// This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// // Last modified 05/aug/2012 by cassio@ime.usp.br require 'header.php'; if (isset($_GET["order"]) && $_GET["order"] != "") { $order = myhtmlspecialchars($_GET["order"]); $_SESSION["runline"] = $order; } else { if (isset($_SESSION["runline"])) { $order = $_SESSION["runline"]; } else { $order = ''; } } ?> <form name="form1" method="post" action="<?php echo $runphp; ?> "> <input type=hidden name="confirmation" value="noconfirm" />
echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)"; exit; } MSGError("File name cannot contain spaces."); ForceLoad($runteam); } $ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath'); $ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime'); $param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp); if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') { $pastcode = myhtmlspecialchars($_POST["pastcode"]); if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) { $pasthash = myhtmlspecialchars($_POST["pasthash"]); $pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]); $pastval = myhtmlspecialchars($_POST["pastval"]); $pastabs = myhtmlspecialchars($_POST["pastabs"]); if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) { $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval); if ($pastsubmission != $pastvalhash) { $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs); if ($pastsubmission != $pasthash) { echo "\nRESULT: INVALID SUBMISSION CODE"; exit; } } } else { $pastval = 0; } } else { $pastval = 0; }
$answer = myhtmlspecialchars($_POST["answer"]); $sitenumber = myhtmlspecialchars($_POST["sitenumber"]); $number = myhtmlspecialchars($_POST["number"]); // $notuser = myhtmlspecialchars($_POST["notifyuser"]); // $updscore = myhtmlspecialchars($_POST["updatescore"]); DBUpdateRun($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $answer); //, $notuser, $updscore); } ForceLoad("run.php"); } if (!isset($_GET["runnumber"]) || !isset($_GET["runsitenumber"]) || !is_numeric($_GET["runnumber"]) || !is_numeric($_GET["runsitenumber"])) { IntrusionNotify("tried to open the judge/runedit.php with wrong parameters."); ForceLoad("run.php"); } $runsitenumber = myhtmlspecialchars($_GET["runsitenumber"]); $runnumber = myhtmlspecialchars($_GET["runnumber"]); if (($a = DBGetRunToAnswer($runnumber, $runsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) { MSGError("Another judge got it first."); ForceLoad("run.php"); } $b = DBGetProblemData($_SESSION["usertable"]["contestnumber"], $a["problemnumber"]); ?> <br><br><center><b>Use the following fields to judge the run: </b></center> <form name="form1" method="post" action="runedit.php"> <input type=hidden name="confirmation" value="noconfirm" /> <center> <table border="1"> <tr> <td width="27%" align=right><b>Site:</b></td> <td width="83%">
$type = 'site'; } else { $type = 'none'; } } DBUpdateClar($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $ans, $type); } } ForceLoad("clar.php"); } if (!isset($_GET["clarnumber"]) || !isset($_GET["clarsitenumber"]) || !is_numeric($_GET["clarnumber"]) || !is_numeric($_GET["clarsitenumber"])) { IntrusionNotify("tried to open the judge/claredit.php with wrong parameters."); ForceLoad("clar.php"); } $clarsitenumber = myhtmlspecialchars($_GET["clarsitenumber"]); $clarnumber = myhtmlspecialchars($_GET["clarnumber"]); if (($a = DBGetClarToAnswer($clarnumber, $clarsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) { MSGError("Another judge got it first."); ForceLoad("clar.php"); } ?> <br><br><center><b>Use the following fields to answer the clarification: </b></center> <form name="form1" method="post" action="claredit.php"> <input type=hidden name="confirmation" value="noconfirm" /> <center> <table border="0"> <tr> <td width="20%" align=right><b>Clarification Site:</b></td> <td width="80%"> <input type=hidden name="sitenumber" value="<?php
$param['name'] = $_POST["name"]; $param['startdate'] = $t; $param['duration'] = $_POST["duration"] * 60; $param['lastmileanswer'] = $_POST["lastmileanswer"] * 60; $param['lastmilescore'] = $_POST["lastmilescore"] * 60; $param['penalty'] = $_POST["penalty"] * 60; $param['maxfilesize'] = $_POST["maxfilesize"] * 1000; $param['active'] = 0; $param['mainsite'] = $_POST["mainsite"]; $param['mainsiteurl'] = $_POST["mainsiteurl"]; $param['unlockkey'] = $_POST["unlockkey"]; if (isset($_FILES["keyfile"]) && $_FILES["keyfile"]["name"] != "") { $type = myhtmlspecialchars($_FILES["keyfile"]["type"]); $size = myhtmlspecialchars($_FILES["keyfile"]["size"]); $name = myhtmlspecialchars($_FILES["keyfile"]["name"]); $temp = myhtmlspecialchars($_FILES["keyfile"]["tmp_name"]); if (!is_uploaded_file($temp)) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } if (($ar = file($temp)) === false) { IntrusionNotify("Unable to open the uploaded file."); ForceLoad("user.php"); } $dd = 0; foreach ($ar as $val => $key) { $key = trim($key); if ($key == '') { unset($ar[$val]); continue; }
// You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// // Last modified 28/oct/2013 by cassio@ime.usp.br require 'header.php'; if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Submit"]) && isset($_POST["language"]) && is_numeric($_POST["problem"]) && is_numeric($_POST["language"]) && $_FILES["sourcefile"]["name"] != "") { if ($_POST["confirmation"] == "confirm") { if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { ForceLoad("../index.php"); } $prob = myhtmlspecialchars($_POST["problem"]); $lang = myhtmlspecialchars($_POST["language"]); $type = myhtmlspecialchars($_FILES["sourcefile"]["type"]); $size = myhtmlspecialchars($_FILES["sourcefile"]["size"]); $name = myhtmlspecialchars($_FILES["sourcefile"]["name"]); $temp = myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]); if ($size > $ct["contestmaxfilesize"]) { LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); MSGError("File size exceeds the limit allowed."); ForceLoad($runteam); } if (strpos($name, ' ') === true || strpos($temp, ' ') === true) { MSGError("File name cannot contain spaces."); ForceLoad($runteam); } if (!is_uploaded_file($temp) || strlen($name) > 100) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } $ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath'); $ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
} else { $site = ''; } if (isset($_GET["type"])) { $type = myhtmlspecialchars($_GET["type"]); } else { $type = ''; } if (isset($_GET["ip"])) { $ip = myhtmlspecialchars($_GET["ip"]); } else { $ip = ''; } $get = "&order={$order}&user={$user}&site={$site}&type={$type}&ip={$ip}"; if (isset($_GET["limit"]) && $_GET["limit"] > 0) { $limit = myhtmlspecialchars($_GET["limit"]); } else { $limit = 50; } $log = DBGetLogs($order, $_SESSION["usertable"]["contestnumber"], $site, $user, $type, $ip, $limit); ?> <br> <table width="100%" border=1> <tr> <td><b><a href="log.php?order=site&limit=<?php echo $limit; ?> ">Site</a></b></td> <td nowrap><b><a href="log.php?order=user&limit=<?php echo $limit; ?>
$param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]), $a['userpassword']); if ($param['user'] != 1000) { DBNewUser($param); } } else { MSGError("Passwords don't match."); } } ForceLoad("user.php"); } else { if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"] != "") { if ($_POST["confirmation"] == "confirm") { $type = myhtmlspecialchars($_FILES["importfile"]["type"]); $size = myhtmlspecialchars($_FILES["importfile"]["size"]); $name = myhtmlspecialchars($_FILES["importfile"]["name"]); $temp = myhtmlspecialchars($_FILES["importfile"]["tmp_name"]); if (!is_uploaded_file($temp)) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } if (($ar = file($temp)) === false) { IntrusionNotify("Unable to open the uploaded file."); ForceLoad("user.php"); } $userlist = array(); if (strtolower(substr($name, -4)) == ".tsv") { for ($i = 0; $i < count($ar) && strpos($ar[$i], "File_Version\t1") === false; $i++) { } if ($i >= count($ar)) { MSGError('File format not recognized'); }
exit; } else { @unlink($tfile); ob_end_flush(); MSGError('Could not write to temporary directory'); } } ForceLoad('problem.php'); } if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") { if ($_POST["confirmation"] == "confirm") { if ($_FILES["probleminput"]["name"] != "") { $type = myhtmlspecialchars($_FILES["probleminput"]["type"]); $size = myhtmlspecialchars($_FILES["probleminput"]["size"]); $name = myhtmlspecialchars($_FILES["probleminput"]["name"]); $temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]); if (!is_uploaded_file($temp)) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } } else { $name = ""; } $param = array(); $param['number'] = $_POST["problemnumber"]; $param['name'] = $_POST["problemname"]; $param['inputfilename'] = $name; $param['inputfilepath'] = $temp; $param['fake'] = 'f'; $param['colorname'] = $_POST["colorname"]; $param['color'] = $_POST["color"];
//////////////////////////////////////////////////////////////////////////////// // Last modified 05/aug/2012 by cassio@ime.usp.br //optionlower.php: parte de baixo da tela de option.php, que eh igual para // todos os usuarios require_once "globals.php"; if (!ValidSession()) { InvalidSession("scoretable.php"); ForceLoad("index.php"); } $loc = $_SESSION['loc']; if (isset($_GET["username"]) && isset($_GET["userfullname"]) && isset($_GET["userdesc"]) && isset($_GET["passwordo"]) && isset($_GET["passwordn"])) { $username = myhtmlspecialchars($_GET["username"]); $userfullname = myhtmlspecialchars($_GET["userfullname"]); $userdesc = myhtmlspecialchars($_GET["userdesc"]); $passwordo = myhtmlspecialchars($_GET["passwordo"]); $passwordn = myhtmlspecialchars($_GET["passwordn"]); DBUserUpdate($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $_SESSION["usertable"]["username"], $userfullname, $userdesc, $passwordo, $passwordn); ForceLoad("option.php"); } $a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); ?> <script language="JavaScript" src="<?php echo $loc; ?> /sha256.js"></script> <script language="JavaScript" src="<?php echo $loc; ?> /hex.js"></script> <script language="JavaScript">