function dynamic_menu_content()
{
$cache_name = user_is_logged_in() ? 'logged_in_' . $_SESSION['class'] : 'guest';
if (cache_start($cache_name, CONFIG_CACHE_TIME_DYNAMIC, CONST_CACHE_DYNAMIC_MENU_GROUP)) {
$entries = db_query_fetch_all('SELECT
title,
internal_page,
permalink,
url,
visibility
FROM
dynamic_menu
WHERE
' . (user_is_logged_in() ? 'min_user_class <= ' . $_SESSION['class'] . ' AND (visibility = "private" OR visibility = "both")' : 'visibility = "public" OR visibility = "both"') . '
ORDER BY priority DESC');
foreach ($entries as $entry) {
echo '
<li>
<a href="', $entry['internal_page'] ? CONFIG_SITE_URL . 'content?show=' . $entry['permalink'] : htmlspecialchars($entry['url']), '">', htmlspecialchars($entry['title']), '</a>
</li>
';
}
cache_end($cache_name, CONST_CACHE_DYNAMIC_MENU_GROUP);
}
}
<?php
require '../include/mellivora.inc.php';
validate_id($_GET['id']);
head('User details');
if (cache_start('user_' . $_GET['id'], CONFIG_CACHE_TIME_USER)) {
$user = db_query_fetch_one('
SELECT
u.team_name,
u.competing,
co.country_name,
co.country_code
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
WHERE
u.id = :user_id', array('user_id' => $_GET['id']));
section_head(htmlspecialchars($user['team_name']), country_flag_link($user['country_name'], $user['country_code'], true), false);
if (!$user['competing']) {
message_inline_blue('This user is listed as a non-competitor.');
}
$challenges = db_query_fetch_all('
SELECT
ca.title,
(SELECT SUM(ch.points) FROM challenges AS ch JOIN submissions AS s ON s.challenge = ch.id AND s.user_id = :user_id AND s.correct = 1 WHERE ch.category = ca.id GROUP BY ch.category) AS points,
(SELECT SUM(ch.points) FROM challenges AS ch WHERE ch.category = ca.id GROUP BY ch.category) AS category_total
FROM categories AS ca
ORDER BY ca.title ASC', array('user_id' => $_GET['id']));
$user_total = 0;
$ctf_total = 0;
foreach ($challenges as $challenge) {
echo '<strong>', htmlspecialchars($challenge['title']), '</strong>, ', number_format($challenge['points']), ' / ', number_format($challenge['category_total']), ' (', round($challenge['points'] / max(1, $challenge['category_total']) * 100), '%)';
$hint1 = db_select_one('purchases', array('*'), array('hid' => $hint['id'], 'uid' => $_SESSION['id']));
if ($hint1['value'] > 0) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
} else {
echo '<p><a href="actions/hints.php?action=purchase&id=' . $hint['id'] . '" class="btn btn-xs btn-info">Purchase hint</a><strong> [This hint is available for purchase at ' . $hint['value'] . ' points.]</strong></p>';
}
}
}
cache_end('hints_challenge_' . $challenge['id']);
}
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
// write out files
if (cache_start('files_' . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
$files = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['id']));
$filesDuplicate = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['cloneOf']));
if (count($files) || count($filesDuplicate)) {
print_attachments($files);
print_attachments($filesDuplicate);
}
cache_end('files_' . $challenge['id']);
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" />
<input type="hidden" name="action" value="submit_flag" />';
form_xsrf_token();
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
header('Content-type: application/json');
if (!isset($_GET['view'])) {
echo json_error(lang_get('please_request_view'));
exit;
}
if ($_GET['view'] == 'scoreboard') {
if (cache_start(CONST_CACHE_NAME_SCORES_JSON, CONFIG_CACHE_TIME_SCORES)) {
json_scoreboard(array_get($_GET, 'user_type'));
cache_end(CONST_CACHE_NAME_SCORES_JSON);
}
} else {
echo json_error(lang_get('please_request_view'));
exit;
}
<?php
require '../include/mellivora.inc.php';
validate_id($_GET['id']);
head('Challenge details');
if (cache_start('challenge_' . $_GET['id'], CONFIG_CACHE_TIME_CHALLENGE)) {
$challenge = db_query_fetch_one('
SELECT
ch.title,
ch.description,
ch.available_from AS challenge_available_from,
ca.title AS category_title,
ca.available_from AS category_available_from
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
WHERE ch.id = :id', array('id' => $_GET['id']));
if (empty($challenge)) {
message_generic('Sorry', 'No challenge found with this ID', false);
}
$now = time();
if ($challenge['challenge_available_from'] > $now || $challenge['category_available_from'] > $now) {
message_generic('Sorry', 'This challenge is not yet available', false);
}
$submissions = db_query_fetch_all('SELECT
u.id AS user_id,
u.team_name,
s.added,
c.available_from
FROM users AS u
LEFT JOIN submissions AS s ON s.user_id = u.id
LEFT JOIN challenges AS c ON c.id = s.challenge
<?php
require '../include/mellivora.inc.php';
enforce_authentication();
head('Hints');
if (cache_start('hints', CONFIG_CACHE_TIME_HINTS)) {
$hints = db_query_fetch_all('
SELECT
h.id,
h.added,
h.body,
c.title,
ca.title AS category_title
FROM hints AS h
LEFT JOIN challenges AS c ON c.id = h.challenge
LEFT JOIN categories AS ca ON ca.id = c.category
WHERE c.available_from < UNIX_TIMESTAMP() AND c.available_until > UNIX_TIMESTAMP() AND h.visible = 1
ORDER BY h.id DESC
');
if (!count($hints)) {
message_generic("Hints", "No hints have been made available yet.", false);
}
section_head('Hints');
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Category</th>
<th>Challenge</th>
<th>Added</th>
<th>Hint</th>
}
// if this challenge relies on another, and the user hasn't solved that requirement
if (isset($relies_on) && !$relies_on['has_solved_requirement']) {
echo '
<div class="challenge-description relies-on">', lang_get('challenge_relies_on', array('relies_on_link' => '<a href="challenge?id=' . htmlspecialchars($relies_on['id']) . '">' . htmlspecialchars($relies_on['title']) . '</a>', 'relies_on_category_link' => '<a href="challenges?category=' . htmlspecialchars($relies_on['category_id']) . '">' . htmlspecialchars($relies_on['category_title']) . '</a>')), '</div>
';
} else {
// write out challenge description
if ($challenge['description']) {
echo '
<div class="challenge-description">
', $bbc->parse($challenge['description']), '
</div> <!-- / challenge-description -->';
}
// write out hints
if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
}
cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']);
}
// write out files
$files = cache_array_get(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES);
if (!is_array($files)) {
$files = db_select_all('files', array('id', 'title', 'size', 'md5', 'download_key'), array('challenge' => $challenge['id']));
cache_array_save($files, CONST_CACHE_NAME_FILES . $challenge['id']);
}
if (count($files)) {
print_attachments($files);
}
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
if (strlen(array_get($_GET, 'code')) != 2) {
message_error('Please supply a valid country code');
}
$country = db_select_one('countries', array('id', 'country_name', 'country_code'), array('country_code' => $_GET['code']));
if (!$country) {
message_error('No country found with that code');
}
head($country['country_name']);
if (cache_start('country_' . $_GET['code'], CONFIG_CACHE_TIME_COUNTRIES)) {
section_head(htmlspecialchars($country['country_name']) . country_flag_link($country['country_name'], $country['country_code'], true), '', false);
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
u.competing,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.competing = 1 AND co.id = :country_id
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC', array('country_id' => $country['id']));
<?php
require '../include/mellivora.inc.php';
enforce_authentication();
head(lang_get('hints'));
if (cache_start(CONST_CACHE_NAME_HINTS, CONFIG_CACHE_TIME_HINTS)) {
$hints = db_query_fetch_all('
SELECT
h.id,
h.added,
h.body,
c.title,
ca.title AS category_title
FROM hints AS h
LEFT JOIN challenges AS c ON c.id = h.challenge
LEFT JOIN categories AS ca ON ca.id = c.category
WHERE
c.available_from < UNIX_TIMESTAMP() AND
c.available_until > UNIX_TIMESTAMP() AND
h.visible = 1 AND
c.exposed = 1 AND
ca.exposed = 1
ORDER BY h.id DESC
');
if (!count($hints)) {
message_generic(lang_get('hints'), lang_get('no_hints_available'), false);
}
section_head('Hints');
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<ul>
';
foreach ($files as $file) {
echo ' <li><a href="download?id=', htmlspecialchars($file['id']), '">', htmlspecialchars($file['title']), '</a> (', bytes_to_pretty_size($file['size']), ')</li>';
}
echo '
</ul>
</div> <!-- / challenge-files -->';
}
cache_end('files_' . $challenge['id']);
}
// only show the hints and flag submission form if we're
// not already correct and if the challenge hasn't expired
if (!$challenge['correct'] && $time < $challenge['available_until']) {
// write out hints
if (cache_start('hints_challenge_' . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
}
cache_end('hints_challenge_' . $challenge['id']);
}
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && !$challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" />
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
if (!isset($_GET['show'])) {
message_error(lang_get('please_request_page'));
}
$menu_data = db_select_one('dynamic_menu', array('internal_page'), array('permalink' => $_GET['show']));
if (!is_valid_id($menu_data['internal_page'])) {
message_error(lang_get('not_a_valid_link'));
}
$content = db_select_one('dynamic_pages', array('id', 'title', 'body', 'visibility', 'min_user_class'), array('id' => $menu_data['internal_page']));
if ($content['visibility'] == 'private') {
enforce_authentication($content['min_user_class']);
}
head($content['title']);
if (cache_start($content['id'], CONFIG_CACHE_TIME_DYNAMIC, CONST_CACHE_DYNAMIC_PAGES_GROUP)) {
section_head($content['title']);
require CONST_PATH_THIRDPARTY . 'nbbc/nbbc.php';
$bbc = new BBCode();
$bbc->SetEnableSmileys(false);
echo $bbc->parse($content['body']);
cache_end($content['id'], CONST_CACHE_DYNAMIC_PAGES_GROUP);
}
foot();
<?php
require '../include/ctf.inc.php';
validate_id($_GET['id']);
head(lang_get('challenge_details'));
if (cache_start(CONST_CACHE_NAME_CHALLENGE . $_GET['id'], CONFIG_CACHE_TIME_CHALLENGE)) {
$challenge = db_query_fetch_one('
SELECT
ch.title,
ch.description,
ch.available_from AS challenge_available_from,
ca.title AS category_title,
ca.available_from AS category_available_from
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
WHERE
ch.id = :id AND
ch.exposed = 1 AND
ca.exposed = 1', array('id' => $_GET['id']));
if (empty($challenge)) {
message_generic(lang_get('sorry'), lang_get('no_challenge_for_id'), false);
}
$now = time();
if ($challenge['challenge_available_from'] > $now || $challenge['category_available_from'] > $now) {
message_generic(lang_get('sorry'), lang_get('challenge_not_available'), false);
}
$submissions = db_query_fetch_all('SELECT
u.id AS user_id,
u.team_name,
s.added,
c.available_from
// Load the header content
if(cache_start('header')){
} else {
include('template/header.php');
cache_stop();
}
// Get requested blog post, or if none specified get homepage (post_id===0)
$post_id = intval($_GET['post_id']);
$cat_id = intval($_GET['cat_id']);
$cache_id = ($post_id? 'page'. $post_id: ($cat_id? 'category'.$cat_id:'homepage'));
if(!cache_start($cache_id))
{
if($post_id) {
load_post($post_id);
}
else {
list_posts(intval($_GET['cat_id']));
}
cache_stop();
}
else {
// echo "CACHED";
}
if(!cache_start('footer')){
// Load the footer content
include('template/footer.php');
cache_stop();
}
?>
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
send_cache_headers('home', CONFIG_CACHE_TIME_HOME);
head('Home');
if (cache_start(CONST_CACHE_NAME_HOME, CONFIG_CACHE_TIME_HOME)) {
require CONST_PATH_THIRDPARTY . 'nbbc/nbbc.php';
$bbc = new BBCode();
$bbc->SetEnableSmileys(false);
$news = db_query_fetch_all('SELECT * FROM news ORDER BY added DESC');
foreach ($news as $item) {
echo '
<div class="news-container">';
section_head($item['title']);
echo '
<div class="news-body">
', $bbc->parse($item['body']), '
</div>
</div>
';
}
cache_end(CONST_CACHE_NAME_HOME);
}
foot();
if ($challenge['description']) {
echo '
<div class="challenge-description">
', $bbc->parse($challenge['description']), '
</div> <!-- / challenge-description -->';
}
// write out hints
if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
}
cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']);
}
// write out files
if (cache_start(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
$files = db_select_all('files', array('id', 'title', 'size', 'md5'), array('challenge' => $challenge['id']));
if (count($files)) {
print_attachments($files);
}
cache_end(CONST_CACHE_NAME_FILES . $challenge['id']);
}
// only show the hints and flag submission form if we're not already correct and if the challenge hasn't expired
if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) {
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<?php
require '../include/mellivora.inc.php';
validate_id(array_get($_GET, 'id'));
head(lang_get('user_details'));
if (cache_start(CONST_CACHE_NAME_USER . $_GET['id'], CONFIG_CACHE_TIME_USER)) {
$user = db_query_fetch_one('
SELECT
u.team_name,
u.competing,
co.country_name,
co.country_code
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
WHERE
u.id = :user_id', array('user_id' => $_GET['id']));
if (empty($user)) {
message_generic(lang_get('sorry'), lang_get('no_user_found'), false);
}
section_head(htmlspecialchars($user['team_name']), country_flag_link($user['country_name'], $user['country_code'], true), false);
if (!$user['competing']) {
message_inline_blue(lang_get('non_competing_user'));
}
$challenges = db_query_fetch_all('
SELECT
ca.title,
(SELECT SUM(ch.points) FROM challenges AS ch JOIN submissions AS s ON s.challenge = ch.id AND s.user_id = :user_id AND s.correct = 1 WHERE ch.category = ca.id GROUP BY ch.category) AS points,
(SELECT SUM(ch.points) FROM challenges AS ch WHERE ch.category = ca.id GROUP BY ch.category) AS category_total
FROM categories AS ca
WHERE
ca.available_from < UNIX_TIMESTAMP() AND
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
header('Content-type: application/json');
if (!isset($_GET['view'])) {
echo json_error('please request a view');
exit;
}
if ($_GET['view'] == 'scoreboard') {
if (cache_start('scores_json', CONFIG_CACHE_TIME_SCORES)) {
json_scoreboard(array_get($_GET, 'user_type'));
cache_end('scores_json');
}
} else {
echo json_error('not a valid view');
exit;
}
redirect(CONFIG_LOGIN_REDIRECT_TO);
exit;
}
prefer_ssl();
head('Register');
if (CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
echo '
<h2>Register your team</h2>
<p>
', lang_get('account_signup_information', array('password_information' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('email_password_on_signup') : '')), '
</p>
<form method="post" id="registerForm" class="form-signin" action="actions/register">
<input name="team_name" type="text" class="form-control" placeholder="Team name" minlength="', CONFIG_MIN_TEAM_NAME_LENGTH, '" maxlength="', CONFIG_MAX_TEAM_NAME_LENGTH, '" required />
<input name="', md5(CONFIG_SITE_NAME . 'USR'), '" type="email" class="form-control" placeholder="Email address" required />
', !CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? '<input name="' . md5(CONFIG_SITE_NAME . 'PWD') . '" type="password" class="form-control" placeholder="Password" required />' : '';
if (cache_start(CONST_CACHE_NAME_REGISTER, CONFIG_CACHE_TIME_REGISTER)) {
$user_types = db_select_all('user_types', array('id', 'title', 'description'));
if (!empty($user_types)) {
echo '<select name="type" class="form-control">
<option disabled selected>-- Please select team type --</option>';
foreach ($user_types as $user_type) {
echo '<option value="', htmlspecialchars($user_type['id']), '">', htmlspecialchars($user_type['title'] . ' - ' . $user_type['description']), '</option>';
}
echo '</select>';
}
country_select();
cache_end(CONST_CACHE_NAME_REGISTER);
}
if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
display_captcha();
}
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
if (strlen(array_get($_GET, 'code')) != 2) {
message_error(lang_get('please_supply_country_code'));
}
$country = db_select_one('countries', array('id', 'country_name', 'country_code'), array('country_code' => $_GET['code']));
if (!$country) {
message_error(lang_get('please_supply_country_code'));
}
head($country['country_name']);
if (cache_start(CONST_CACHE_NAME_COUNTRY . $_GET['code'], CONFIG_CACHE_TIME_COUNTRIES)) {
section_head(htmlspecialchars($country['country_name']) . country_flag_link($country['country_name'], $country['country_code'], true), '', false);
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
u.competing,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.competing = 1 AND co.id = :country_id
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC', array('country_id' => $country['id']));
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
head('Home');
if (cache_start('home', CONFIG_CACHE_TIME_HOME)) {
require CONFIG_PATH_THIRDPARTY . 'nbbc/nbbc.php';
$bbc = new BBCode();
$bbc->SetEnableSmileys(false);
$news = db_query_fetch_all('SELECT * FROM news ORDER BY added DESC');
foreach ($news as $item) {
echo '
<div class="news-container">';
section_head($item['title']);
echo '
<div class="news-body">
', $bbc->parse($item['body']), '
</div>
</div>
';
}
cache_end('home');
}
foot();
<?php
include_once 'data.php';
include_once 'functions.php';
session_write_close();
if (!isset($_GET['from'])) {
$from = '0';
} else {
settype($_GET['from'], "integer");
$from = $_GET['from'];
}
// CACHING
if (isset($_GET['from']) && !isset($_GET['browse']['No PDF']) && !isset($_GET['browse']['Not Indexed'])) {
$cache_name = cache_name();
$db_change = database_change(array('library', 'shelves', 'projects', 'projectsusers', 'projectsfiles', 'filescategories', 'notes'));
cache_start($db_change);
$total_files_array = read_export_files($db_change);
}
if (!isset($_GET['project'])) {
$project = '';
} else {
$project = $_GET['project'];
}
if (!isset($_SESSION['limit'])) {
$limit = 10;
} else {
settype($_SESSION['limit'], "integer");
$limit = $_SESSION['limit'];
}
if (!isset($_SESSION['orderby'])) {
$orderby = 'id';
// check if cache exists and if the cached data is still valid
if (@filemtime($cache_file_name) + $age > time()) {
// Yey! cache hit, output cached data and exit
readfile($cache_file_name);
unset($cache_file_name);
exit;
}
// nothing in cache or cache is too old
ob_start();
}
function cache_end()
{
global $cache_file_name;
// nothing to do
if (empty($cache_file_name)) {
return;
}
// fetch output of the script
$str = ob_get_clean();
// output data to the user, so they don't need to wait
// for the cache writing to complete
echo $str;
// write to cache
fwrite(fopen($cache_file_name . '_tmp', "w"), $str);
// atomic write
rename($cache_file_name . '_tmp', $cache_file_name);
}
cache_start();
// set cache termination code as the exit handler
// this way we don't need to modify the script
register_shutdown_function("cache_end");