die(file_get_contents('index.php')); } # Header chdir('../../../'); define('GWF_PAGE_TITLE', 'Training: RegexMini'); require_once 'challenge/html_head.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, 'challenge/training/regex2/index.php', false); } $chall->showHeader(); # Info box echo GWF_Box::box($chall->lang('info', array('index.php?show=source', 'index.php?highlight=christmas')), $chall->lang('title')); # Show highlighted src if (isset($_GET['highlight'])) { $source = '[PHP title=regex2/index.php]' . file_get_contents('challenge/training/regex2/index.php') . '[/PHP]'; echo GWF_Box::box(GWF_Message::display($source, true, false)); } # Submitted? if (isset($_POST['submit'])) { # Check it! $error = ludde_is_satisfied($chall); # Oooops! if ($error === true) { $chall->onChallengeSolved(GWF_Session::getUserID()); } elseif ($error === false) { echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('msg_ok', array($_POST['username'])), false); } else { echo GWF_HTML::error(GWF_PAGE_TITLE, $error, false); } } # Check it!
private function send(GWF_User $user) { $form = $this->form($user); if (false !== ($errors = $form->validate($this->module))) { return $errors . $this->template($user); } $u = GWF_User::getStaticOrGuest(); $sendermail = $u->getValidMail(); if ($sendermail === '') { $sendermail = Common::getPost('email'); } if ($sendermail === '') { $sendermail = GWF_HTML::lang('unknown'); } $sendermail = GWF_HTML::display($sendermail); $mail = new GWF_Mail(); $mail->setSender(GWF_BOT_EMAIL); $mail->setReceiver($user->getValidMail()); $mail->setReply($sendermail); $mail->setSubject($this->module->langUser($user, 'mail_subj_mail', $sendermail)); $mail->setBody($this->module->langUser($user, 'mail_subj_body', array($user->displayUsername(), $sendermail, GWF_Message::display($_POST['message'])))); if (false === $mail->sendToUser($user)) { return GWF_HTML::err('ERR_MAIL_SENT'); } return $this->module->message('msg_mailed', array($user->displayUsername())); }
public static function bbSmileyPath() { if (!isset(self::$bbSmileyPath)) { $path = sprintf('img/%s/smile/', GWF_ICON_SET); if (is_dir(GWF_WWW_PATH . $path)) { self::$bbSmileyPath = $path; } else { self::$bbSmileyPath = 'img/default/smile/'; } } return self::$bbSmileyPath; }
private function getItems(GWF_Language $lang) { $back = array(); $items = GWF_News::getNews($this->module->cfgFeedItemcount(), 0, 1, "news_date DESC", false); $langid = $lang->getID(); foreach ($items as $item) { $item instanceof GWF_News; $t = $item->getTranslationB($langid); $back[] = array('title' => $t['newst_title'], 'descr' => GWF_Message::display($t['newst_message'], true, false, false), 'guid' => Common::getAbsoluteURL($item->hrefShow($lang), false), 'link' => Common::getAbsoluteURL($item->hrefShow($lang), false), 'date' => $item->displayDate(), 'pub_date' => $item->rssDate()); } return $back; }
private function buildFAQRow($row) { $back = array(); $back['id'] = $row['hdf_id']; if ($row['hdf_tid'] > 0) { $faq = GWF_HelpdeskMsg::FAQ; $tid = $row['hdf_tid']; $back['q'] = $row['hdf_question']; $back['a'] = GDO::table('GWF_HelpdeskMsg')->selectColumn('hdm_message', "hdm_tid={$tid} and hdm_options&{$faq}", "hdm_date ASC"); foreach ($back['a'] as $i => $a) { $back['a'][$i] = GWF_Message::display($a); } $back['a'][] = GWF_Message::display($row['hdf_answer']); } else { $back['q'] = $row['hdf_question']; $back['a'] = array(GWF_Message::display($row['hdf_answer'])); } $back['href_edit'] = $this->module->getMethodURL('FAQEdit', '&faqid=' . $row['hdf_id']); return $back; }
?> <?php if (false === ($user = GWF_User::getByName(Common::getGet('username', '')))) { } if ($user !== false) { $userid = $user->getID(); if (false !== ($regat = WC_RegAt::getRegatRow($userid, $siteid))) { $max = $site->getOnsiteScore(); echo GWF_Box::box($tLang->lang('site_detail_uinfo', array($user->displayUsername(), $regat->getOnsiteScore(), $max, $site->displayName(), round($regat->getPercent($max), 2), WC_RegAt::calcExactSiteRank($user, $siteid), $site->calcScore($regat)))); } } ?> <div class="ib"><?php echo GWF_Box::box(GWF_Message::display($tVars['descr'])); ?> </div> <table> <thead> <tr> <th colspan="2" id="wc_site_detail_head"><?php echo $site->displayLogo(32, $tLang->lang('hover_logo', array($site->displayName()))) . $site->displayLink(); ?> </th> </tr> </thead> <?php if (GWF_User::isStaffS() || WC_SiteAdmin::isSiteAdmin(GWF_Session::getUserID(), $siteid)) { echo WC_HTML::tableRowForm($tLang->lang('ft_edit_site', array($site->displayName())), $site->getEditButton($tVars['module'], GWF_Session::getUser()));
die(file_get_contents('who.php')); } chdir('../../../'); define('GWF_PAGE_TITLE', 'What is your Name?'); require_once 'challenge/html_head.php'; require_once GWF_CORE_PATH . 'module/WeChall/WC_CryptoChall.php'; require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 5, 'challenge/Mawekl/what_is_your_name/index.php', false); } $chall->showHeader(); require_once 'challenge/Mawekl/what_is_your_name/solution.php'; what_is_your_name_check_solution($chall); $url1 = 'who.php'; $url2 = 'index.php?show=source'; $url3 = 'index.php?highlight=christmas'; $url4 = WC_Site::getByClassName('ST')->getURL(); $url4 = sprintf('<a href="%s" style="color: #eee;">Security Traps</a>', $url4); if (false === ($mawekl = GWF_User::getByName('Mawekl'))) { $mawekl = 'Mawekl'; } else { $mawekl = sprintf('<a href="%s">Mawekl</a>', $mawekl->getProfileHREF()); } $text = $chall->lang('info', array($mawekl, $url1, $url2, $url3, $url4)); htmlTitleBox($chall->lang('title'), $text); if (Common::getGetString('highlight') === 'christmas') { echo GWF_Message::display('[php title=who.php]' . file_get_contents('challenge/Mawekl/what_is_your_name/who.php') . '[/php]'); } formSolutionbox($chall); echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
public function displayMessage() { return GWF_Message::display($this->getVar('cmt_message')); }
<a class="gwf_newsbox_item" href="#newsid_<?php echo $news['news_id']; ?> "></a> <span class="gwf_newsbox_item"> <span class="gwf_newsbox_date"><?php echo GWF_Time::displayDate($news['news_date']); ?> </span> <span class="gwf_newsbox_author"><?php echo GWF_HTML::display($news['user_name']); ?> </span> <span class="gwf_newsbox_title"><?php echo GWF_HTML::display($news['newst_title']); ?> </span> <span class="gwf_newsbox_message"><?php echo GWF_Message::display($news['newst_message']); ?> </span> </span> <?php } ?> </span> </span> </span> </span>
$chall->showHeader(); if ('' !== ($answer = Common::getPostString('answer'))) { hashgame_check_answer($chall, $answer, $list1, $list2); } if (false !== ($z = GWF_User::getByName('Z'))) { $credits = $z->displayProfileLink(); } else { $credits = 'Z'; } echo GWF_Box::box($chall->lang('info', array('index.php?list=wc3', 'index.php?algo=wc3', 'index.php?list=wc4', 'index.php?algo=wc4', $credits)), $chall->lang('title')); if (Common::getGetString('algo') === 'wc3') { $code = sprintf('[PHP title=hg_wc3.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc3.php')); echo GWF_Box::box(GWF_Message::display($code)); } elseif (Common::getGetString('algo') === 'wc4') { $code = sprintf('[PHP title=hg_wc4.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc4.php')); echo GWF_Box::box(GWF_Message::display($code)); } if (Common::getGetString('list') === 'wc3') { $content = ''; $content .= GWF_Table::start(); foreach ($list1 as $plaintext) { $content .= GWF_Table::rowStart(); $content .= sprintf('<td style="font-family:monospace;">%s</td>', hashgame_wc3($plaintext)); $content .= GWF_Table::rowEnd(); } $content .= GWF_Table::end(); echo GWF_Box::box($content, $chall->lang('tt_list_wc3', array('index.php?algo=wc3&list=wc3'))); } elseif (Common::getGetString('list') === 'wc4') { $content = ''; $content .= GWF_Table::start(); foreach ($list2 as $plaintext) {
public function displaySignature() { if (false === ($pmo = GWF_PMOptions::getPMOptions($this->getSender()))) { return ''; } if ('' === ($signature = $pmo->getVar('pmo_signature'))) { return ''; } // $highlight = GDO::getQuickSearchHighlights(Common::getRequest('term')); $highlight = array(); return '<div class="gwf_signature">' . GWF_Message::display($signature, true, true, true, $highlight) . '</div>'; }
# -------------------------- # if (false !== ($answer = Common::getPostString('answer', false))) { require_once 'challenge/livinskull/smile/LIVIN_Smile.php'; $solution = LIVIN_Smile::getSolution(); if ($answer === $solution) { $chall->onChallengeSolved(GWF_Session::getUserID()); } else { echo WC_HTML::error('err_wrong'); } } # -------------------------- # $url1 = 'index.php?show=smile'; $url2 = 'index.php?highlight=smile'; $url3 = 'index.php?show=livin_smile'; $url4 = 'index.php?highlight=livin_smile'; $url5 = 'smile.php'; echo GWF_Box::box($chall->lang('info', array($url1, $url2, $url3, $url4, $url5)), $chall->lang('title')); # -------------------------- # if (false !== ($file = Common::getGetString('highlight', false))) { $files = array('smile' => 'smile.php', 'livin_smile' => 'LIVIN_Smile.php'); if (isset($files[$file])) { $content = file_get_contents("challenge/livinskull/smile/" . $files[$file]); $message = '[PHP]' . $content . '[/PHP]'; echo GWF_Box::box(GWF_Message::display($message), $files[$file]); } } # -------------------------- # echo formSolutionbox($chall); # -------------------------- # echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
public function displaySignature() { return '<div class="gwf_signature">' . GWF_Message::display($this->getVar('fopt_signature'), true, true) . '</div>'; }
public function displayMessage() { return GWF_Message::display($this->getVar('shout_message'), false, true, false); }
blightSetAttempt($attemp); } $url1 = 'index.php?show=source'; $url2 = 'index.php?highlight=christmas'; $url3 = 'index.php?reset=me'; $egg = 'On the run to the great gig.'; $egg = '<span style="color: #eee;">' . $egg . '</span>'; if (false !== ($dloser = GWF_User::getByName('dloser'))) { $dloser = $dloser->displayProfileLink(); } else { $dloser = 'dloser'; } $text = $chall->lang('info', array(BLIGHT2_ATTEMPS, BLIGHT2_CONSEC, $url1, $url2, $url3, $egg, $dloser)); htmlTitleBox($chall->lang('title'), $text); if (Common::getGetString('highlight') === 'christmas') { echo GWF_Message::display('[php title=vuln.php]' . file_get_contents('challenge/blind_lighter/vuln.php') . '[/php]'); } ?> <div class="box box_c"> <form method="post" action="index.php"> <div><?php echo $chall->lang('th_injection'); ?> : <input name="injection" type="text" value="" /></div> <div><input name="inject" type="submit" value="<?php echo $chall->lang('btn_inject'); ?> " /></div> </form> </div>
<?php chdir('../../'); define('GWF_PAGE_TITLE', 'Crappyshare'); require_once 'challenge/html_head.php'; require GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle('Crappyshare'))) { $chall = WC_Challenge::dummyChallenge('Crappyshare', 4, '/challenge/crappyshare/index.php', false); } $chall->showHeader(); $chall->onCheckSolution(); # Mission htmlTitleBox($chall->lang('title'), $chall->lang('info')); # Show This Code if ('code' === Common::getGet('show')) { $msg = '[CODE=PHP title=crappyshare.php]' . file_get_contents('challenge/crappyshare/crappyshare.php') . '[/CODE]'; echo GWF_Box::box(GWF_Message::display($msg, true, true, true)); } formSolutionbox($chall); echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
// { // echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('msg_logged_in', array($attemp))); // } // else // { // echo GWF_HTML::error(GWF_PAGE_TITLE, $chall->lang('err_login', array($attemp))); // } blightSetAttempt($attemp); } $url1 = 'index.php?show=source'; $url2 = 'index.php?highlight=christmas'; $url3 = 'index.php?reset=me'; $text = $chall->lang('info', array(BLIGHT4_ATTEMPS, BLIGHT4_CONSEC, $url1, $url2, $url3)); htmlTitleBox($chall->lang('title'), $text); if (Common::getGetString('highlight') === 'christmas') { echo GWF_Message::display('[php title=vuln.php]' . file_get_contents('challenge/Mawekl/are_you_blind/vuln.php') . '[/php]'); } ?> <div class="box box_c"> <form method="post" action="index.php"> <div><?php echo $chall->lang('th_injection'); ?> : <input name="injection" type="text" value="" /></div> <div><input name="inject" type="submit" value="<?php echo $chall->lang('btn_inject'); ?> " /></div> </form> </div>
public function displayMessage() { $msg = $this->getVar('chatmsg_msg'); return Module_Chat::isBBCodeAllowedS() ? GWF_Message::display($msg, true, true) : GWF_HTML::display($msg); }
<?php chdir('../../'); define('GWF_PAGE_TITLE', 'PHP 0817'); require_once 'challenge/html_head.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 1, 'challenge/php0817/index.php'); } $chall->showHeader(); $filename = 'challenge/php0817/php0817.include'; $code = '[php]' . file_get_contents($filename) . '[/php]'; $code = GWF_Message::display($code, true, false, false); $a2 = 'solution.php'; $a3 = 'index.php?which=0'; $a4 = 'index.php?which=1'; $a5 = 'index.php?which=2'; echo GWF_Box::box($chall->lang('info', array($code, $a2, $a3, $a4, $a5)), $chall->lang('title')); $which = Common::getGetString('which', ''); if (strpos($which, '/') !== false) { echo GWF_HTML::error('PHP 0817', $chall->lang('err_security')); } else { GWF_Debug::setMailOnError(false); echo '<div class="box box_c">' . PHP_EOL; require_once $filename; echo '</div>' . PHP_EOL; GWF_Debug::setMailOnError(true); } echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
<?php # WeChall things chdir('../../../'); define('GWF_PAGE_TITLE', 'HOST me'); require_once 'challenge/html_head.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, 'challenge/space/host_me/index.php', false); } $chall->showHeader(); ############### ## Challenge ## ############### require_once 'challenge/space/host_me/host_me.php'; $filename = 'challenge/space/host_me/host_me.php'; $message = '[PHP]' . file_get_contents($filename) . '[/PHP]'; $message = GWF_Message::display($message); echo GWF_Box::box($chall->lang('info', array($message, GWF_WEB_ROOT . 'profile/space')), $chall->lang('title')); GWF_Debug::setDieOnError(false); GWF_Debug::setMailOnError(false); if (true === $challenge()) { $chall->onChallengeSolved(GWF_Session::getUserID()); } GWF_Debug::setDieOnError(true); GWF_Debug::setMailOnError(true); echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
public function displayMessage() { return GWF_Message::display($this->getMessage()); }
if (false === ($chall = WC_Challenge::getByTitle('Yourself PHP'))) { $chall = WC_Challenge::dummyChallenge('Yourself PHP', 4, 'challenge/yourself_php/index.php', false); } # And display the header $chall->showHeader(); # Show mission box (translated) echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t')); # Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input. if (phpself_checkit()) { $chall->onChallengeSolved(GWF_Session::getUserID()); } # Show this file as highlighted sourcecode, if desired if ('christmas' === Common::getGetString('highlight')) { $msg = file_get_contents('challenge/yourself_php/index.php'); $msg = '[' . 'code=php title=index.php]' . $msg . '[' . '/code]'; echo GWF_Box::box(GWF_Message::display($msg)); } # __This is the challenge: if (isset($_POST['username'])) { echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username')))); } echo '<div class="box box_c">' . PHP_EOL; echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']) . PHP_EOL; echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')) . PHP_EOL; echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>') . PHP_EOL; echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>') . PHP_EOL; echo sprintf('</form>') . PHP_EOL; echo '</div>' . PHP_EOL; # __End of challenge # Print Challenge Footer echo $chall->copyrightFooter();
case GWF_Form::HEADLINE: if (isset($data[2])) { printf('<tr><td>%s%s</td><td>%s</td><td>%s</td></tr>' . PHP_EOL, $req, $data[2], $tt, $data[1]); } else { printf('<tr class="headline"><td colspan="%d">%s</td></tr>' . PHP_EOL, $cols, $data[1]); } break; case GWF_Form::SUBMITS: $buttons = ''; foreach ($data[1] as $submitsk => $submitsv) { $buttons .= sprintf('<input type="submit" name="%s" value="%s" />', $submitsk, $submitsv); } printf('<tr><td></td><td></td><td>%s</td></tr>' . PHP_EOL, $buttons); break; case GWF_Form::MESSAGE: printf('<tr><td colspan="%d">%s</td></tr>' . PHP_EOL, $cols, GWF_Message::getCodeBar($key)); ### Fallthrough... ### Fallthrough... case GWF_Form::MESSAGE_NOBB: // printf(); printf('<tr><td colspan="%d">%s</td></tr>' . PHP_EOL, $cols, $data[2]); printf('<tr><td colspan="%d"><textarea id="%s" name="%s" cols="80" rows="8">%s</textarea></td></tr>' . PHP_EOL, $cols, $key, $key, $data[1]); break; case GWF_Form::VALIDATOR: break; case GWF_Form::FILE: case GWF_Form::FILE_OPT: printf('<tr><td>%s%s</td><td>%s</td><td><input type="file" name="%s" /></td></tr>' . PHP_EOL, $req, $data[2], $tt, $key); break; case GWF_Form::HTML: echo $data[1] . PHP_EOL;
public function displayMessage($highlight = array(), $no_check = false) { // if ($highlight === '') { // $highlight = array(); // } $bb = $this->isBBCodeEnabled(); $smile = $this->isSmileyEnabled(); $img = false; return GWF_Message::display($this->getMessage($no_check), $bb, $smile, $img, $highlight); }
<?php require 'config.php'; $files = scandir(dirname(__FILE__)); $title = 'Error'; if (false === ($file = Common::getGetString('f', false))) { $content = '<p>No file via GET parameter "f" specified. You can use hl=1 for highlighting btw.</p>'; } elseif (!in_array($file, $files, true)) { $content = '<p>Only the files in the challenge directory are allowed :)</p>'; } else { $title = $file; $content = trim(file_get_contents("{$dldc}{$file}")); if (isset($_GET['dl'])) { header('Content-Type: text/plain'); dldc_die($content); } elseif (isset($_GET['hl'])) { $content = '<div class="code">' . GWF_Message::display('[P' . 'HP]' . $content . '[/P' . 'HP]') . '</div>'; } else { $content = "<code>\n" . htmlspecialchars($content) . "\n</code>"; } } require 'header.php'; ?> <h1><?php echo $title; ?> </h1> <?php echo $content; require 'footer.php';
public function displayAboutMe() { return GWF_Message::display($this->getVar('prof_about_me')); }
private function getPageContent(GWF_Page $page) { switch ($page->getMode()) { case GWF_Page::HTML: return $page->getVar('page_content'); case GWF_Page::BBCODE: return GWF_Message::display($page->getVar('page_content')); case GWF_Page::SMARTY: return $this->getPageContentSmarty($page); default: return 'NO PAGE MODE SELECTED ERROR 0915'; } }
<?php if (isset($_GET['show'])) { header('Content-Type: text/plain'); die(file_get_contents('challenge.php')); } $secret = (require 'secret.php'); chdir('../../../'); define('GWF_PAGE_TITLE', 'Table Names II'); require_once 'challenge/html_head.php'; require GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 6, 'challenge/nurfed/more_table_names/index.php', $secret['flag']); } $chall->showHeader(); $chall->onCheckSolution(); echo GWF_Box::box($chall->lang('mission_i', array('index.php?show=source', 'index.php?highlight=christmas', 'challenge.php')), $chall->lang('mission_t')); if (Common::getGetString('highlight') === 'christmas') { echo GWF_Message::display('[php title=challenge.php]' . file_get_contents('challenge/nurfed/more_table_names/challenge.php') . '[/php]'); } formSolutionbox($chall); echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
<?php # Change dir to web root chdir('../../../../'); define('GWF_PAGE_TITLE', 'Training: MySQL I'); require_once 'challenge/html_head.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, 'challenge/training/mysql/auth_bypass1/index.php', false); } $chall->showHeader(); echo GWF_Box::box($chall->lang('info', array('index.php?show=source', 'index.php?highlight=christmas')), $chall->lang('title')); $filename = 'challenge/training/mysql/auth_bypass1/login.php'; if (Common::getGetString('show') === 'source') { echo GWF_Box::box('<pre>' . htmlspecialchars(file_get_contents($filename)) . '</pre>'); } elseif (Common::getGetString('highlight') === 'christmas') { $message = '[PHP]' . file_get_contents($filename) . '[/PHP]'; echo GWF_Message::display($message); } define('WCC_AUTH_BYPASS1_DB', 'gizmore_auth1'); define('WCC_AUTH_BYPASS1_USER', 'gizmore_auth1'); define('WCC_AUTH_BYPASS1_PASS', 'AuthIsBypass'); include 'login.php'; echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
public function displayLyrics() { $message = $this->getVar('ssl_lyrics'); return GWF_Message::display($message); }