public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['submit'])) {
if ($_POST['title'] == '') {
$this->addErrorMessage("Title of the challenge should not be empty");
} elseif ($_POST['description'] == '') {
$this->addErrorMessage("Description should not be empty");
} elseif ($_POST['visibility'] == '') {
$this->addErrorMessage("Visibility field should not be empty");
} else {
$this->title = $_POST['title'];
$this->description = $_POST['description'];
$this->visibility = $_POST['visibility'];
$this->publish = $_POST['publish'];
ChallengeBackend::updateChallenge($id, $this->title, $this->description, $this->visibility, $this->publish);
$this->addSuccessMessage("Challenge details have been updated succesfully");
}
}
$challenges = Challenge::getChallenge($id);
$this->setViewTemplate('editchallenge.tpl');
$this->addToView('challenge', $challenges[0]);
$this->generateView();
}
public function getChallenge()
{
if ($this->challengeObj == UNPREPARED) {
$this->challengeObj = Challenge::getChallenge($this->challenge);
}
return $this->challengeObj;
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$this->addToView('id', $id);
$challenge = Challenge::getChallenge($id);
if ($this->isLoggedIn() && ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id))) {
$challenge_path = SOURCE_ROOT_PATH . "challenges/" . $challenge[0]->pkg_name . "/";
$this->addToView('pkg_name', $challenge[0]->pkg_name);
$solution = $challenge[0]->solution;
if (isset($_POST) && count($_POST) != 0) {
//echo '<div style = "color:red">CHALLENGE WAS SUBMITTED</div>';
}
if (!isset($_GET["path"])) {
$url = $challenge_path . "index.php";
} else {
$url = $challenge_path . $_GET['path'];
}
header("Location: " . $url);
} else {
die;
}
}
$this->setViewTemplate("trychallenge.tpl");
$this->generateView();
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$challenges = Challenge::getChallenge($id);
$title = $challenges[0]->title;
$url = HACKADEMIC_PATH . "challenges/" . $challenges[0]->pkg_name . "/index.php";
if (isset($_POST['submit'])) {
$contents = $_POST['code'];
file_put_contents($url, $contents);
$this->addSuccessMessage("File has been updated successfully !");
}
if (!file_exists($url)) {
$this->addErrorMessage("File does not exist");
$file_contents = '';
} else {
$file_contents = htmlspecialchars(file_get_contents($url), ENT_NOQUOTES | ENT_HTML401);
}
$folder = $challenges[0]->pkg_name;
} else {
$title = "Unknown Challenge";
$file_contents = '';
$folder = null;
$this->addErrorMessage("You need to select a challenge to edit.");
}
$this->setViewTemplate('editcode.tpl');
$this->addToView('file_contents', $file_contents);
$this->addToView('title', $title);
$this->addToView('folder', $folder);
$this->generateView();
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
$challenge = Challenge::getChallenge($id);
$this->setViewTemplate('showChallenge.tpl');
$this->addToView('challenge', $challenge[0]);
if (!$this->isLoggedIn()) {
$this->addErrorMessage("You must login to be able to take the challenge");
} else {
if ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id)) {
$this->addToView('is_allowed', true);
} else {
$this->addErrorMessage('You cannot take the challenge as you are not a member
of any class to which this challenge is assigned.');
}
}
$this->generateView();
}
}
if (key_exists('claim', $_POST)) {
$code = $_POST['code'];
$action = 'claim';
}
}
}
}
}
// ACTION
switch ($action) {
case 'new':
$challenge = new Challenge(array('year' => Year::current(), 'name' => $challenge_name, 'points' => $challenge_points, 'code' => $challenge_code));
$challenge->doAdd("Created challenge {$challenge_name} successfully.");
break;
case 'delete':
$challenge = Challenge::getChallenge($challenge_id);
foreach ($challenge->getWinners() as $winner) {
$winner->doRemove();
}
$challenge->doRemove("Deleted challenge successfully.");
break;
case 'add':
$winner = new ChallengeWinner(array('team' => $team_id, 'challenge' => $challenge_id));
$winner->doAdd("Added challenge winner successfully.");
break;
case 'remove':
$winner = ChallengeWinner::getChallengeWinner($winner_id);
$winner->doRemove("Deleted challenge winner successfully.");
break;
case 'claim':
$team = Session::currentTeam();
<?php
/*
* This should work:
* uid = admin'+--+-
* pwd = 123
*/
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
$createSQL = "CREATE TABLE players (id MEDIUMINT NOT NULL AUTO_INCREMENT,name varchar(60) NOT NULL,password varchar(100) NOT NULL,PRIMARY KEY(id))";
$error = "";
$dbname = 'wcdb' . $challenge->getChallenge() . $challenge->getUser();
$dbname = str_replace('-', '', $dbname);
$db = new MySQL('localhost', 'wcuid' . $challenge->getUser(), 'wcpwd#sldi$v0x8' . $token, strtolower($dbname));
if ($db->testTable("SELECT * FROM players LIMIT 0,1", $createSQL)) {
$db->query("INSERT INTO players(name,password) VALUES('admin','{$token}')");
}
if (isset($_GET['submit'])) {
$uid = htmlspecialchars(strip_tags($_GET['username']));
$passwd = htmlspecialchars(strip_tags($_GET['password']));
$sql = "SELECT password FROM players where name='admin'";
$result = $db->query($sql);
$tbl = $result->fetch();
$pwd = $tbl['password'];
if ($uid == "admin" && $passwd == $pwd) {
$challenge->mark();
CTF::showAchieved();
$db->query("DROP database " . 'webchallengedb' . $challenge->getUser());
