} } else { $file_size = $_FILES['uploadedfile']['size']; if ($file_size > 2000000) { $errors[] = "File is too big. Maximum size is 1 KB. Make sure that " . "your zip file contains only your code files."; } else { $filename = basename($_FILES['uploadedfile']['name']); if (!ends_with($filename, ".zip") && !ends_with($filename, ".tgz") && !ends_with($filename, ".tar.gz")) { $errors[] = "Invalid file type. Must be zip, tgz, or tar.gz"; } } } return $errors; } $submission_directory = "/home/contest/ai-contest/planet_wars/submissions/"; if (!logged_in_with_valid_credentials()) { header('Location: index.php'); die; } $result = mysql_query("SELECT * FROM users WHERE user_id=" . current_user_id()); $userdata = mysql_fetch_assoc($result); $sid = session_id(); $local_key = sha1($sid . $userdata['activation_code'] . $userdata['email']); if ($local_key != $_POST['submit_key']) { die('Bad submission key found.'); } // Uncomment the following line to turn off new submissions. $errors[] = "Nuh-uh. The contest is over. No more submissions."; if (count($errors) == 0) { if (has_recent_submission()) { $errors[] = "Sorry your last submission was too recent.";
<?php include 'session.php'; function safe_str($str) { return mysql_real_escape_string(stripslashes($str)); } if (!(logged_in_with_valid_credentials() && logged_in_as_admin())) { die("Forget it, you must be logged in as admin."); } if (!isset($_POST['user_id']) || !isset($_POST['reason'])) { die("Did not receive user_id or reason"); } $user_id = safe_str($_POST['user_id']); $reason = $_POST['reason']; $query = "SELECT * from users where user_id=" . $user_id; $result = mysql_query($query); if (!result || mysql_num_rows($result) != 1) { die("Could not find the user account"); } $user = mysql_fetch_assoc($result); if ($user['password'] == "") { die("This account is already disabled"); } $admin = current_username(); $bio = safe_str($user['bio'] . " - " . $reason . " by " . $admin); $email = safe_str($user['email'] . " disabled"); $query = "UPDATE users SET email='{$email}', bio = '{$bio}', password = ''\n WHERE user_id={$user_id}"; mysql_query($query); $query = "UPDATE submissions SET latest=0 WHERE user_id={$user_id}"; mysql_query($query);