function message_error($message, $head = true, $foot = true, $exit = true)
{
if ($head) {
head('Error');
}
section_subhead('Error');
message_inline_red($message);
if ($foot) {
foot();
}
if ($exit) {
exit;
}
}
function message_error($message, $head = true, $foot = true, $exit = true)
{
global $head_sent;
if ($head && !$head_sent) {
head(lang_get('error'));
}
section_subhead(lang_get('error'));
message_inline_red($message);
if ($foot) {
foot();
}
if ($exit) {
exit;
}
}
function get_global_db_pdo()
{
global $db;
if ($db === null) {
try {
$db = new PDO(DB_ENGINE . ':host=' . DB_HOST . ';port=' . DB_PORT . ';dbname=' . DB_NAME . ';charset=utf8', DB_USER, DB_PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (Exception $e) {
message_inline_red('Caught exception connecting to database');
throw $e;
}
}
return $db;
}
<th>Hint</th>
<th>Manage</th>
</tr>
</thead>
<tbody>
';
$hints = db_select_all('hints', array('id', 'added', 'body'), array('challenge' => $_GET['id']));
foreach ($hints as $hint) {
echo '
<tr>
<td>', date_time($hint['added']), '</td>
<td>', htmlspecialchars($hint['body']), '</td>
<td><a href="edit_hint.php?id=', htmlspecialchars(short_description($hint['id'], 100)), '" class="btn btn-xs btn-primary">Edit</a></td>
</tr>
';
}
echo '
</tbody>
</table>
<a href="new_hint.php?id=', htmlspecialchars($_GET['id']), '" class="btn btn-sm btn-warning">Add a new hint</a>
';
section_subhead('Delete challenge: ' . $challenge['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will also delete all submissions, all hints and all files associated with challenge!');
form_button_submit('Delete challenge', 'danger');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$category = db_select_one('categories', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_text('Title', $category['title']);
form_textarea('Description', $category['description']);
form_input_checkbox('Exposed', $category['exposed']);
form_input_text('Available from', date_time($category['available_from']));
form_input_text('Available until', date_time($category['available_until']));
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will delete all challenges under this category, as well as all submissions, files, and hints related those challenges!');
form_button_submit('Delete category', 'danger');
form_end();
foot();
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" />
<input type="hidden" name="action" value="submit_flag" />';
form_xsrf_token();
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
display_captcha();
}
echo '<button class="btn btn-sm btn-primary flag-submit-button" type="submit" data-countdown="', max($challenge['latest_submission_added'] + $challenge['min_seconds_between_submissions'], 0), '" data-countdown-done="Submit flag">Submit flag</button>';
if (should_print_metadata($challenge)) {
echo '<div class="challenge-submit-metadata">';
print_submit_metadata($challenge);
echo '</div>';
}
echo '</form>';
echo '
</div>
';
} else {
message_inline_red("You have no remaining submission attempts. If you've made an erroneous submission, please contact the organizers.");
}
}
}
echo '
</div> <!-- / panel-body -->
</div> <!-- / challenge-container -->';
}
echo '</div> <!-- / challenges-container-->';
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit user type');
$user_type = db_select_one('user_types', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_text('Title', $user_type['title']);
form_textarea('Description', $user_type['description']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete user type');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! Any users of this type will be without a type.
You must manually give them a type in the DB. If no types will exist after this action, you must set their type to 0.');
form_button_submit('Delete user type', 'danger');
form_end();
foot();
validate_id($_GET['id']);
$user = db_select_one('users', array('team_name', 'email', 'enabled', 'competing', 'country_id'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit user: '******'team_name']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_text('Email', $user['email']);
form_input_text('Team name', $user['team_name']);
$opts = db_query_fetch_all('SELECT * FROM countries ORDER BY country_name ASC');
form_select($opts, 'Country', 'id', $user['country_id'], 'country_name');
form_input_checkbox('Enabled', $user['enabled']);
form_input_checkbox('Competing', $user['competing']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Reset password');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Reset confirmation');
form_hidden('action', 'reset_password');
form_hidden('id', $_GET['id']);
form_button_submit('Reset password', 'warning');
form_end();
section_subhead('Delete user');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will delete all submissions made by this user!');
form_button_submit('Delete user', 'danger');
foot();
function head($title = '')
{
global $head_sent;
header('Content-Type: text/html; charset=utf-8');
echo '<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>', $title ? htmlspecialchars($title) . ' : ' : '', CONFIG_SITE_NAME, ' - ', CONFIG_SITE_SLOGAN, '</title>
<meta name="description" content="', CONFIG_SITE_DESCRIPTION, '">
<meta name="author" content="">
<link rel="icon" href="', CONFIG_SITE_URL_STATIC_RESOURCES, 'img/favicon.png" type="image/png" />
<!-- CSS -->
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet">
<link href="', CONFIG_SITE_URL_STATIC_RESOURCES, 'css/mellivora.css" rel="stylesheet">';
js_global_dict();
if (CONFIG_SEGMENT_IO_KEY) {
echo '
<script type="text/javascript">
window.analytics=window.analytics||[],window.analytics.methods=["identify","group","track","page","pageview","alias","ready","on","once","off","trackLink","trackForm","trackClick","trackSubmit"],window.analytics.factory=function(t){return function(){var a=Array.prototype.slice.call(arguments);return a.unshift(t),window.analytics.push(a),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var key=window.analytics.methods[i];window.analytics[key]=window.analytics.factory(key)}window.analytics.load=function(t){if(!document.getElementById("analytics-js")){var a=document.createElement("script");a.type="text/javascript",a.id="analytics-js",a.async=!0,a.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.io/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(a,n)}},window.analytics.SNIPPET_VERSION="2.0.9",
window.analytics.load("', CONFIG_SEGMENT_IO_KEY, '");
window.analytics.page();
</script>
';
}
echo '
</head>
<body>';
if (!user_is_logged_in()) {
login_dialog();
}
echo '
<div class="page">
<nav class="header" id="header">
<div id="header-inner">
<div id="header-logo">
<a href="', CONFIG_SITE_URL, '">
<h3 id="site-logo-text">', CONFIG_SITE_NAME, '</h3>
<div id="site-logo">
<object data="' . CONFIG_SITE_URL_STATIC_RESOURCES . 'img/mellivora.svg" type="image/svg+xml"></object>
</div>
</a>
</div>
<div id="header-menu">
<ul class="nav nav-pills pull-right" id="menu-main">';
if (user_is_logged_in()) {
if (user_is_staff()) {
echo '<li><a href="', CONFIG_SITE_ADMIN_URL, '">', lang_get('manage'), '</a></li>';
}
echo '
<li><a href="', CONFIG_SITE_URL, 'home">', lang_get('home'), '</a></li>
<li><a href="', CONFIG_SITE_URL, 'challenges">', lang_get('challenges'), '</a></li>
<li><a href="', CONFIG_SITE_URL, 'hints">', lang_get('hints'), '</a></li>
<li><a href="', CONFIG_SITE_URL, 'scores">', lang_get('scores'), '</a></li>
<li><a href="', CONFIG_SITE_URL, 'profile">', lang_get('profile'), '</a></li>
', dynamic_menu_content(), '
<li>', form_logout(), '</li>
';
} else {
echo '
<li><a href="', CONFIG_SITE_URL, 'home">', lang_get('home'), '</a></li>
<li><a href="', CONFIG_SITE_URL, 'scores">', lang_get('scoreboard'), '</a></li>
', dynamic_menu_content(), '
<li><a href="', CONFIG_SITE_URL, 'register">', lang_get('register'), '</a></li>
<li><a href="" data-toggle="modal" data-target="#login-dialog">', lang_get('log_in'), '</a></li>
';
}
echo '
</ul>
</div>
</div>
</nav><!-- navbar -->
<div class="container" id="body-container">
<div id="content-container">
';
if (isset($_GET['generic_success'])) {
message_inline_green('<h3>' . lang_get('action_success') . '</h3>', false);
} else {
if (isset($_GET['generic_failure'])) {
message_inline_red('<h3>' . lang_get('action_failure') . '</h3>', false);
} else {
if (isset($_GET['generic_warning'])) {
message_inline_red('<h3>', lang_get('action_something_went_wrong'), '</h3>', false);
}
}
}
$head_sent = true;
}
function check_server_configuration()
{
// check for DB and PHP time mismatch
$dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp');
$time = time();
$error = abs($time - $dbInfo['timestamp']);
if ($error >= 5) {
message_inline_red('Database and PHP times are out of sync.
This will likely cause problems.
DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off).
Maybe you have different time zones set?');
}
// check that our writable dirs are writable
foreach (get_directory_list_recursive(CONST_PATH_FILE_WRITABLE) as $dir) {
if (!is_writable($dir)) {
message_inline_red('Directory (' . $dir . ') must be writable by Apache.');
}
}
if (version_compare(PHP_VERSION, CONST_MIN_REQUIRED_PHP_VERSION, '<')) {
message_inline_red('Your version of PHP is too old. You need at least ' . CONST_MIN_REQUIRED_PHP_VERSION . '. You are running: ' . PHP_VERSION);
}
}
function check_server_configuration()
{
// check for DB and PHP time mismatch
$dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp');
$time = time();
$error = abs($time - $dbInfo['timestamp']);
if ($error >= 5) {
message_inline_red('Database and PHP times are out of sync.
This will likely cause problems.
DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off).
Maybe you have different time zones set?');
}
// check that our writable dirs are writable
if (!is_writable(CONFIG_PATH_FILE_WRITABLE)) {
message_inline_red('Writable directory does not exist, or your web server does not have write access to it.
You will not be able to upload files or perform caching.');
}
if (version_compare(PHP_VERSION, '5.3.7', '<')) {
message_inline_red('Your version of PHP is too old. You need at least 5.3.7. You are running: ' . PHP_VERSION);
}
}
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Exceptions');
menu_management();
section_subhead('Clear exceptions');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_exceptions');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
message_inline_red('Warning! This will delete ALL exception logs!!');
form_button_submit('Clear exceptions', 'danger');
form_end();
foot();
function head($title = '')
{
header('Content-Type: text/html; charset=utf-8');
echo '<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>', $title ? htmlspecialchars($title) . ' : ' : '', CONFIG_SITE_NAME, ' - ', CONFIG_SITE_SLOGAN, '</title>
<meta name="description" content="', CONFIG_SITE_DESCRIPTION, '">
<meta name="author" content="">
<link rel="icon" href="', CONFIG_SITE_URL, 'img/favicon.png" type="image/png" />
<!-- CSS -->
<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
<link href="', CONFIG_SITE_URL, 'css/mellivora.css" rel="stylesheet">';
js_global_dict();
if (CONFIG_SEGMENT_IO_KEY) {
echo '
<script type="text/javascript">
window.analytics=window.analytics||[],window.analytics.methods=["identify","group","track","page","pageview","alias","ready","on","once","off","trackLink","trackForm","trackClick","trackSubmit"],window.analytics.factory=function(t){return function(){var a=Array.prototype.slice.call(arguments);return a.unshift(t),window.analytics.push(a),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var key=window.analytics.methods[i];window.analytics[key]=window.analytics.factory(key)}window.analytics.load=function(t){if(!document.getElementById("analytics-js")){var a=document.createElement("script");a.type="text/javascript",a.id="analytics-js",a.async=!0,a.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.io/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(a,n)}},window.analytics.SNIPPET_VERSION="2.0.9",
window.analytics.load("', CONFIG_SEGMENT_IO_KEY, '");
window.analytics.page();
</script>
';
}
echo '
</head>
<body>';
if (!user_is_logged_in()) {
login_dialog();
}
if ($_GET["instanceURI"] != null) {
loadInstanceURI($_GET["instanceURI"]);
}
if ($_GET["instanceID"] != null && $_SESSION['IID'] == null && !verifySAGlobal()) {
loadInstance($_GET["instanceID"]);
}
if ($_SESSION['IID'] == null) {
loadInstance('0');
} else {
// loadInstance('')
}
echo '
<div class="page">
<nav class="header" id="header">
<div id="header-inner">
<div id="header-logo">
<a href="', CONFIG_SITE_URL, '">
<h4 id="site-logo-text">', CONFIG_SITE_NAME, '</h4>
<h6 id="site-logo-text">' . $_SESSION["IName"] . '</h6>
<div id="site-logo"/>
<img src = "../img/btn_DIS1.jpg" height="50" width="50"><img src = "../img/sit_it_choices.jpg" height="50" width="50">
</div>
</a>
</div>
<div id="header-menu">
<ul class="nav nav-pills pull-right" id="menu-main">';
if (user_is_logged_in()) {
if (user_is_staff()) {
echo '<li><a href="', CONFIG_SITE_ADMIN_URL, '">Manage</a></li>';
}
echo '
<li><a href="', CONFIG_SITE_URL, 'home">Home</a></li>
<li><a href="', CONFIG_SITE_URL, 'challenges">Challenges</a></li>
<li><a href="', CONFIG_SITE_URL, 'scores">Scores</a></li>
<li><a href="', CONFIG_SITE_URL, 'profile">Profile</a></li>
', $_SESSION['IID'] == 0 ? '<li><a href="' . CONFIG_SITE_URL . 'game">Game</a></li>' : "", '
', dynamic_menu_content(), '
<li><a href="', CONFIG_SITE_URL, 'logout">Log out (', substr($_SESSION['UName'], 0, 10), ')</a></li>
';
} else {
echo '
<li><a href="', CONFIG_SITE_URL, 'home">Home</a></li>
<li><a href="', CONFIG_SITE_URL, 'scores">Scores</a></li>
', dynamic_menu_content(), '
<li><a href="', CONFIG_SITE_URL, 'register">Register</a></li>
<li><a href="" data-toggle="modal" data-target="#login-dialog">Log in</a></li>
';
}
echo '
</ul>
</div>
</div>
</nav><!-- navbar -->
<div class="container" id="body-container">
<div id="content-container">
';
if (isset($_GET['generic_success'])) {
message_inline_green('<h3>Success!</h3>', false);
} else {
if (isset($_GET['generic_failure'])) {
message_inline_red('<h3>Failure!</h3>', false);
} else {
if (isset($_GET['generic_warning'])) {
message_inline_red('<h3>Something went wrong! Most likely the action you attempted has failed.</h3>', false);
}
}
}
}
