function DBNewUser($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['user'])) {
$param['user'] = $param['number'];
}
$ac = array('contest', 'site', 'user');
$ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra');
$typei['contest'] = 1;
$typei['updatetime'] = 1;
$typei['site'] = 1;
$typei['user'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewUser param error: {$key} not found");
return false;
}
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$username = "******" . $user;
$updatetime = -1;
$pass = null;
$usericpcid = '';
$userfull = '';
$userdesc = '';
$type = 'team';
$enabled = 'f';
$changepass = '******';
$multilogin = '******';
$permitip = '';
$usersession = null;
$usersessionextra = null;
$userip = null;
$userlastlogin = null;
$userlastlogout = null;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
}
}
$t = time();
if ($updatetime <= 0) {
$updatetime = $t;
}
if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") {
$type = "team";
}
if ($type == "admin") {
$changepass = "******";
}
if ($enabled != "f") {
$enabled = "t";
}
if ($multilogin != "t") {
$multilogin = "******";
}
if ($changepass != "t") {
$changepass = "******";
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewUser(begin)");
}
DBExec($c, "lock table usertable", "DBNewUser(lock)");
$r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)");
$n = DBnlines($r);
if ($n == 0) {
DBExec($c, "rollback work", "DBNewUser(no-site)");
MSGError("DBNewUser param error: site {$site} does not exist");
return false;
}
if ($pass != myhash("") && $type != "admin" && $changepass != "t") {
$pass = '******' . $pass;
}
$r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)");
$n = DBnlines($r);
$ret = 1;
if ($n == 0) {
$sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}";
$a = DBGetRow($sql, 0, $c);
if ($a == null) {
$ret = 2;
$sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}";
$aa = DBGetRow($sql, 0);
if ($aa == null) {
DBExec($c, "rollback work");
MSGError("Site {$site} does not exist");
return false;
}
$sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')";
DBExec($c, $sql, "DBNewUser(insert)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2);
} else {
if ($updatetime > $a['updatetime']) {
$ret = 2;
$sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', ";
if ($pass != null && $pass != myhash("")) {
$sql .= "userpassword='******', ";
}
if ($usersession != null) {
$sql .= "usersession='{$usersession}', ";
}
if ($usersessionextra != null) {
$sql .= "usersessionextra='{$usersessionextra}', ";
}
if ($userip != null) {
$sql .= "userip='{$userip}', ";
}
if ($userlastlogin != null) {
$sql .= "userlastlogin='******', ";
}
if ($userlastlogout != null) {
$sql .= "userlastlogout='{$userlastlogout}', ";
}
$sql .= "userenabled='{$enabled}', usermultilogin='******'";
$sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
$r = DBExec($c, $sql, "DBNewUser(update)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2);
}
}
} else {
DBExec($c, "rollback work");
LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1);
MSGError("Update problem for user {$user}, site {$site} (maybe username already in use).");
return false;
}
return $ret;
}
function DBUpdateRunC($contest, $usersite, $usernumber, $runsite, $runnumber, $answer, $chief, $c = null)
{
$bw = 0;
if ($c == null) {
$bw = 1;
$c = DBConnect();
DBExec($c, "begin work", "DBUpdateRunC(transaction)");
}
$a = DBGetRow("select * from answertable where answernumber={$answer} and contestnumber={$contest}", 0, $c, "DBUpdateRunC(get answer)");
if ($a == null) {
DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
MSGError("Problem with the answer table. Contact an admin now!");
LogLevel("Unable to judge a run because the answer was not found (run={$runnumber}, site={$runsite}, " . "contest={$contest}, answer={$answer}).", 0);
return false;
}
if ($a["fake"] == 't') {
DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
MSGError("You must choose a valid answer.");
LogLevel("Unable to judge a run because of the fake answer (run={$runnumber}, site={$runsite}, " . "contest={$contest}, answer={$answer}).", 0);
return false;
}
$yes = $a["yes"];
$b = DBSiteInfo($contest, $runsite, $c);
if ($b == null) {
exit;
}
$sql = "select * from runtable as r where r.contestnumber={$contest} and " . "r.runsitenumber={$runsite} and r.runnumber={$runnumber}";
if ($chief != 1) {
$sql .= " and (r.runstatus='judging' or r.runstatus='judged+') and " . "((r.runjudge1={$usernumber} and r.runjudgesite1={$usersite}) or " . " (r.runjudge2={$usernumber} and r.runjudgesite2={$usersite}))";
$tx = "Judge";
} else {
$tx = "Chief";
}
$r = DBExec($c, $sql . " for update", "DBUpdateRunC(get run for update)");
$n = DBnlines($r);
if ($n != 1) {
if ($bw == 1) {
DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
LogLevel("Unable to judge a run (maybe it was already judged or catched by a chief) " . "(run={$runnumber}, site={$runsite}, contest={$contest}).", 2);
MSGError("Unable to judge the run (maybe it was already judged or catched by a chief)");
}
return false;
}
$temp = DBRow($r, 0);
$t = $b["currenttime"];
$team = $temp["usernumber"];
if ($temp["runanswer"] != "") {
$tinhabalao = DBBalloon($contest, $runsite, $temp["usernumber"], $temp["runproblem"], $bw == 1, $c);
} else {
$tinhabalao = false;
}
if ($temp["runjudge1"] == $usernumber && $temp["runjudgesite1"] == $usersite) {
DBExec($c, "update runtable set runanswer1={$answer}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run judge1)");
$outra = $temp["runanswer2"];
}
if ($temp["runjudge2"] == $usernumber && $temp["runjudgesite2"] == $usersite) {
DBExec($c, "update runtable set runanswer2={$answer}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run judge2)");
$outra = $temp["runanswer1"];
}
$newstatus = 'judging';
if ($chief == 1 || $outra != 0 && $outra == $answer && $temp["runstatus"] != "judged+" || $outra != 0 && $outra == $answer && $temp["runanswer"] == $answer) {
$newstatus = 'judged';
DBExec($c, "update runtable set runstatus='judged', " . "runjudge={$usernumber}, runjudgesite={$usersite}, " . "runanswer={$answer}, rundatediffans={$t}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run)");
$tembalao = DBBalloon($contest, $runsite, $temp["usernumber"], $temp["runproblem"], $bw == 1, $c);
// if ($runsite==$usersite) {
if (!$tinhabalao && $tembalao) {
if (($b = DBSiteInfo($contest, $runsite, $c)) == null) {
return true;
}
$ta = $b["currenttime"];
$tf = $b["sitelastmileanswer"];
if ($ta < $tf || $ta > $b['siteduration']) {
$u = DBUserInfo($contest, $runsite, $team, $c);
if ($u['usertype'] == 'team') {
$p = DBGetProblemData($contest, $temp["runproblem"], $c);
DBNewTask_old($contest, $runsite, $team, escape_string("\"" . $u["username"] . "\" must have a balloon for problem " . $p[0]["problemname"] . ": " . $p[0]["fullname"]), "", "", "t", $p[0]["color"], $p[0]["colorname"], $c);
}
} else {
LOGError("DBUpdateRunC: HIDDEN: user={$team},site={$runsite},contest={$contest} would have a balloon for problem=" . $temp["runproblem"]);
}
} else {
if ($tinhabalao && !$tembalao) {
$u = DBUserInfo($contest, $runsite, $team, $c);
if ($u['usertype'] == 'team') {
$p = DBGetProblemData($contest, $temp["runproblem"], $c);
DBNewTask_old($contest, $runsite, $team, escape_string("\"" . $u["username"] . "\" must have _NO_ balloon for problem " . $p[0]["problemname"] . ": " . $p[0]["fullname"]) . ". Please verify and remove it, if needed.", "", "", "t", $p[0]["color"], $p[0]["colorname"], $c);
}
}
}
// }
}
if ($bw == 1) {
DBExec($c, "commit work", "DBUpdateRunC(commit)");
LOGLevel("Run updated (run={$runnumber},site={$runsite},user={$team},contest={$contest},newstatus={$newstatus}," . "judge={$usernumber}(site={$usersite}),answer={$answer}(" . $a["runanswer"] . ")).", 3);
}
return true;
}
function DBLogInContest($name, $pass, $contest, $msg = true)
{
$b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)");
if ($b == null) {
LOGLevel("There is no contest {$contest}.", 0);
if ($msg) {
MSGError("There is no contest {$contest}, contact an admin.");
}
return false;
}
$d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false);
if ($d == null) {
if ($msg) {
MSGError("There is no active site, contact an admin.");
}
return false;
}
$a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)");
if ($a == null) {
if ($msg) {
LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2);
MSGError("User does not exist or incorrect password.");
}
return false;
}
$a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false);
$_SESSION['usertable'] = $a;
$p = myhash($a["userpassword"] . session_id());
$_SESSION['usertable']['userpassword'] = $p;
if ($a["userpassword"] != "" && $p != $pass) {
LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2);
if ($msg) {
MSGError("Incorrect password.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2);
if ($msg) {
MSGError("Logins are not allowed.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($a["userenabled"] != "t") {
LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2);
if ($msg) {
MSGError("User disabled.");
}
unset($_SESSION["usertable"]);
return false;
}
$gip = getIP();
if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1);
if ($msg && $a["usertype"] != "admin") {
MSGError("You are using two distinct IPs. Admin notified.");
}
}
if ($a["userpermitip"] != "") {
$ips = explode(';', $a["userpermitip"]);
$gips = explode(';', $gip);
if (count($gips) < count($ips)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
for ($ipss = 0; $ipss < count($ips); $ipss++) {
$gipi = $gips[$ipss];
$ipi = $ips[$ipss];
if (!match_network($ipi, $gipi)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
}
}
$c = DBConnect();
$t = time();
if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") {
$r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)");
} else {
DBExec($c, "begin work");
$sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")";
DBExec($c, $sql);
DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)");
if ($name == 'admin') {
list($clockstr, $clocktime) = siteclock();
if ($clocktime < -600) {
DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)");
}
}
DBExec($c, "commit work");
}
LOGLevel("User {$name} authenticated (" . $gip . ")", 2);
return $a;
}
