public function can($resource, $resourceValue = null)
{
$challenge = new Challenge($resource, $resourceValue);
$rules = $this->rulesFor($challenge->getResource());
$this->lastEvaluator = new $this->evaluator($rules, $this);
return $this->lastEvaluator->check($challenge);
}
/**
* Filters contributions for unique participants
*
* @param Challenge $challenge
* @return ArrayCollection
*/
protected function getUniqueParticipants($challenge)
{
//Filter duplicated participants
$participants = new ArrayCollection();
$challenge->getContributions()->map(function ($c) use($participants) {
if (!$participants->contains($c->getUserId())) {
$participants->add($c->getUserId());
}
});
return $participants;
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['submit'])) {
if ($_POST['title'] == '') {
$this->addErrorMessage("Title of the challenge should not be empty");
} elseif ($_POST['description'] == '') {
$this->addErrorMessage("Description should not be empty");
} elseif ($_POST['visibility'] == '') {
$this->addErrorMessage("Visibility field should not be empty");
} else {
$this->title = $_POST['title'];
$this->description = $_POST['description'];
$this->visibility = $_POST['visibility'];
$this->publish = $_POST['publish'];
ChallengeBackend::updateChallenge($id, $this->title, $this->description, $this->visibility, $this->publish);
$this->addSuccessMessage("Challenge details have been updated succesfully");
}
}
$challenges = Challenge::getChallenge($id);
$this->setViewTemplate('editchallenge.tpl');
$this->addToView('challenge', $challenges[0]);
$this->generateView();
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$challenges = Challenge::getChallenge($id);
$title = $challenges[0]->title;
$url = HACKADEMIC_PATH . "challenges/" . $challenges[0]->pkg_name . "/index.php";
if (isset($_POST['submit'])) {
$contents = $_POST['code'];
file_put_contents($url, $contents);
$this->addSuccessMessage("File has been updated successfully !");
}
if (!file_exists($url)) {
$this->addErrorMessage("File does not exist");
$file_contents = '';
} else {
$file_contents = htmlspecialchars(file_get_contents($url), ENT_NOQUOTES | ENT_HTML401);
}
$folder = $challenges[0]->pkg_name;
} else {
$title = "Unknown Challenge";
$file_contents = '';
$folder = null;
$this->addErrorMessage("You need to select a challenge to edit.");
}
$this->setViewTemplate('editcode.tpl');
$this->addToView('file_contents', $file_contents);
$this->addToView('title', $title);
$this->addToView('folder', $folder);
$this->generateView();
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$this->addToView('id', $id);
$challenge = Challenge::getChallenge($id);
if ($this->isLoggedIn() && ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id))) {
$challenge_path = SOURCE_ROOT_PATH . "challenges/" . $challenge[0]->pkg_name . "/";
$this->addToView('pkg_name', $challenge[0]->pkg_name);
$solution = $challenge[0]->solution;
if (isset($_POST) && count($_POST) != 0) {
//echo '<div style = "color:red">CHALLENGE WAS SUBMITTED</div>';
}
if (!isset($_GET["path"])) {
$url = $challenge_path . "index.php";
} else {
$url = $challenge_path . $_GET['path'];
}
header("Location: " . $url);
} else {
die;
}
}
$this->setViewTemplate("trychallenge.tpl");
$this->generateView();
}
/**
* Page that allows any user (usually an invited friend) to donate to given challenge.
*/
function donate($challenge_id)
{
$challenge = Challenge::find_by_id($challenge_id);
if (!$challenge) {
throw new PageNotFoundException();
}
return array('challenge' => $challenge, 'charity' => $challenge->charity, 'challenger' => $challenge->user);
}
public static function sendErrorMessage($post)
{
$authStatus = Challenge::checkAuthenticationToken($post['token']);
if (is_a($authStatus, 'ErrorObject')) {
return $authStatus;
}
alertWhoops($post);
}
/**
* Send user to appropriate PayPal URL to complete preapproval/first payment process
*/
function prepay_challenge($challenge_id)
{
$challenge = Challenge::find_by_id($challenge_id);
if (!$challenge) {
throw new PageNotFoundException();
}
return $this->do_prepay_challenge($challenge);
}
public static function approveComment(array $post)
{
$authStatus = Challenge::checkAuthenticationToken($post['token']);
if (is_a($authStatus, 'ErrorObject')) {
return $authStatus;
}
return Comments::approveComment($post['commentId']);
}
public function actionChallenge()
{
if (isset($_GET['idTruth']) || isset($_GET['idDare'])) {
$idType = isset($_GET['idDare']) ? 'idDare' : 'idTruth';
$modelTruthOrDare = isset($_GET['idDare']) ? new Dare() : new Truth();
$modelTruthOrDare->{$idType} = $_GET[$idType];
$challenges = Challenge::model()->with('truth', 'dare', 'userTo', "userTo.scoreTruth", "userTo.scoreDare")->findAllByAttributes(array($idType => $_GET[$idType], 'status' => 1));
$this->render('challenge', array('modelTruthOrDare' => $modelTruthOrDare, 'challenges' => $challenges, 'idType' => $idType));
}
}
public function post($resourceVals, $data, $userId)
{
global $logger, $warnings_payload;
$userId = 2;
$challengeId = $resourceVals['project-challenges'];
if (isset($challengeId)) {
$warnings_payload[] = 'POST call to /project-challenges must not have ' . '/challengeID appended i.e. POST /project-challenges';
throw new UnsupportedResourceMethodException();
}
$nowFormat = date('Y-m-d H:i:s');
$nowUpdateFormat = date('0000-00-00 00:00:00');
$challengeObj = new Challenge($userId, $data['project_id'], $data['blob_id'], 1, $data['title'], $data['stmt'], $data['type'], 1, $data['likes'], $data['dislikes'], $nowFormat, $nowUpdateFormat);
$logger->debug("POSTed Challenge Post Detail: " . $challengeObj->toString());
$this->collapDAO->insert($challengeObj);
$challengeDetail = $challengeObj->toArray();
if (!isset($challengeDetail['id'])) {
return array('code' => '2011');
}
$this->challengeDetail[] = $challengeDetail;
return array('code' => '2001', 'data' => array('challengeDetail' => $this->challengeDetail));
}
public function go()
{
$challenges = Challenge::getChallengesFrontend();
$menu = array();
foreach ($challenges as $challenge) {
$link = array('id' => $challenge->id, 'title' => $challenge->title, 'url' => 'challenges/' . $challenge->pkg_name . '/index.php');
array_push($menu, $link);
}
$this->addToView('list', $menu);
$this->setViewTemplate('challenge_list.tpl');
return $this->generateView();
}
public static function getAllChallenges()
{
if (!self::$allFetched) {
$items = query(__CLASS__)->where(array('year' => Year::current()))->sort('name')->selectMultiple();
self::$cache = array();
foreach ($items as $item) {
self::$cache[$item->id] = $item;
}
self::$allFetched = true;
}
return self::$cache;
}
public function getByUsername($username)
{
$sql = "select user.username as user_username, password, name, surname, email, challangeID, startdatum, einddatum, startgewicht, eindgewicht" . " from user, challanges where user.username = challanges.username and challanges.username = :user";
$dbh = new PDO(DBConfig::$DB_CONNSTRING, DBConfig::$DB_USERNAME, DBConfig::$DB_PASSWORD);
$stmt = $dbh->prepare($sql);
$stmt->execute(array(':user' => $username));
$rij = $stmt->fetch(PDO::FETCH_ASSOC);
$user = User::create($rij["user_username"], $rij["password"], $rij["name"], $rij["surname"], $rij["email"]);
$challenge = Challenge::create($rij["challangeID"], $user, $rij["startdatum"], $rij["einddatum"], $rij["startgewicht"], $rij["eindgewicht"]);
// var_dump($challenge);
$dbh = null;
return $challenge;
}
/**
* Add a new challenge from $path.
* The path parameter is the place where the challenge was unzipped. The method will mv the challenge in
* the /challenges folder and install it in the database.
* @param FilePath $path the filesystem path where the challenge is located usually some temp directory
* @throws \GuzzleHttp\Exception\XmlParseException if the challenge .xml config file is not found
* @return void
*/
public static function addNew(FilePath $path)
{
$challengeName = explode(DIRECTORY_SEPARATOR, $path);
$challengeName = array_pop($challengeName);
$challengeConfig = Utils::replaceXMLHeader(readfile($path . DIRECTORY_SEPARATOR . $challengeName . ".xml"));
$xml = simplexml_load_string($challengeConfig);
if (false === $xml) {
throw new \GuzzleHttp\Exception\XmlParseException('Challenge xml is invalid');
}
$title = $xml[CHALLENGE_XML_TITLE_TAG];
$author = $xml[CHALLENGE_XML_AUTHOR_TAG];
$category = $xml[CHALLENGE_XML_CATEGORY_TAG];
$description = $xml[CHALLENGE_XML_DESCRIPTION_TAG];
$challenge = new Challenge();
$challenge->title = $title;
$challenge->author = $author;
$challenge->category = $category;
$challenge->description = $description;
Utils::recurse_copy($path, CHALLENGE_DIR . $challengeName);
$challenge->save();
/*Todo: initialize containers/vagrant boxes*/
}
public static function getAllChallengeWinners()
{
Challenge::getAllChallenges();
if (!self::$allFetched) {
$items = query(__CLASS__)->sortDesc('time')->selectMultiple();
self::$cache = array();
foreach ($items as $item) {
if (!$item->getChallenge()) {
continue;
}
self::$cache[$item->id] = $item;
}
self::$allFetched = true;
}
return self::$cache;
}
public function update($status)
{
if (!Session::isAdmin() && !Session::isTeacher()) {
$username = Session::getLoggedInUser();
$url = $_SERVER['REQUEST_URI'];
$url_components = explode("/", $url);
$count_url_components = count($url_components);
for ($i = 0; $url_components[$i] != "challenges"; $i++) {
}
$pkg_name = $url_components[$i + 1];
$user = User::findByUserName($username);
$challenge = Challenge::getChallengeByPkgName($pkg_name);
$user_id = $user->id;
$challenge_id = $challenge[0]->id;
if (!ChallengeAttempts::isChallengeCleared($user_id, $challenge_id)) {
ChallengeAttempts::addChallengeAttempt($user_id, $challenge_id, $status);
}
}
}
public function go()
{
$username = $this->getLoggedInUser();
$user = User::findByUserName($username);
if (!$user) {
return;
}
if (Session::isAdmin() || Session::isTeacher()) {
$challenges = Challenge::getChallengesFrontend();
} else {
$challenges = Challenge::getChallengesAssigned($user->id);
}
$menu = array();
foreach ($challenges as $challenge) {
$link = array('id' => $challenge->id, 'title' => $challenge->title, 'url' => 'challenges/' . $challenge->pkg_name . '/index.php');
array_push($menu, $link);
}
return $menu;
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$challenge = Challenge::getChallenge($id);
$this->setViewTemplate('showChallenge.tpl');
$this->addToView('challenge', $challenge[0]);
if (!$this->isLoggedIn()) {
$this->addErrorMessage("You must login to be able to take the challenge");
} else {
if ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id)) {
$this->addToView('is_allowed', true);
} else {
$this->addErrorMessage('You cannot take the challenge as you are not a member
of any class to which this challenge is assigned.');
}
}
$this->generateView();
}
}
public function run()
{
//We check the level of the user before to allow him to see the content
if (isset($this->model->idCategory) && isset($this->filterLevel) && $this->model->idCategory != '') {
$levelCategory = Category::model()->findByPk($this->model->idCategory);
if ($levelCategory->level > $this->filterLevel) {
Yii::app()->user->setFlash('forbiddenLevel', 'Sorry, to have access to this category you need to register a coin which belongs to this category.');
}
}
//We get the generated criterias
$criteria = $this->model->getCriteria();
//We set up the number of Challenge we want to display if necessary
if (isset($this->model->limit)) {
$criteria->limit = $this->model->limit;
}
//We choose the order of display
$criteria->order = isset($this->model->order) && $this->model->order !== '' ? $this->model->order . " DESC " : " t.voteUp - t.voteDown DESC ";
//Page manager
$count = Challenge::model()->count($criteria);
//Use the $this->limit in Pagination otherwise $pages->pageSize to $criteria overriding the $criteria->limit
$pages = new CPagination(isset($this->model->limit) ? $this->model->limit : $count);
$pages->pageSize = isset($this->model->limit) ? $this->model->limit : $this->itemsPerPage;
$pages->applyLimit($criteria);
//Get the datas
$datas = Challenge::model()->findAll($criteria);
//Manage favourites
$modelUserList = new UserList();
$userLists = CHtml::listData(array(), 'idUserList', 'name');
if (!Yii::app()->user->isGuest) {
$userLists = UserList::model()->findAllByAttributes(array('idUser' => Yii::app()->user->getId()));
$userLists = CHtml::listData($userLists, 'idUserList', 'name');
}
//Manage send Challenges
$friends = CHtml::listData(array(), 'idUser', 'username');
if (!Yii::app()->user->isGuest) {
$friends = CHtml::listData(Friend::getFriends(Yii::app()->user->getId()), 'idUser', 'username');
}
$this->render('challengeDareList', array('datas' => $datas, 'pages' => $pages, 'userLists' => $userLists, 'friends' => $friends));
}
public static function setCategories(array $post)
{
$authStatus = Challenge::checkAuthenticationToken($post['token']);
if (is_a($authStatus, 'ErrorObject')) {
return $authStatus;
}
$categoryName = isset($post['category_name']) ? $post['category_name'] : false;
$categorySelected = isset($post['category_selection']) ? $post['category_selection'] : false;
$insertId = 0;
if ($categoryName) {
$insertId = null;
if (isset($post['add_sub']) && $categorySelected) {
$insertId = Categories::setNewSubCategory($categoryName, $categorySelected);
} else {
$insertId = Categories::setNewCategory($categoryName);
}
if (is_a($insertId, 'ErrorObject')) {
return $insertId;
}
return array('id' => $insertId, 'name' => $categoryName);
}
return array();
}
<?php
require_once '../classes/domains/Users.php';
require_once '../classes/domains/Challenge.php';
$cookieHash = isset($_COOKIE['eggmatters_com']) ? $_COOKIE['eggmatters_com'] : null;
$userName = "";
Challenge::getAuthenticationToken();
if (!is_null($cookieHash)) {
$userObj = Users::getUserByCookie($cookieHash);
if (!is_a($userObj, 'ErrorObject')) {
$userName = $userObj[0]->userName;
}
}
if (!isset($userName) || $userName != "eggmatters") {
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'index.php';
header("Location: http://{$host}{$uri}/{$extra}");
}
header('Cache-Control: private, no-cache, max-age=0, must-revalidate');
header('Expires: ' . date('r'));
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Eggmatters.com</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
function challenge_list(Challenge $challenge)
{
$text = $challenge->getName() . ' for ' . $challenge->getPoints() . ' points, code ' . $challenge->getCode() . '.';
$team_select = ui_select('team_id', Team::getAllTeamNames());
$id = $challenge->getID();
return <<<EOT
{$text}
<form method="POST" action="challenges.php">
{$team_select}
<input type="hidden" name="challenge_id" value="{$id}" />
<input type="submit" name="add" value="Add Winner" />
<input type="submit" name="delete" value="Delete Challenge" />
</form>
EOT;
}
<?php
session_start();
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
require_once "../config/config.inc.php";
$challenge = new Challenge();
if (isset($_POST['m'])) {
$mail = util::getPost('m');
$db = new MySQL(HOST, DB_USER, DB_PASSWORD, DB_NAME);
$sql = "SELECT mfrom,mto,msubject,mbody,mdate FROM mailbox m,players u WHERE u.id=m.userid AND u.name='" . $challenge->getUser() . "' AND m.mailid={$mail}";
// echo $sql;
$result = $db->query($sql);
$row = $result->fetch();
extract($row);
$text = <<<EOT
<div id="message">
<!-- mail starts here -->
<table id="mailheader" cellpadding="15" cellspacing="3">
<tr><td align="right">To:</td><td> </td><td>{$mto}</td></tr>
<tr><td align="right">From:</td><td> </td><td>{$mfrom}</td></tr>
<tr><td align="right">Date:</td><td> </td><td>{$mdate}</td></tr>
<tr><td align="right">Subject:</td><td> </td><td>{$msubject}</td></tr>
</table>
<hr/>
<div id="mailbody">{$mbody}</div>
<!-- mail ends here -->
</div>
EOT;
if (CTF::register($name, $password1, $email)) {
$output = showLogin("", isset($_SESSION[Challenge::PLAYER]));
} else {
$output = showRegister("User already exists");
}
}
} else {
$output = showRegister("Name can't be empty");
}
}
break;
default:
break;
}
}
$challenge = new Challenge();
$array = $BASE_ARRAY;
$array['title'] = "CTF Login";
if (isset($_SESSION[Challenge::PLAYER])) {
$array['ranking'] = $challenge->getRank();
$array['login'] = '******';
} else {
$array['ranking'] = "You have to login to have a rank";
$array['login'] = '******';
}
echo CTF::header($array);
echo '<div id="content">';
echo '<div id="multi-logo">';
echo "<div id=\"login\">";
echo join('', $output);
echo "</div></div></div>";
<?php
require_once '../config/config.inc.php';
$challenge = new Challenge();
$array = $BASE_ARRAY;
$array['title'] = "OWASP Capture the Flag";
$loginpage = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
$loginpage = str_replace("index", "login", $loginpage);
if (isset($_SESSION[Challenge::PLAYER])) {
$array['ranking'] = $challenge->getRank();
$array['login'] = '******' . $loginpage . '?action=logout">Logout</a>';
} else {
$array['ranking'] = "You have to login to show your rank";
$array['login'] = '******' . $loginpage . '">Login</a>';
}
$challenge->header($array);
?>
<div id="content">
<div id="big-logo">
<div id="challenges">
<?php
$challenge->buildChallenges();
?>
</div>
</div>
</div>
<?php
CTF::footer();
<?php
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
$location = $_SERVER['SERVER_NAME'] . WEBROOT;
$first = "<script language=JavaScript>function Try(password) { if (password ==\"";
$last = <<<EOT
") {alert("This one was easy, you will receive a point ;)");
window.location = "https://{$location}/check.php?t={$token}";
return false;}else {alert("To bad, please try again.");return false;}}
// -->
</script>
EOT;
?>
<Script Language='Javascript'>
<!--
document.write(unescape('%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%4a%61%76%61%53%63%72%69%70%74%3e%0d%0a%76%61%72%20%6d%65%73%73%61%67%65%3d%22%57%65%20%64%6f%20%74%72%79%20%74%6f%20%6d%61%6b%65%20%69%74%20%68%61%72%64%65%72%2e%20%3a%29%21%22%3b%66%75%6e%63%74%69%6f%6e%20%63%6c%69%63%6b%49%45%34%28%29%7b%69%66%20%28%65%76%65%6e%74%2e%62%75%74%74%6f%6e%3d%3d%32%29%7b%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%3b%7d%7d%66%75%6e%63%74%69%6f%6e%20%63%6c%69%63%6b%4e%53%34%28%65%29%7b%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%6c%61%79%65%72%73%7c%7c%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%26%26%21%64%6f%63%75%6d%65%6e%74%2e%61%6c%6c%29%7b%69%66%20%28%65%2e%77%68%69%63%68%3d%3d%32%7c%7c%65%2e%77%68%69%63%68%3d%3d%33%29%7b%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%3b%7d%7d%7d%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%6c%61%79%65%72%73%29%7b%64%6f%63%75%6d%65%6e%74%2e%63%61%70%74%75%72%65%45%76%65%6e%74%73%28%45%76%65%6e%74%2e%4d%4f%55%53%45%44%4f%57%4e%29%3b%64%6f%63%75%6d%65%6e%74%2e%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%63%6c%69%63%6b%4e%53%34%3b%7d%65%6c%73%65%20%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%61%6c%6c%26%26%21%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%29%7b%64%6f%63%75%6d%65%6e%74%2e%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%63%6c%69%63%6b%49%45%34%3b%7d%64%6f%63%75%6d%65%6e%74%2e%6f%6e%63%6f%6e%74%65%78%74%6d%65%6e%75%3d%6e%65%77%20%46%75%6e%63%74%69%6f%6e%28%22%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%22%29%0d%0a%2f%2f%20%2d%2d%3e%0d%0a%3c%2f%73%63%72%69%70%74%3e'));
//-->
</Script>
<Script Language='Javascript'>
<!--
document.write(unescape("<?php
echo util::ascii2hex($first . $pwd . "" . $last);
?>
"));
/**
* Return CActiveRecord with Challenges
* @return CActiveRecord
*/
public static function getChallenges($idUser, $idCategory = null, $idGender = null, $idType = null, $idStatus = null, $minDateChallenge = null, $idPrivateStatus = null, $idUserFrom = null)
{
$criteria = new CDbCriteria();
//Get users the current user added as Friends
$criteria->condition = "t.idUserTo=:idUser AND t.status <> 2";
$criteria->params = array(':idUser' => $idUser);
if ($idCategory !== '' && $idCategory !== null) {
$criteria->addCondition("categoryTruth.idCategory = :idCategory OR categoryDare.idCategory = :idCategory");
$criteria->params[':idCategory'] = $idCategory;
}
if ($idGender !== '' && $idGender !== null) {
$criteria->addCondition("userFrom.gender = :gender");
$criteria->params[':gender'] = $idGender;
}
if ($idType !== '' && $idType !== null) {
$criteria->addCondition("t.id{$idType} IS NOT NULL");
}
if ($idStatus !== '' && $idStatus !== null) {
$criteria->addCondition("t.status = :idStatus");
$criteria->params[':idStatus'] = $idStatus;
}
if ($minDateChallenge !== '' && $minDateChallenge !== null) {
$criteria->addCondition("IFNULL(t.finishDate,t.createDate) >= :minDateChallenge");
$criteria->params[':minDateChallenge'] = $minDateChallenge;
}
if ($idPrivateStatus !== '' && $idPrivateStatus !== null) {
$criteria->addCondition("t.private = :idPrivateStatus");
$criteria->params[':idPrivateStatus'] = $idPrivateStatus;
}
if ($idUserFrom !== '' && $idUserFrom !== null) {
$criteria->addCondition("t.idUserFrom = :idUserFrom");
$criteria->params[':idUserFrom'] = $idUserFrom;
}
$challenges = Challenge::model()->with('truth', 'dare', 'truth.category', 'dare.category', 'userFrom', 'levelUserFrom')->findAll($criteria);
return $challenges;
}
public function actionDeleteChallenge()
{
if (isset($_POST['idChallenge'])) {
$challenge = Challenge::model()->findByPk($_POST['idChallenge']);
if ($challenge->idUserTo == Yii::app()->user->getId()) {
//We change the status to decline
$challenge->status = 2;
$challenge->save();
//We delete the associated votes
$votingDetails = VotingDetail::model()->deleteAllByAttributes(array('idChallenge' => $_POST['idChallenge']));
echo "SUCCESS";
}
}
}
<?php
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
if (isset($_POST['submit'])) {
$uid = util::getPost('username');
$passwd = util::getPost('password');
if ($uid = "admin" && $passwd == $pwd) {
$challenge->mark();
CTF::showAchieved();
}
}
?>
<a href="show.php?filename=example.php" style="color:blue;">You can look at a PHP example here</a>
<br/><br/>
<hr/>
<br/>
<form autocomplete="off" method="post">
<table>
<tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit"/> <?php
$challenge->nextButton();
?>
</td></tr>
</table>
</form>
<?php
