echo ' <table id="hints" class="table table-striped table-hover"> <thead> <tr> <th>Message</th> <th>Added</th> <th>User</th> <th>IP</th> <th>Trace</th> <th>User agent</th> </tr> </thead> <tbody> '; $from = get_pager_from($_GET); $num_exceptions = db_count_num('exceptions'); $results_per_page = 30; pager(CONFIG_SITE_ADMIN_URL . 'list_exceptions/', $num_exceptions, $results_per_page, $from); $exceptions = db_query_fetch_all(' SELECT e.id, e.message, e.added, e.added_by, e.trace, INET_NTOA(e.user_ip) AS user_ip, e.user_agent, u.team_name FROM exceptions AS e LEFT JOIN users AS u ON u.id = e.added_by ORDER BY e.id DESC
<th>Class</th> <th>Enabled</th> <th>Num IPs</th> <th>Manage</th> </tr> </thead> <tbody> '; $values = array(); $search_for = array_get($_GET, 'search_for'); if ($search_for) { $values['search_for_team_name'] = '%' . $search_for . '%'; $values['search_for_email'] = '%' . $search_for . '%'; } $from = get_pager_from($_GET); $num_users = db_count_num('users'); $results_per_page = 100; $users = db_query_fetch_all(' SELECT u.id, u.email, u.team_name, u.added, u.class, u.enabled, co.country_name, co.country_code, COUNT(ipl.id) AS num_ips FROM users AS u LEFT JOIN ip_log AS ipl ON ipl.user_id = u.id LEFT JOIN countries AS co ON co.id = u.country_id
function challenges($categories) { $now = time(); $num_participating_users = get_num_participating_users(); foreach ($categories as $category) { echo ' <table class="team-table table table-striped table-hover"> <thead> <tr> <th>', htmlspecialchars($category['title']), '</th> <th class="center">', lang_get('points'), '</th> <th class="center"><span class="has-tooltip" data-toggle="tooltip" data-placement="top" title="% of actively participating users">', lang_get('percentage_solvers'), '</span></th> <th>', lang_get('first_solvers'), '</th> </tr> </thead> <tbody> '; $challenges = db_query_fetch_all(' SELECT id, title, points, available_from FROM challenges WHERE available_from < ' . $now . ' AND category = :category AND exposed = 1 ORDER BY points ASC', array('category' => $category['id'])); foreach ($challenges as $challenge) { $num_solvers = db_count_num('submissions', array('correct' => 1, 'challenge' => $challenge['id'])); echo ' <tr> <td> <a href="challenge?id=', htmlspecialchars($challenge['id']), '">', htmlspecialchars($challenge['title']), '</a> </td> <td class="center"> ', number_format($challenge['points']), ' </td> <td class="center"> ', number_format($num_solvers / $num_participating_users * 100), '% </td> <td class="team-name">'; $users = db_query_fetch_all(' SELECT u.id, u.team_name FROM users AS u JOIN submissions AS s ON s.user_id = u.id WHERE u.competing = 1 AND s.correct = 1 AND s.challenge = :challenge ORDER BY s.added ASC LIMIT 3', array('challenge' => $challenge['id'])); if (count($users)) { $pos = 1; foreach ($users as $user) { echo get_position_medal($pos++), '<a href="user?id=', htmlspecialchars($user['id']), '">', htmlspecialchars($user['team_name']), '</a><br />'; } } else { echo '<i>', lang_get('unsolved'), '</i>'; } echo ' </td> </tr>'; } echo ' </tbody> </table>'; } }
<?php require '../../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_id($_POST['id']); validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]); if ($_POST['action'] == 'delete') { db_delete('submissions', array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } else { if ($_POST['action'] == 'mark_incorrect') { db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } else { if ($_POST['action'] == 'mark_correct') { $submission = db_select_one('submissions', array('user_id', 'challenge', 'correct'), array('id' => $_POST['id'])); $num_correct_submissions = db_count_num('submissions', array('user_id' => $submission['user_id'], 'challenge' => $submission['challenge'], 'correct' => 1)); if ($num_correct_submissions > 0) { message_error('This user already has a correct submission for this challenge'); } db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } } } }
<thead> <tr> <th>Message</th> <th>Added</th> <th>User</th> <th>IP</th> </tr> </thead> <tbody> '; $where = array(); if (is_valid_id(array_get($_GET, 'user_id'))) { $where['added_by'] = $_GET['user_id']; } $from = get_pager_from($_GET); $num_exceptions = db_count_num('exceptions', $where); pager(CONFIG_SITE_ADMIN_URL . 'list_exceptions', $num_exceptions, CONST_NUM_EXCEPTIONS_PER_PAGE, $from); $query = 'SELECT e.id, e.message, e.added, e.added_by, e.trace, INET_NTOA(e.user_ip) AS user_ip, u.team_name FROM exceptions AS e LEFT JOIN users AS u ON u.id = e.added_by '; if (!empty($where)) { $query .= 'WHERE ' . implode('=? AND ', array_keys($where)) . '=? '; }
</thead> <tbody> '; $values = array(); $search_for = array_get($_GET, 'search_for'); if ($search_for) { $values['search_for_team_name'] = '%' . $search_for . '%'; $values['search_for_email'] = '%' . $search_for . '%'; $res = db_query(' SELECT COUNT(*) AS num FROM users AS u WHERE u.team_name LIKE :search_for_team_name OR u.email LIKE :search_for_email ', $values, false); $total_results = $res['num']; } else { $total_results = db_count_num('users'); } $from = get_pager_from($_GET); $results_per_page = 100; $users = db_query_fetch_all(' SELECT u.id, u.email, u.team_name, u.added, u.class, u.enabled, co.country_name, co.country_code, COUNT(ipl.id) AS num_ips FROM users AS u