<?php
$error = '';
if (strvals_exist($_POST, 'name', 'password')) {
$result = $db->fetch('SELECT id, pass, is_admin FROM users WHERE name=?', $_POST['name']);
if (!$result || !password_verify($_POST['password'], $result->pass)) {
$error = 'Wrong username or password!';
} else {
log_in($result->id, $_POST['name'], $result->is_admin);
$solves = $db->fetchAll('SELECT challenge_id FROM solves WHERE user_id=?', $result->id);
foreach ($solves as $solve) {
add_solved_challenge($solve->challenge_id);
}
redirect_to('?p=home');
}
}
echo render('login.html.php', array('error' => $error));
$chals = $db->fetchAll('SELECT id, title, points FROM challenges WHERE ctf=? ORDER BY points', CTF_NAME);
echo render('admin.html.php', array('chals' => $chals, 'csrf' => generate_csrftoken()));
} elseif ($_GET['a'] === 'edit' && isset($_GET['id'])) {
$chal = $db->fetch('SELECT title, `desc`, flag, points FROM challenges
WHERE id=? AND ctf=?', $_GET['id'], CTF_NAME);
if (!$chal) {
redirect_to('?p=admin');
}
if (valid_csrf() && strvals_exist($_POST, 'title', 'desc', 'flag', 'points')) {
$db->put('UPDATE challenges SET title=?, `desc`=?, flag=?, points=?
WHERE id=?', $_POST['title'], $_POST['desc'], $_POST['flag'], $_POST['points'], $_GET['id']);
redirect_to('?p=admin');
}
echo render('admin_edit.html.php', array('chal' => $chal, 'csrf' => generate_csrftoken()));
} elseif ($_GET['a'] === 'add') {
if (valid_csrf() && strvals_exist($_POST, 'title', 'desc', 'flag', 'points')) {
$db->put('INSERT INTO challenges (title, `desc`, flag, points, ctf)
VALUES (?, ?, ?, ?, ?)', $_POST['title'], $_POST['desc'], $_POST['flag'], $_POST['points'], CTF_NAME);
redirect_to('?p=admin');
}
echo render('admin_edit.html.php', array('csrf' => generate_csrftoken()));
} elseif ($_GET['a'] === 'delete' && isset($_GET['id']) && valid_csrf()) {
$db->put('DELETE FROM challenges WHERE id=?', $_GET['id']);
$db->put('DELETE FROM solves WHERE challenge_id=?', $_GET['id']);
redirect_to('?p=admin');
} elseif ($_GET['a'] === 'delete-solves' && valid_csrf()) {
$db->put('DELETE FROM solves WHERE challenge_id IN
(SELECT id FROM challenges WHERE ctf=?)', CTF_NAME);
redirect_to('?p=admin');
} else {
redirect_to('?p=admin');
<?php
if (!logged_in()) {
redirect_to('?p=login');
}
$error = 'Invalid id.';
if (!strvals_exist($_GET, 'id')) {
die($error);
}
$chal = $db->fetch('SELECT id, title, `desc`, flag, points FROM challenges
WHERE id=? AND ctf=?', $_GET['id'], CTF_NAME);
if (!$chal) {
die($error);
}
$valid_flag = '';
$flag_msg = 'Incorrect flag.';
if (strvals_exist($_POST, 'flag')) {
$valid_flag = false;
if (validate_flag($_POST['flag'], $chal->flag)) {
$valid_flag = true;
if (is_solved($chal->id)) {
$flag_msg = 'Correct flag but you already solved the challenge.';
} else {
$db->put('INSERT INTO solves (user_id, challenge_id) VALUES (?, ?)', $_SESSION['id'], $chal->id);
add_solved_challenge($chal->id);
$flag_msg = 'Correct flag! +' . $chal->points . ' points!';
}
}
}
echo render('chal.html.php', array('chal' => $chal, 'valid_flag' => $valid_flag, 'flag_msg' => $flag_msg));
<?php
require_once __DIR__ . '/../config.php';
require_once __DIR__ . '/util.php';
require_once __DIR__ . '/Database.php';
require_once __DIR__ . '/Template.php';
if (!defined('CTF_NAME')) {
die('CTF_NAME must be set.');
}
ini_set('short_open_tag', 1);
// for templates
session_name('SCOREBOARDSESSID');
ini_set('session.cookie_httponly', 1);
// security fix: we want challenges to be able to set $_SESSION with extract()
// so we change our session save path here
if (!is_dir(SESSION_PATH)) {
mkdir(SESSION_PATH, 0330);
}
session_save_path(SESSION_PATH);
session_start();
header('Content-Type: text/html; charset=UTF-8');
header('X-XSS-Protection: 1; mode=block');
header('X-Frame-Options: DENY');
$db = new Database($dbhost, $dbname, $dbuser, $dbpass);
$page = strvals_exist($_GET, 'p') ? $_GET['p'] : 'home';
$page_path = __DIR__ . '/../pages/' . $page . '.php';
if (!preg_match('/^\\w+$/', $page) || !file_exists($page_path)) {
$page = '404';
}
include __DIR__ . '/../pages/' . $page . '.php';
<?php
if (logged_in()) {
redirect_to('?p=home');
}
$error = '';
if (strvals_exist($_POST, 'name', 'pass')) {
$user = $db->fetch('SELECT id FROM users WHERE name=?', $_POST['name']);
if ($user) {
$error = 'User already exists.';
} else {
$admin = 0;
if (strvals_exist($_POST, 'admin-pass')) {
if ($_POST['admin-pass'] === ADMIN_PW) {
$admin = 1;
} else {
$error = 'Admin password wrong!';
}
}
if (empty($error)) {
$db->put('INSERT INTO users (name, pass, is_admin) VALUES (?, ?, ?)', $_POST['name'], password_hash($_POST['pass'], PASSWORD_DEFAULT), $admin);
log_in($db->lastInsertId(), $_POST['name'], $admin);
redirect_to('?p=home');
}
}
}
echo render('register.html.php', array('error' => $error));
