CHECKBOX, $site->isDefaultHidden(), $this->module->lang('th_default_hide'));
if ($is_admin) {
$data['linear'] = array(GWF_Form::CHECKBOX, $site->isLinear(), $this->module->lang('th_linear'));
}
$data['div0'] = array(GWF_Form::DIVIDER);
if ($is_admin) {
$data['divi0'] = array(GWF_Form::HEADLINE, $this->module->lang('pi_site_tags', array($site->displayTags(true))));
$data['site_tags'] = array(GWF_Form::STRING, $site->getVar('site_tags'), $this->module->lang('th_site_tags'));
}
$data['site_country'] = array(GWF_Form::SELECT, GWF_CountrySelect::single('site_country', Common::getPostString('site_country', $site->getCountryID())), $this->module->lang('th_site_country2'));
if ($is_admin) {
$data['site_language'] = array(GWF_Form::SELECT, GWF_LangSelect::single(0, 'site_language', $site->getLangID()), $this->module->lang('th_site_language2'));
}
if ($is_admin) {
$data['site_joindate'] = array(GWF_Form::STRING, $site->getVar('site_joindate'), $this->module->lang('th_site_joindate'), '', GWF_Date::LEN_SECOND);
}
$data['site_launchdate'] = array(GWF_Form::DATE, $site->getVar('site_launchdate'), $this->module->lang('th_site_launchdate'), '', GWF_Date::LEN_DAY);
if ($is_admin) {
$data['site_authkey'] = array(GWF_Form::STRING, $site->getVar('site_authkey'), $this->module->lang('th_site_authkey'));
}
$data['site_xauthkey'] = array(GWF_Form::STRING, $site->getVar('site_xauthkey'), $this->module->lang('th_site_xauthkey'));
$data['site_irc'] = array(GWF_Form::STRING, $site->getVar('site_irc'), $this->module->lang('th_site_irc'));
$data['div2'] = array(GWF_Form::DIVIDER);
$data['div3'] = array(GWF_Form::HEADLINE, $this->module->lang('pi_site_urls'));
$data['site_url'] = array(GWF_Form::STRING, $site->getVar('site_url'), $this->module->lang('th_site_url'));
$data['site_url_mail'] = array(GWF_Form::STRING, $site->getVar('site_url_mail'), $this->module->lang('th_site_url_mail'));
$data['site_url_score'] = array(GWF_Form::STRING, $site->getVar('site_url_score'), $this->module->lang('th_site_url_score'));
$data['site_url_profile'] = array(GWF_Form::STRING, $site->getVar('site_url_profile'), $this->module->lang('th_site_url_profile'));
$data['div4'] = array(GWF_Form::DIVIDER);
$data['div5'] = array(GWF_Form::HEADLINE, $this->l('pi_warboxes'));
$data['no_v1'] = array(GWF_Form::CHECKBOX, $site->isNoV1(), $this->l('th_no_v1'), $this->l('tt_no_v1'));
// $data['warenbl'] = array(GWF_Form::CHECKBOX, $site->isWarBox(), $this->l('th_warbox'));
// $data['warhost'] = array(GWF_Form::STRING, $site->getWarHost(), $this->l('th_warhost'));
// $data['warport'] = array(GWF_Form::INT, $site->getWarPort(), $this->l('th_warport'));
// $data['warscrd'] = array(GWF_Form::INT, $site->getWarReduceScore(), $this->l('th_war_score_reduce'));
// $data['site_description'] = array(GWF_Form::MESSAGE, $site->getVar('site_description'), $this->module->lang('th_site_description'));
$data['edit'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_edit_site'));
return new GWF_Form($this, $data);
}
public function getForm()
{
$user = GWF_Session::getUser();
$user_email = $user->getVar('user_email');
# SECURITY
$data = array('username' => array(GWF_Form::SSTRING, $user->getVar('user_name'), $this->module->lang('th_username')), 'email' => array(GWF_Form::STRING, $user_email, $this->module->lang('th_email')));
### Email set but not approved.
if ($user_email !== '' && !$user->hasValidMail()) {
$data['approvemail'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_approvemail'), $this->module->lang('th_approvemail'));
}
// DEMOGRAPHICS
$data['div1'] = array(GWF_Form::HEADLINE, $this->module->lang('th_demo', array(GWF_Time::humanDuration($this->module->cfgChangeTime()), 1)));
$data['countryid'] = array(GWF_Form::SELECT, $user->getCountrySelect('countryid'), $this->module->lang('th_countryid'));
$data['langid'] = array(GWF_Form::SELECT, GWF_LangSelect::single(0, 'langid', Common::getPostString('langid', $user->getVar('user_langid'))), $this->module->lang('th_langid'));
$data['langid2'] = array(GWF_Form::SELECT, GWF_LangSelect::single(0, 'langid2', Common::getPostString('langid2', $user->getVar('user_langid2'))), $this->module->lang('th_langid2'));
$data['birthdate'] = array(GWF_Form::DATE, $user->getVar('user_birthdate'), $this->module->lang('th_birthdate'), '', GWF_Date::LEN_DAY);
if ($this->module->cfgShowGender()) {
$data['gender'] = array(GWF_Form::SELECT, $user->getGenderSelect(), $this->module->lang('th_gender'));
}
// OPTIONS
$data['div2'] = array(GWF_Form::HEADLINE, $this->module->lang('th_flags'));
$data['email_fmt'] = array(GWF_Form::SELECT, $this->selectEMailFormat($user), $this->module->lang('th_email_fmt'));
if ($this->module->cfgShowCheckboxes()) {
$data['online'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::HIDE_ONLINE), $this->module->lang('th_online'));
$data['record_ips'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::RECORD_IPS), $this->module->lang('th_record_ips', array($this->module->getMethodURL('Access'))), $this->module->lang('tt_record_ips'));
$data['alert_uas'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::ALERT_UAS), $this->module->lang('th_alert_uas'), $this->module->lang('tt_alert_uas'));
$data['alert_ips'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::ALERT_IPS), $this->module->lang('th_alert_ips'), $this->module->lang('tt_alert_ips'));
$data['alert_isps'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::ALERT_ISPS), $this->module->lang('th_alert_isps'), $this->module->lang('tt_alert_isps'));
$data['show_bday'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::SHOW_BIRTHDAY), $this->module->lang('th_show_bday'));
$data['show_obday'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::SHOW_OTHER_BIRTHDAYS), $this->module->lang('th_show_obday'));
$data['show_email'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::SHOW_EMAIL), $this->module->lang('th_show_email'));
$data['allow_email'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::ALLOW_EMAIL), $this->module->lang('th_allow_email'));
}
if ($this->module->cfgShowAdult()) {
if (GWF_Time::getAge($user->getVar('user_birthdate')) >= $this->module->cfgAdultAge()) {
$data['adult'] = array(GWF_Form::CHECKBOX, $user->isOptionEnabled(GWF_User::WANTS_ADULT), $this->module->lang('th_adult'));
}
}
if ($this->module->cfgUseAvatar()) {
// Avatar
if ($user->isOptionEnabled(GWF_User::HAS_AVATAR)) {
$data['avatar'] = array(GWF_Form::HEADLINE, $user->displayAvatar(), $this->module->lang('th_avatar'));
$data['drop_avatar'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_drop_avatar'), '');
} else {
$data['avatar'] = array(GWF_Form::FILE_OPT, '', $this->module->lang('th_avatar'));
}
}
$data['divpw'] = array(GWF_Form::HEADLINE, $this->module->lang('th_change_pw', array('recovery')));
// BTN
$buttons = array('change' => $this->module->lang('btn_submit'), 'delete' => $this->module->lang('btn_delete'));
// $data['change'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_submit'), '');
$data['buttons'] = array(GWF_Form::SUBMITS, $buttons);
return new GWF_Form($this, $data);
}
private function onSolve($answer)
{
if (false === ($flag = WC_Warflag::getByWarboxAndID($this->box, Common::getPostString('wfid')))) {
return $this->module->error('err_warflag');
}
if (false === ($solver = $this->module->getMethod('Warsolve'))) {
return GWF_HTML::err('ERR_METHOD_MISSING', array('Warsolve', 'WeChall'));
}
$solver instanceof WeChall_Warsolve;
return $solver->onAnswer($flag, $answer);
}
private function onEdit(WC_Challenge $chall)
{
$form = $this->getForm($chall);
if (false !== ($error = $form->validate($this->module))) {
return $error;
}
$msgs = '';
$wc = WC_Site::getWeChall();
# Solution
$is_case_i = isset($_POST['case_i']);
if ('' !== ($solution = Common::getPostString('solution', ''))) {
if (false === $chall->saveVar('chall_solution', $chall->hashSolution($solution, $is_case_i))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
}
# CASE_I
$case_i = WC_Challenge::CHALL_CASE_I;
if ($chall->isOptionEnabled($case_i) !== $is_case_i) {
if (false === $chall->saveOption($case_i, $is_case_i)) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
}
# Save score
$new_score = $form->getVar('score');
$old_score = $chall->getVar('chall_score');
if ($new_score !== $old_score) {
if (!WC_Challenge::isValidScore($new_score)) {
$msgs .= $this->module->error('err_chall_score', array($new_score, WC_Challenge::MIN_SCORE, WC_Challenge::MAX_SCORE));
}
if (false === $chall->saveVar('chall_score', $new_score)) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === $wc->saveVar('site_maxscore', WC_Challenge::getMaxScore())) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$wc->recalcSite();
}
# URL+Title (dangerous)
if (false === $chall->saveVars(array('chall_url' => $form->getVar('url'), 'chall_title' => $form->getVar('title')))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
# Creator:
if (false === $chall->updateCreators($form->getVar('creators'))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
# Tags:
if (false === $chall->saveVar('chall_tags', trim($form->getVar('tags'), ' ,'))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
Module_WeChall::instance()->cacheChallTags();
# Done
return $msgs . $this->module->message('msg_chall_edited');
}
public static function checkSolution(WC_Challenge $chall, $random, $letters_only = false, $lowercase = false, $length = 12)
{
if (false === ($answer = Common::getPostString('answer', false))) {
return;
}
$solution = self::generateSolution($random, $letters_only, $lowercase, $length);
if ($lowercase) {
$answer = strtolower($answer);
}
$chall->setVar('chall_solution', WC_Challenge::hashSolution($solution, $lowercase));
$chall->onSolve(GWF_Session::getUser(), $answer);
}
public static function select(Module_PageBuilder $module, $sel = true)
{
$sel = $sel === true ? Common::getPostString('type', '0') : $sel;
$data = array(array('0', $module->lang('sel_type')));
if ($module->isAuthor(GWF_User::getStaticOrGuest())) {
$data[] = array(GWF_Page::SMARTY, $module->lang('type_smarty'));
$data[] = array(GWF_Page::HTML, $module->lang('type_html'));
} else {
$sel = GWF_Page::BBCODE;
}
$data[] = array(GWF_Page::BBCODE, $module->lang('type_bbcode'));
return GWF_Select::display('type', $data, $sel);
}
public function execute()
{
$this->module->includeClass('WC_Warbox');
$this->module->includeClass('WC_Warflag');
$this->module->includeClass('WC_Warflags');
$this->module->includeClass('sites/warbox/WCSite_WARBOX');
if (isset($_POST['wc_boxes_quickjump'])) {
$_GET['boxid'] = Common::getPostString('wc_boxes_quickjump');
}
if (false === ($this->box = WC_Warbox::getByID(Common::getGetString('boxid')))) {
return $this->module->error('err_warbox');
}
return $this->templatePlayers();
}
public static function validate_title(Module_Helpdesk $m, $arg)
{
if ($arg === '0') {
return $m->lang('err_title');
}
if ($arg === 'other') {
return self::validate_other($m, Common::getPostString('other', ''));
}
$titles = self::getTitles();
if (!isset($titles[$arg])) {
return $m->lang('err_title');
}
return false;
}
private function getParentSelect(GWF_Category $cat)
{
$id = $cat->getID();
$group = $cat->getEscaped('cat_group');
$data = array(array('0', $this->module->lang('sel_parent')));
$table = GDO::table('GWF_Category');
if (false !== ($result = $table->select('cat_tree_id, cat_tree_key', "cat_group='{$group}' AND cat_tree_id != {$id}"))) {
while (false !== ($row = $table->fetch($result, GDO::ARRAY_N))) {
$data[] = $row;
}
$table->free($result);
}
return GWF_Select::display('parent', $data, Common::getPostString('parent', $cat->getParentID()));
}
function dldc_update_profile(DLDC_User $user, $password)
{
$data = array('email' => trim(Common::getPostString('email')), 'firstname' => trim(Common::getPostString('firstname')), 'lastname' => trim(Common::getPostString('lastname')));
if (!empty($password)) {
if (!DLDC_User::login(dldc_username(), Common::getPostString('password_old'))) {
return dldc_error('You have to supply your current password to change it.');
}
if ($password !== Common::getPostString('password_retype')) {
return dldc_error('You have to retype your new password correctly.');
}
$data['password'] = DLDC_User::hashPassword($password);
dldc_message('Your password has been changed!');
}
$user->saveVars($data);
dldc_message('Information has been saved.');
}
private function getPollSelect()
{
if (false === ($mv = GWF_Module::getModule('Votes'))) {
return GWF_HTML::lang('ERR_MODULE_MISSING', array('Votes'));
}
$uid = GWF_Session::getUserID();
if (false === ($polltable = GDO::table('GWF_VoteMulti'))) {
return GWF_HTML::lang('ERR_MODULE_MISSING', array('Votes'));
}
$polls = $polltable->selectAll('vm_id, vm_title', "vm_uid={$uid}", 'vm_title ASC', NULL, -1, -1, GDO::ARRAY_N);
$data = array(array('0', $this->module->lang('sel_poll')));
foreach ($polls as $poll) {
$data[] = $poll;
// $data[] = $poll;array($poll[0], $poll->getVar('vm_title'), );
}
return GWF_Select::display('pollid', $data, Common::getPostString('pollid', '0'));
}
private function getForm()
{
$tags = Common::getPostString('link_tags', Common::getGet('tag'));
$data = array('link_lang' => array(GWF_Form::SELECT, GWF_LangSelect::single(GWF_LangSelect::TYPE_SUPPORTED, 'link_lang'), $this->module->lang('th_link_lang')), 'link_score' => array(GWF_Form::STRING, '0', $this->module->lang('th_link_score'), $this->module->lang('tt_link_score')), 'link_gid' => array(GWF_Form::SELECT, GWF_GroupSelect::single('link_gid'), $this->module->lang('th_link_gid'), $this->module->lang('tt_link_gid')), 'tag_info' => array(GWF_Form::HEADLINE, '', $this->module->lang('info_tag')), 'known_tags' => array(GWF_Form::HEADLINE, '', $this->collectTags()), 'link_tags' => array(GWF_Form::STRING, $tags, $this->module->lang('th_link_tags')), 'div1' => array(GWF_Form::DIVIDER), 'link_href' => array(GWF_Form::STRING, '', $this->module->lang('th_link_href'), $this->module->lang('tt_link_href')), 'link_descr' => array(GWF_Form::STRING, '', $this->module->lang('th_link_descr')));
if ($this->module->cfgLongDescription()) {
$data['link_descr2'] = array(GWF_Form::MESSAGE, '', $this->module->lang('th_link_descr2'));
}
$data['link_options&' . GWF_Links::MEMBER_LINK] = array(GWF_Form::CHECKBOX, isset($_POST['link_options&' . GWF_Links::MEMBER_LINK]), $this->module->lang('th_link_options&' . GWF_Links::MEMBER_LINK));
if (GWF_User::isLoggedIn()) {
$data['link_options&' . GWF_Links::UNAFILIATE] = array(GWF_Form::CHECKBOX, isset($_POST['link_options&' . GWF_Links::UNAFILIATE]), $this->module->lang('th_link_options&' . GWF_Links::UNAFILIATE));
$data['link_options&' . GWF_Links::ONLY_PRIVATE] = array(GWF_Form::CHECKBOX, isset($_POST['link_options&' . GWF_Links::ONLY_PRIVATE]), $this->module->lang('th_link_options&' . GWF_Links::ONLY_PRIVATE));
}
if (!GWF_Session::isLoggedIn() && $this->module->cfgGuestCaptcha()) {
$data['captcha'] = array(GWF_Form::CAPTCHA);
}
$data['buttons'] = array(GWF_Form::SUBMITS, array('preview' => $this->module->lang('btn_preview'), 'add' => $this->module->lang('btn_add')));
return new GWF_Form($this, $data);
}
function ttr2_submit(WC_Challenge $chall)
{
if ('' === ($answer = Common::getPostString('answer', ''))) {
return;
}
$sessid = GWF_Session::getSessSID();
# First check all "custom" solutions
$solutions = TTR2_Tokens::getSolutions($sessid);
foreach ($solutions as $solution) {
if ($solution['ttr_token'] === $answer) {
echo GWF_HTML::message($chall->lang('title'), $chall->lang('msg_reset_own', array(htmlspecialchars($solution['ttr_email']))));
return;
}
}
# Now lets check "THE" solution
$solution = TTR2_Tokens::getSolution($sessid);
$chall->setSolution($solution['ttr_token']);
$chall->onSolve(GWF_User::getStaticOrGuest(), $answer);
}
public function onLogin($doValidate = true)
{
require_once GWF_CORE_PATH . 'module/Login/GWF_LoginFailure.php';
$isAjax = isset($_GET['ajax']);
$form = $this->getForm();
if ($doValidate) {
if (false !== ($errors = $form->validate($this->module, $isAjax))) {
if ($isAjax) {
return $errors;
} else {
return $errors . $this->form();
}
}
}
$username = Common::getPostString('username');
$password = Common::getPostString('password');
$users = GDO::table('GWF_User');
if (false === ($user = $users->selectFirstObject('*', sprintf('user_name=\'%s\' AND user_options&%d=0', $users->escape($username), GWF_User::DELETED)))) {
if ($isAjax) {
return $this->module->error('err_login');
} else {
return $this->module->error('err_login') . $this->form();
}
} elseif (true !== ($error = $this->checkBruteforce($user, $isAjax))) {
if ($isAjax) {
return $error;
} else {
return $error . $this->form();
}
} elseif (false === GWF_Hook::call(GWF_HOOK::LOGIN_PRE, $user, array($password, ''))) {
return '';
#GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__));
} elseif (false === GWF_Password::checkPasswordS($password, $user->getVar('user_password'))) {
if ($isAjax) {
return $this->onLoginFailed($user, $isAjax);
} else {
return $this->onLoginFailed($user, $isAjax) . $this->form();
}
}
GWF_Password::clearMemory('password');
return $this->onLoggedIn($user, $isAjax);
}
function dldc_reqister($username, $password, $email, $firstname, $lastname)
{
if (!dldc_is_valid_username($username)) {
dldc_error('Invalid username. Start with a letter and then add 2-23 digits, letters or underscores.');
} elseif (!dldc_is_valid_password($password)) {
dldc_error('Your password is not secure enough for this service.');
} elseif ($password !== Common::getPostString('password_retype')) {
dldc_error('You have to confirm your password by retyping it.');
} elseif (empty($email)) {
dldc_error('Please fill in an email address.');
} else {
dldc_cleanup();
# DELETE YOUR OLD "PLAYER"!
if (!DLDC_User::create($username, $password, $email, $firstname, $lastname)) {
dldc_error('An error occured!');
} else {
dldc_message('You have been successfully registered!');
}
}
}
public function onZipB()
{
# No ZIP extension?
if (!class_exists('ZipArchive', false)) {
return $this->module->error('err_no_zip');
}
// require_once 'core/inc/util/GWF_ZipArchive.php';
# Post Vars
if ('' === ($styles = Common::getPostString('style', ''))) {
return $this->module->error('err_no_design');
}
$this->style = explode(',', $styles);
$this->style[] = 'default';
$this->style[] = 'install';
unset($_POST['style']);
unset($_POST['zipper']);
$back = $this->onZipC();
chdir(GWF_WWW_PATH);
return $back;
}
public static function single($name, $selected = true, $allow_empty = true, $own_groups_only = true)
{
$user = GWF_User::getStaticOrGuest();
if (false === ($groups = GDO::table('GWF_Group')->select('group_id, group_name'))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if ($selected === true) {
$selected = Common::getPostString($name, '0');
}
$data = array();
if ($allow_empty) {
$data[] = array('0', GWF_HTML::lang('sel_group'));
}
while (false !== ($group = GDO::table('GWF_Group')->fetch($groups, GDO::ARRAY_N))) {
if ($own_groups_only && !$user->isInGroupName($group[1])) {
continue;
}
$data[] = $group;
}
return GWF_Select::display($name, $data, $selected);
}
/**
* Return a single html select for languages.
* @param int $bitmask
* @param string $name param name
* @param mixed $selected
* @param string $text
*/
public static function single($bitmask = 0, $name = 'language', $selected = true, $text = true)
{
$db = gdo_db();
$table = GDO::table('GWF_Language');
$bitmask = (int) $bitmask;
if (false === ($result = $table->select('lang_id, lang_name', "lang_options&{$bitmask}={$bitmask}"))) {
GWF_Error::err('ERR_DATABASE', array(__FILE__, __LINE__));
return '';
}
if ($selected === true) {
$selected = Common::getPostString($name, '0');
}
if ($text === true) {
$text = GWF_HTML::lang('sel_language');
}
$data = array(array('0', $text));
while (false !== ($row = $db->fetchRow($result))) {
$data[] = $row;
}
$db->free($result);
return GWF_Select::display($name, $data, Common::getPostString($name, $selected));
}
public function getForm()
{
$data = array('opt' => array(GWF_Form::VALIDATOR));
$buttons = array('add_opt' => $this->module->lang('btn_add_opt'), 'rem_opts' => $this->module->lang('btn_rem_opts'), 'create' => $this->module->lang('btn_create'));
$data['title'] = array(GWF_Form::STRING, '', $this->module->lang('th_title'));
$data['reverse'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_reverse'));
$data['multi'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_multi'));
$data['guests'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_guests'));
if (Module_Votes::mayAddGlobalPoll(GWF_Session::getUser())) {
$data['public'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_vm_public'));
}
$data['view'] = array(GWF_Form::SELECT, GWF_VoteMulti::getViewSelect($this->module, 'view', intval(Common::getPost('view', GWF_VoteMulti::SHOW_RESULT_VOTED))), $this->module->lang('th_mvview'));
$data['gid'] = array(GWF_Form::SELECT, GWF_GroupSelect::single('gid', Common::getPostString('gid', '0')), $this->module->lang('th_vm_gid'));
$data['level'] = array(GWF_Form::INT, '0', $this->module->lang('th_vm_level'));
$i = 1;
foreach (GWF_Session::getOrDefault(self::SESS_OPTIONS, array()) as $item) {
$data['opt[' . $i . ']'] = array(GWF_Form::STRING, $item, $this->module->lang('th_option', array($i)));
$i++;
}
$data['cmds'] = array(GWF_Form::SUBMITS, $buttons);
return new GWF_Form($this, $data);
}
private function formAdd()
{
$mod_cat = GWF_Module::loadModuleDB('Category', true, true);
$data = array();
$data['url'] = array(GWF_Form::STRING, '', $this->module->lang('th_url'));
$data['type'] = array(GWF_Form::SELECT, GWF_PageType::select($this->module), $this->module->lang('th_type'));
$data['lang'] = array(GWF_Form::SELECT, GWF_LangSelect::single(1, 'lang'), $this->module->lang('th_lang'));
$data['groups'] = array(GWF_Form::SELECT_A, GWF_GroupSelect::multi('groups', true, true, true), $this->module->lang('th_groups'));
$data['noguests'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_noguests'));
if ($this->is_author) {
$data['index'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_index'));
$data['follow'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_follow'));
$data['sitemap'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_in_sitemap'));
}
$data['title'] = array(GWF_Form::STRING, '', $this->module->lang('th_title'));
if ($mod_cat !== false) {
$data['cat'] = array(GWF_Form::SELECT, GWF_CategorySelect::single('cat', Common::getPostString('cat')), $this->module->lang('th_cat'));
}
$data['descr'] = array(GWF_Form::STRING, '', $this->module->lang('th_descr'));
$data['tags'] = array(GWF_Form::STRING, '', $this->module->lang('th_tags'));
$data['show_author'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_show_author'));
$data['show_similar'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_show_similar'));
$data['show_modified'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_show_modified'));
$data['show_trans'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_show_trans'));
$data['show_comments'] = array(GWF_Form::CHECKBOX, true, $this->module->lang('th_show_comments'));
if ($this->is_author) {
$data['home_page'] = array(GWF_Form::CHECKBOX, false, $this->module->lang('th_home_page'));
}
$data['file'] = array(GWF_Form::FILE_OPT, '', $this->module->lang('th_file'));
$data['upload'] = array(GWF_Form::SUBMIT, $this->module->lang('btn_upload'));
if ($this->is_author) {
$data['inline_css'] = array(GWF_Form::MESSAGE_NOBB, '', $this->module->lang('th_inline_css'));
}
$data['content'] = array(GWF_Form::MESSAGE_NOBB, '', $this->module->lang('th_content'));
$buttons = array('preview' => $this->module->lang('btn_preview'), 'add' => $this->module->lang('btn_add'));
$data['buttons'] = array(GWF_Form::SUBMITS, $buttons);
return new GWF_Form($this, $data);
}
private function getSiteSelect()
{
$data = array();
foreach (WC_Site::getSites('site_name ASC') as $site) {
$data[] = array($site->getID(), $site->getVar('site_name'));
}
return GWF_Select::display('site', $data, Common::getPostString('site', '0'));
}
<?php
require_once 'hg_wc3.php';
require_once 'hg_wc4.php';
require_once 'passwords.php';
chdir('../../');
define('GWF_PAGE_TITLE', 'WC Hashing Game');
require_once 'challenge/html_head.php';
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, '/challenge/hashgame/index.php', false);
}
$chall->showHeader();
if ('' !== ($answer = Common::getPostString('answer'))) {
hashgame_check_answer($chall, $answer, $list1, $list2);
}
if (false !== ($z = GWF_User::getByName('Z'))) {
$credits = $z->displayProfileLink();
} else {
$credits = 'Z';
}
echo GWF_Box::box($chall->lang('info', array('index.php?list=wc3', 'index.php?algo=wc3', 'index.php?list=wc4', 'index.php?algo=wc4', $credits)), $chall->lang('title'));
if (Common::getGetString('algo') === 'wc3') {
$code = sprintf('[PHP title=hg_wc3.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc3.php'));
echo GWF_Box::box(GWF_Message::display($code));
} elseif (Common::getGetString('algo') === 'wc4') {
$code = sprintf('[PHP title=hg_wc4.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc4.php'));
echo GWF_Box::box(GWF_Message::display($code));
}
if (Common::getGetString('list') === 'wc3') {
$content = '';
<?php
chdir('../../../');
define('GWF_PAGE_TITLE', 'Babbage and Coldplay');
require_once 'challenge/html_head.php';
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 3, 'challenge/ludde/babbage_and_coldplay/index.php', 'fe91bf59f3a2476d45f78ef00701a24b');
}
$chall->showHeader();
# -------------------------- #
if (false !== ($answer = Common::getPostString('answer', false))) {
$chall->onCheckSolution(md5(preg_replace('/[^a-z]/', '', strtolower($answer))));
}
# -------------------------- #
$href = 'babbage_and_coldplay.mp3';
echo GWF_Box::box($chall->lang('info', array($href)), $chall->lang('title'));
# -------------------------- #
echo formSolutionbox($chall);
# -------------------------- #
echo $chall->copyrightFooter();
require_once 'challenge/html_foot.php';
}
# And display the header
$chall->showHeader();
# Show mission box (translated)
echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t'));
# Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input.
if (phpself_checkit()) {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
# Show this file as highlighted sourcecode, if desired
if ('christmas' === Common::getGetString('highlight')) {
$msg = file_get_contents('challenge/yourself_php/index.php');
$msg = '[' . 'code=php title=index.php]' . $msg . '[' . '/code]';
echo GWF_Box::box(GWF_Message::display($msg));
}
# __This is the challenge:
if (isset($_POST['username'])) {
echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username'))));
}
echo '<div class="box box_c">' . PHP_EOL;
echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']) . PHP_EOL;
echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')) . PHP_EOL;
echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>') . PHP_EOL;
echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>') . PHP_EOL;
echo sprintf('</form>') . PHP_EOL;
echo '</div>' . PHP_EOL;
# __End of challenge
# Print Challenge Footer
echo $chall->copyrightFooter();
# Print end of website
require_once 'challenge/html_foot.php';
