public function check()
{
$this->setView('reclaim/index');
if (Session::isLoggedIn()) {
return Error::set('You\'re logged in!');
}
$this->view['valid'] = true;
$this->view['publicKey'] = Config::get('recaptcha:publicKey');
if (empty($_POST['recaptcha_challenge_field']) || empty($_POST['recaptcha_response_field'])) {
return Error::set('We could not find the captcha validation fields!');
}
$recaptcha = Recaptcha::check($_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if (is_string($recaptcha)) {
return Error::set(Recaptcha::$errors[$recaptcha]);
}
if (empty($_POST['username']) || empty($_POST['password'])) {
return Error::set('All forms are required.');
}
$reclaims = new reclaims(ConnectionFactory::get('mongo'));
$good = $reclaims->authenticate($_POST['username'], $_POST['password']);
if (!$good) {
return Error::set('Invalid username/password.');
}
$reclaims->import($_POST['username'], $_POST['password']);
$users = new users(ConnectionFactory::get('mongo'));
$users->authenticate($_POST['username'], $_POST['password']);
header('Location: ' . Url::format('/'));
}
public function delete($arguments)
{
if (!CheckAcl::can('deleteNotices')) {
return Error::set('You are not allowed to delete notices!');
}
if (empty($arguments[0])) {
return Error::set('No notice id was found!');
}
$notices = new notices(ConnectionFactory::get('redis'));
$return = $notices->delete($arguments[0]);
if (is_string($return)) {
return Error::set($return);
}
header('Location: ' . Url::format('/notice/'));
}
public function vote($arguments)
{
if (!CheckAcl::can('voteOnNews')) {
return Error::set('You can not vote on news posts.');
}
if (empty($arguments[0]) || empty($arguments[1])) {
return Error::set('Vote or news id not found.');
}
$news = new news(ConnectionFactory::get('mongo'));
$result = $news->castVote($arguments[0], $arguments[1]);
$post = $news->get($arguments[0], false, true);
if (is_string($result)) {
return Error::set($result, false, array('Back' => Url::format('/news/view/' . Id::create($post, 'news'))));
}
Error::set('Vote cast!', true, array('Back' => Url::format('/news/view/' . Id::create($post, 'news'))));
}
public static function handler($data = null)
{
Session::init();
$key = Cache::PREFIX . 'sessionReq_' . Session::getId();
if (apc_exists($key)) {
Session::setBatchVars(apc_fetch($key));
apc_delete($key);
}
$ip = Session::getVar('ip');
if (Session::isLoggedIn() && Session::getVar('lockToIP') && $ip != null && $ip != $_SERVER['REMOTE_ADDR']) {
Session::destroy();
header('Location: ' . Url::format('/'));
die;
}
Session::setVar('ip', $_SERVER['REMOTE_ADDR']);
$twitter = new twitter(ConnectionFactory::get('redis'));
Layout::set('tweets', $twitter->getOfficialTweets());
self::slowBan();
self::errorBan();
}
<?php
if (!empty($valid) && $valid) {
?>
<center>
<?php
foreach ($missions as $mission) {
?>
<div class="well">
<center>
<h3><a href="<?php
echo Url::format('missions/' . strtolower($mission['name']));
?>
"><?php
echo ucwords($mission['name']);
?>
Missions</a></h3>
<p><?php
echo $mission['description'];
?>
</p>
</center>
</div>
<?php
}
?>
</center>
<?php
}
<?php
if (!empty($valid) && $valid) {
?>
<u><h2>Your Certificate:</h2></u>
<pre>
<?php
echo $certificate;
?>
</pre><br />
<i>Save this to file so your browser can use it!</i><br />
<a href="<?php
echo Url::format('pages/info/keyauthentication');
?>
">Read More...</a>
<?php
}
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Post News</h1></div>
<form class="well form-veritcal" action="<?php
echo Url::format('/news/post/save');
?>
" method="post">
<label>Title: </label> <input type="text" name="title" /><br />
<label>Department: </label> <input type="text" name="department" /><br />
<label>Text: </label>
<textarea style="width: 100%" rows="10" name="body"></textarea><br />
<label>Tags: </label> <input type="text" name="tags" /> <span class="help-inline">(Comma seperated list of tags)</span><br />
<label class="checkbox"><input type="checkbox" name="commentable" value="yes" /> Commentable</label>
<label class="checkbox"><input type="checkbox" name="shortNews" value="yes" /> Short News</label>
<input type="submit" class="btn btn-info" name="preview" value="Preview" />
<input type="submit" class="btn btn-primary" name="post" value="Post News" />
</form>
<?php
} elseif (!empty($valid) && !$valid) {
?>
<a href="<?php
echo Url::format('/news/view/' . Id::create($info, 'news'));
?>
">Read</a>
<?php
}
echo $description;
?>
</blockquote>
<?php
}
?>
<p><?php
echo BBCode::parse($body);
?>
</p>
<?php
if (!empty($mlt)) {
?>
<p><h4>More Like This:</h4>
<?php
foreach ($mlt as $fetched) {
echo '<a href="' . Url::format('article/view/' . Id::create($fetched, 'news')) . '">' . $fetched['title'] . '</a><br />';
}
?>
</p>
<?php
}
if ($published && empty($revision) && empty($preview)) {
$data = array('_id' => $_id, 'rating' => $rating, 'type' => 'Articles', 'where' => 'article');
echo Partial::render('like', $data);
}
?>
</div>
<?php
if (!empty($valid) && $valid) {
?>
<form class="form-inline" action="<?php
echo Url::format('/lost/access');
?>
" method="post">
<label>Your username:</label>
<input type="text" name="username" />
<input type="submit" value="Go" class="btn btn-primary" />
</form>
<?php
}
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Register</h1></div>
<form class="well form-vertical" action="<?php
echo Url::format('/user/register/save');
?>
" method="post">
<label>Username</label>
<input type="text" name="username" required /><br />
<label>Password</label>
<input type="text" name="password" required /><br />
<label>Email</label>
<input type="text" name="email" required /><br />
<label class="checkbox">
<input type="checkbox" name="hideEmail" value="true" /> Hide Your Email?
</label>
<div class="control-group">
<script type="text/javascript">
var RecaptchaOptions = {
theme : 'white'
};
</script>
<script type="text/javascript"src="https://www.google.com/recaptcha/api/challenge?k=<?php
echo $publicKey;
, <em><?php
echo $name;
?>
</em>
</div>
<div class="hero-unit">
<h1>Congratulations!</h1><br />
<p><?php
echo call_user_func(array($basic, 'explainMission' . $num));
?>
<br /></p>
<?php
if ($next) {
?>
<p>
<a class="btn btn-large btn-success pull-right" href="<?php
echo Url::format('missions/basic/' . ($num + 1));
?>
">
Next Mission!
</a>
</p>
<?php
}
?>
</div>
<?php
}
public function delete($arguments)
{
$model = new $this->model(ConnectionFactory::get($this->db));
if (empty($arguments[0])) {
return Error::set('No ' . $this->name . ' id was found!');
}
if (!method_exists($model, 'authChange') && !CheckAcl::can('delete' . $this->permission)) {
return Error::set('You are not allowed to delete ' . $this->pluralize($this->name) . '!');
}
if (method_exists($model, 'authChange')) {
$entry = $model->get($arguments[0], false, true);
if (!(method_exists($model, 'authChange') && $model->authChange('delete', $entry))) {
return Error::set('You are not allowed to delete this ' . $this->name . '!');
}
}
$return = call_user_func_array(array($model, 'delete'), array($arguments[0]));
if (is_string($return)) {
return Error::set($return);
}
Error::set(ucwords($this->name) . ' deleted!', true);
if (!isset($this->dnr) || isset($this->dnr) && !$this->dnr) {
header('Location: ' . Url::format($this->location));
}
Log::activity('Deleted: ' . $this->name . ' (' . $arguments[0] . ')', null);
}
<div class="well">
<h3><a href="<?php
echo Url::format('article/view/' . Id::create(array('date' => $date, 'title' => $title), 'news'));
?>
"><?php
echo $title;
?>
</a></h3>
<p><?php
echo $description;
?>
</p>
</div>
$page -- Current page number.
$url -- Where to redirect.
*/
$pages = ceil($total / $perPage);
?>
<center>
<div class="pagination">
<ul>
<?php
for ($i = 1; $i <= $pages; ++$i) {
?>
<li<?php
if ($page == $i) {
?>
class="active"<?php
}
?>
><a href="<?php
echo Url::format($url . $i) . (!empty($where) ? '#' . $where : '');
?>
"><?php
echo $i;
?>
</a></li>
<?php
}
?>
</ul>
</div></center>
<br />
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Edit Comment</h1></div>
<form class="well" action="<?php
echo Url::format('/comment/edit/' . $post['_id'] . '/save');
?>
" method="post">
<input type="hidden" name="contentId" value="<?php
echo $post['contentId'];
?>
" />
<textarea name="text" rows="10" style="width: 100%"><?php
echo $post['text'];
?>
</textarea><br />
<input type="submit" value="Post Comment" class="btn btn-primary" />
</form>
<?php
}
public function view()
{
header('Location: ' . Url::format('/lecture'));
}
<a href="<?php echo Url::format(empty($_SERVER['HTTP_REFERER']) ? '/' : $_SERVER['HTTP_REFERER']); ?> ">Go Back</a>
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Post Lecture</h1></div>
<form class="form-vertical well" action="<?php
echo Url::format('lecture/post/save');
?>
" method="post">
<label>Title: </label>
<input type="text" name="title" /><br />
<label>Lecturer: </label>
<input type="text" name="lecturer" /><br />
<label>Description:</label>
<textarea name="description"></textarea><br />
<label>Date: </label>
<input type="text" name="date" />
<span class="help-inline">(Culturally acceptable date format: this Saturday, 12:30am)</span><br />
<label>Expected Duration: </label>
<input type="text" name="duration" />
<span class="help-inline">(Duration in units: 3 hours, 30 minutes)</span><br />
<input type="submit" value="Post Lecture" class="btn btn-primary" />
</form>
<?php
}
Contribute your thoughts. Volunteer to beta test some of the new projects. Get used to working with other members of the site.
We're here for you, get in contact with us!
</p>
<h2 id="contact">Contact</h2>
<h3>Hack This Site IRC</h3>
<p>The best way of getting answers to general questions about the site, and the quickest way of getting involved with the community.</p>
<p>irc.hackthissite.org port 7000 (no ssl 6667)<br />
<ul>
<li>#hackthissite (general chat)</li>
<li>#help (challenges and other help)</li>
<li>#team (Staff discussion channel)</li>
</ul>
<h3>Forums</h3>
<p>
<a href="<?php
echo Url::format('/forums');
?>
">Hack This Site Forums</a>: The best way of getting help with the hacking challenges; also a hotbed for discussion.
</p>
<h3>E-mail</h3>
<p>We can't always respond, but we do read everything we are sent, so have your voices heard:</p>
<ul>
<li>HTS staff: staff (at) hackthissite.org</li>
<li>Senior Developer: comperr (at) hackthissite.org</li>
<li>IRC staff: irc (at) hackthissite.org</li>
</ul>
echo $notice, '<br />';
}
echo '</div><br />';
}
$errors = Error::getAllErrors();
if (Error::has() && !empty($errors)) {
echo '<div class="alert alert-error">';
foreach ($errors as $error) {
echo $error, '<br />';
}
echo '</div><br />';
}
?>
<?php
echo $content;
?>
</div>
<!-- End content -->
</div></div>
<script src="<?php
echo Url::format('themes/jquery.js', true);
?>
"></script>
<script src="<?php
echo Url::format('themes/bootstrap/js/bootstrap.min.js', true);
?>
"></script>
</body>
</html>
public function admin_note()
{
if (!CheckAcl::can('postNotes')) {
return Error::set('You are not allowed to post notes.');
}
if (empty($_POST['userId'])) {
return Error::set('No user id was found.');
}
if (empty($_POST['note'])) {
return Error::set('No note text was found.');
}
$users = new users(ConnectionFactory::get('mongo'));
$return = $users->addNote($_POST['userId'], $_POST['note']);
if (is_string($return)) {
return Error::set($return);
}
Error::set('Note posted.', true);
if (!empty($_SERVER['HTTP_REFERER'])) {
header('Location: ' . Url::format($_SERVER['HTTP_REFERER']));
}
}
if (!is_array($tags)) {
$tags = explode(',', clean($tags));
}
$category = clean($category);
?>
<div class="page-header"><h1><?php
echo ucwords($method);
?>
Article</h1></div>
<?php
if (!empty($preview) && $preview && !is_string($info)) {
echo Partial::render('articleFull', $info);
}
?>
<form class="form-vertical well" action="<?php
echo Url::format('/article/' . $method . (empty($_id) ? '' : '/' . $_id) . '/save');
?>
" method="post">
<label>Title: </label> <input type="text" name="title" value="<?php
echo clean($title);
?>
" /><br />
<label>Category: </label>
<select name="category">
<?php
foreach (articles::$categories as $short => $rCategory) {
?>
<option value="<?php
echo $short;
?>
"<?php
Your password has been reset. Check your email for a link.
<?php
if (!$mail) {
?>
<br /><br />
Mail is down so
<a href="<?php
echo Url::format('/lost/confirm/' . $id . '/password');
?>
">click here</a>.
<?php
}
<?php
if (!empty($valid) && $valid) {
?>
<?php
}
if (CheckAcl::can('haveConnections')) {
?>
<form class="form-horizontal well" action="<?php
echo Url::format('/user/connections');
?>
" method="post">
<legend>Manage Connections</legend>
<div class="control-group">
<label class="control-label">GitHub Username</label>
<div class="controls">
<input type="text" name="github"<?php
echo !empty($github) ? 'value="' . $github . '"' : '';
?>
/>
</div>
</div>
<input type="submit" value="Save" class="btn btn-primary" />
</form>
<?php
}
You finished <?php
echo $current;
?>
!<br />
<?php
if (!empty($next)) {
?>
<a href="<?php
echo Url::format('missions/' . $next);
?>
">Next</a><?php
}
?>
<?php
Mission::finishMission($handle, $id);
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Account Reclamation</h1></div>
<p>Fill out the form below to have your old HackThisSite account converted
into the new format.</p>
<center><form action="<?php
echo Url::format('/reclaim/check');
?>
" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<div class="control-group">
<script type="text/javascript"src="http://www.google.com/recaptcha/api/challenge?k=<?php
echo $publicKey;
?>
"></script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=<?php
echo $publicKey;
?>
"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
foreach ($news as $post) {
echo Partial::render('newsShort', $post);
}
?>
<br />
<div class="well">
<strong>Most Recent Users:</strong><br />
<?php
$links = array();
foreach ($onlineUsers as $user) {
array_push($links, '<a href="' . Url::format('/user/view/' . $user) . '">' . $user . '</a>');
}
echo implode(' - ', $links);
?>
<br />
<strong>Users on IRC: (<?php
echo $ircOnline['unknown'];
?>
unknown users)</strong><br />
<?php
$links = array();
if (!empty($ircOnline['usernames'])) {
foreach ($ircOnline['usernames'] as $user) {
array_push($links, '<a href="' . Url::format('/user/view/' . $user) . '">' . $user . '</a>');
}
}
echo implode(' - ', $links);
?>
</div>
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>View Bug</h1></div>
<form class="form-inline well pull-right" action="<?php
echo Url::format('bugs/changeStatus');
?>
" method="post">
<label>Change Status:</label>
<select name="status">
<?php
foreach (bugs::$status as $status) {
?>
<option value="<?php
echo $status;
?>
"><?php
echo ucwords($status);
?>
</option>
<?php
}
?>
<option value="public">Public</option>
<option value="private">Private</option>
<option value="delete">Delete</option>
</select>
</td>
</tr>
<tr>
<td class="light-td">
We are a non-profit organization that strives to protect a good security culture and learning atmosphere.
</td>
</tr>
<tr>
<td class="light-td">
1. Higher rankings on the top scores page does not entitle anyone to special privileges nor does s/he achieve any sort of 'nobility'. We are all friends here, all on the same team. Let us not waste our energies battling ourselves, instead let's work with each other towards common goals. However we do encourage users to compete (within reason) purely in the interest of improving their skills. The hacker emblem is an honor and a privilege - not a right. If you use the emblem to show your superiority it will be taken away from you.
</td>
</tr>
<tr>
<td class="light-td">
2. Users are allowed to explore Hack This Site in search of security holes, bugs, etc. provided that they do not exploit them for destructive purposes. We encourage people to 'hack this site' but we ask that they leave the website up for others to benefit and learn from. More information about hacking this site available <a href="<?php
echo Url::format('/pages/info/hackthissite');
?>
">here</a>. We ask that you submit a bug report if you do find one.
</td>
</tr>
<tr>
<td class="light-td">
3. User information (such as IP, ISP, or email address) will not be distributed to any third party or individual. Private messages will remain private, and upon deletion, will remain deleted.
</td>
</tr>
<tr>
<td class="light-td">
4. Moderators roles include: Verifying articles are correct and haven't been plagiarized, checking that links work, keeping HackThisSite out of legal trouble (e.g live links to current hacks), deleting spam, resolving issues between users and general staff functions. Decisions are made at staff member's discretion.
</td>
</tr>
<tr>
<?php
if (!empty($valid) && $valid) {
?>
<div class="page-header"><h1>Post Article</h1></div>
<form class="form-vertical well" action="<?php
echo Url::format('/article/post/save');
?>
" method="post">
<label>Title: </label> <input type="text" name="title" /><br />
<label>Category: </label>
<select name="category">
<?php
foreach (articles::$categories as $short => $category) {
?>
<option value="<?php
echo $short;
?>
"><?php
echo $category;
?>
</option>
<?php
}
?>
</select>
<label>Description:</label>
<textarea rows="5" style="width: 100%" name="description"></textarea><br />
<label>Text: </label>
<textarea rows="20" style="width: 100%" name="body"></textarea><br />
