// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
// Last modified 05/aug/2012 by cassio@ime.usp.br
require 'header.php';
if (isset($_GET["order"]) && $_GET["order"] != "") {
$order = myhtmlspecialchars($_GET["order"]);
$_SESSION["runline"] = $order;
} else {
if (isset($_SESSION["runline"])) {
$order = $_SESSION["runline"];
} else {
$order = '';
}
}
?>
<form name="form1" method="post" action="<?php
echo $runphp;
?>
">
<input type=hidden name="confirmation" value="noconfirm" />
echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)";
exit;
}
MSGError("File name cannot contain spaces.");
ForceLoad($runteam);
}
$ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath');
$ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
$param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp);
if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') {
$pastcode = myhtmlspecialchars($_POST["pastcode"]);
if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) {
$pasthash = myhtmlspecialchars($_POST["pasthash"]);
$pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]);
$pastval = myhtmlspecialchars($_POST["pastval"]);
$pastabs = myhtmlspecialchars($_POST["pastabs"]);
if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) {
$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval);
if ($pastsubmission != $pastvalhash) {
$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs);
if ($pastsubmission != $pasthash) {
echo "\nRESULT: INVALID SUBMISSION CODE";
exit;
}
}
} else {
$pastval = 0;
}
} else {
$pastval = 0;
}
$answer = myhtmlspecialchars($_POST["answer"]);
$sitenumber = myhtmlspecialchars($_POST["sitenumber"]);
$number = myhtmlspecialchars($_POST["number"]);
// $notuser = myhtmlspecialchars($_POST["notifyuser"]);
// $updscore = myhtmlspecialchars($_POST["updatescore"]);
DBUpdateRun($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $answer);
//, $notuser, $updscore);
}
ForceLoad("run.php");
}
if (!isset($_GET["runnumber"]) || !isset($_GET["runsitenumber"]) || !is_numeric($_GET["runnumber"]) || !is_numeric($_GET["runsitenumber"])) {
IntrusionNotify("tried to open the judge/runedit.php with wrong parameters.");
ForceLoad("run.php");
}
$runsitenumber = myhtmlspecialchars($_GET["runsitenumber"]);
$runnumber = myhtmlspecialchars($_GET["runnumber"]);
if (($a = DBGetRunToAnswer($runnumber, $runsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) {
MSGError("Another judge got it first.");
ForceLoad("run.php");
}
$b = DBGetProblemData($_SESSION["usertable"]["contestnumber"], $a["problemnumber"]);
?>
<br><br><center><b>Use the following fields to judge the run:
</b></center>
<form name="form1" method="post" action="runedit.php">
<input type=hidden name="confirmation" value="noconfirm" />
<center>
<table border="1">
<tr>
<td width="27%" align=right><b>Site:</b></td>
<td width="83%">
$type = 'site';
} else {
$type = 'none';
}
}
DBUpdateClar($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $ans, $type);
}
}
ForceLoad("clar.php");
}
if (!isset($_GET["clarnumber"]) || !isset($_GET["clarsitenumber"]) || !is_numeric($_GET["clarnumber"]) || !is_numeric($_GET["clarsitenumber"])) {
IntrusionNotify("tried to open the judge/claredit.php with wrong parameters.");
ForceLoad("clar.php");
}
$clarsitenumber = myhtmlspecialchars($_GET["clarsitenumber"]);
$clarnumber = myhtmlspecialchars($_GET["clarnumber"]);
if (($a = DBGetClarToAnswer($clarnumber, $clarsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) {
MSGError("Another judge got it first.");
ForceLoad("clar.php");
}
?>
<br><br><center><b>Use the following fields to answer the clarification:
</b></center>
<form name="form1" method="post" action="claredit.php">
<input type=hidden name="confirmation" value="noconfirm" />
<center>
<table border="0">
<tr>
<td width="20%" align=right><b>Clarification Site:</b></td>
<td width="80%">
<input type=hidden name="sitenumber" value="<?php
$param['name'] = $_POST["name"];
$param['startdate'] = $t;
$param['duration'] = $_POST["duration"] * 60;
$param['lastmileanswer'] = $_POST["lastmileanswer"] * 60;
$param['lastmilescore'] = $_POST["lastmilescore"] * 60;
$param['penalty'] = $_POST["penalty"] * 60;
$param['maxfilesize'] = $_POST["maxfilesize"] * 1000;
$param['active'] = 0;
$param['mainsite'] = $_POST["mainsite"];
$param['mainsiteurl'] = $_POST["mainsiteurl"];
$param['unlockkey'] = $_POST["unlockkey"];
if (isset($_FILES["keyfile"]) && $_FILES["keyfile"]["name"] != "") {
$type = myhtmlspecialchars($_FILES["keyfile"]["type"]);
$size = myhtmlspecialchars($_FILES["keyfile"]["size"]);
$name = myhtmlspecialchars($_FILES["keyfile"]["name"]);
$temp = myhtmlspecialchars($_FILES["keyfile"]["tmp_name"]);
if (!is_uploaded_file($temp)) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
if (($ar = file($temp)) === false) {
IntrusionNotify("Unable to open the uploaded file.");
ForceLoad("user.php");
}
$dd = 0;
foreach ($ar as $val => $key) {
$key = trim($key);
if ($key == '') {
unset($ar[$val]);
continue;
}
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
// Last modified 28/oct/2013 by cassio@ime.usp.br
require 'header.php';
if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Submit"]) && isset($_POST["language"]) && is_numeric($_POST["problem"]) && is_numeric($_POST["language"]) && $_FILES["sourcefile"]["name"] != "") {
if ($_POST["confirmation"] == "confirm") {
if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) {
ForceLoad("../index.php");
}
$prob = myhtmlspecialchars($_POST["problem"]);
$lang = myhtmlspecialchars($_POST["language"]);
$type = myhtmlspecialchars($_FILES["sourcefile"]["type"]);
$size = myhtmlspecialchars($_FILES["sourcefile"]["size"]);
$name = myhtmlspecialchars($_FILES["sourcefile"]["name"]);
$temp = myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]);
if ($size > $ct["contestmaxfilesize"]) {
LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1);
MSGError("File size exceeds the limit allowed.");
ForceLoad($runteam);
}
if (strpos($name, ' ') === true || strpos($temp, ' ') === true) {
MSGError("File name cannot contain spaces.");
ForceLoad($runteam);
}
if (!is_uploaded_file($temp) || strlen($name) > 100) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
$ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath');
$ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
} else {
$site = '';
}
if (isset($_GET["type"])) {
$type = myhtmlspecialchars($_GET["type"]);
} else {
$type = '';
}
if (isset($_GET["ip"])) {
$ip = myhtmlspecialchars($_GET["ip"]);
} else {
$ip = '';
}
$get = "&order={$order}&user={$user}&site={$site}&type={$type}&ip={$ip}";
if (isset($_GET["limit"]) && $_GET["limit"] > 0) {
$limit = myhtmlspecialchars($_GET["limit"]);
} else {
$limit = 50;
}
$log = DBGetLogs($order, $_SESSION["usertable"]["contestnumber"], $site, $user, $type, $ip, $limit);
?>
<br>
<table width="100%" border=1>
<tr>
<td><b><a href="log.php?order=site&limit=<?php
echo $limit;
?>
">Site</a></b></td>
<td nowrap><b><a href="log.php?order=user&limit=<?php
echo $limit;
?>
$param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]), $a['userpassword']);
if ($param['user'] != 1000) {
DBNewUser($param);
}
} else {
MSGError("Passwords don't match.");
}
}
ForceLoad("user.php");
} else {
if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"] != "") {
if ($_POST["confirmation"] == "confirm") {
$type = myhtmlspecialchars($_FILES["importfile"]["type"]);
$size = myhtmlspecialchars($_FILES["importfile"]["size"]);
$name = myhtmlspecialchars($_FILES["importfile"]["name"]);
$temp = myhtmlspecialchars($_FILES["importfile"]["tmp_name"]);
if (!is_uploaded_file($temp)) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
if (($ar = file($temp)) === false) {
IntrusionNotify("Unable to open the uploaded file.");
ForceLoad("user.php");
}
$userlist = array();
if (strtolower(substr($name, -4)) == ".tsv") {
for ($i = 0; $i < count($ar) && strpos($ar[$i], "File_Version\t1") === false; $i++) {
}
if ($i >= count($ar)) {
MSGError('File format not recognized');
}
exit;
} else {
@unlink($tfile);
ob_end_flush();
MSGError('Could not write to temporary directory');
}
}
ForceLoad('problem.php');
}
if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") {
if ($_POST["confirmation"] == "confirm") {
if ($_FILES["probleminput"]["name"] != "") {
$type = myhtmlspecialchars($_FILES["probleminput"]["type"]);
$size = myhtmlspecialchars($_FILES["probleminput"]["size"]);
$name = myhtmlspecialchars($_FILES["probleminput"]["name"]);
$temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]);
if (!is_uploaded_file($temp)) {
IntrusionNotify("file upload problem.");
ForceLoad("../index.php");
}
} else {
$name = "";
}
$param = array();
$param['number'] = $_POST["problemnumber"];
$param['name'] = $_POST["problemname"];
$param['inputfilename'] = $name;
$param['inputfilepath'] = $temp;
$param['fake'] = 'f';
$param['colorname'] = $_POST["colorname"];
$param['color'] = $_POST["color"];
////////////////////////////////////////////////////////////////////////////////
// Last modified 05/aug/2012 by cassio@ime.usp.br
//optionlower.php: parte de baixo da tela de option.php, que eh igual para
// todos os usuarios
require_once "globals.php";
if (!ValidSession()) {
InvalidSession("scoretable.php");
ForceLoad("index.php");
}
$loc = $_SESSION['loc'];
if (isset($_GET["username"]) && isset($_GET["userfullname"]) && isset($_GET["userdesc"]) && isset($_GET["passwordo"]) && isset($_GET["passwordn"])) {
$username = myhtmlspecialchars($_GET["username"]);
$userfullname = myhtmlspecialchars($_GET["userfullname"]);
$userdesc = myhtmlspecialchars($_GET["userdesc"]);
$passwordo = myhtmlspecialchars($_GET["passwordo"]);
$passwordn = myhtmlspecialchars($_GET["passwordn"]);
DBUserUpdate($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $_SESSION["usertable"]["username"], $userfullname, $userdesc, $passwordo, $passwordn);
ForceLoad("option.php");
}
$a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]);
?>
<script language="JavaScript" src="<?php
echo $loc;
?>
/sha256.js"></script>
<script language="JavaScript" src="<?php
echo $loc;
?>
/hex.js"></script>
<script language="JavaScript">
