function getuserranking()
{
//group user
// Retrieve data
//group
$sql = "SELECT COUNT(*) AS score,USER FROM userflag WHERE STATUS='vaild' OR STATUS='Correct' GROUP BY USER ORDER BY score DESC";
$result = mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>');
$num = mysql_numrows($result);
$i = 0;
while ($i < $num) {
$ranking = $i + 1;
$name = mysql_result($result, $i, "user");
$score = mysql_result($result, $i, "score");
$act = "<a href=?pid=score&view={$name}>View</a>";
if (xlabisadmin()) {
$act .= " <a href=manager/act.php?del={$name}>Del</a>";
}
$html .= "</tr><td>{$ranking}</td><td>{$name}</td><td>{$score}</td><td>{$act}</td></tr>";
$i++;
}
return "\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>Ranking</th><th>Name</th><th>Score</th><th>Act</th>\n\t</tr>\n\t{$html}\n\t</table>";
}
$date = mysql_result($result, 0, "date");
$name = mysql_result($result, 0, "name");
$report = mysql_result($result, 0, "report");
}
/*
$sserial=sprintf("%02d",$serial)
$date="HTJC-SL".date('Ymd')."-".$sserial;
$sql="insert into vulns values('".$date."',"."now(),".$serial.",'".$user."','".$site."','".$vname."','".$vdesc."')";
mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>' );
$html="submit vulns successful!!!";
*/
}
if (isset($_POST['submit']) && $_POST['submit'] == 'updata') {
$date = $_POST['date'];
$name = $_POST['name'];
$report = $_POST['report'];
if ($user == "admin") {
$sql = "update report set date='{$date}',name='{$name}',report='{$report}' where name='{$name}' and date='{$date}'";
} else {
$sql = "update report set report='{$report}' where name='{$user}' and date='{$date}'";
}
$result = mysql_query($sql);
if ($result) {
$html = "updata sussfully!!!";
} else {
$html = "updata fail!!!";
}
}
$readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'";
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Report Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Updata Report:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Date *</td> <td>\n\t\t<input name=\"date\" type=\"text\" size=\"50\" {$readonly} value={$date}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" {$readonly} value={$name}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Report *</td> <td>\n\t\t<textarea name=\"report\" cols=\"60\" rows=\"5\" >{$report}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\"> </td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n";
dvwaHtmlEcho($page);
function xlabIsDebug()
{
if (isset($_SESSION['dvwa']['config']['debug']) and $_SESSION['dvwa']['config']['debug'] == '1') {
if (isset($_SESSION['dvwa']['config']['adminlog'])) {
if ($_SESSION['dvwa']['config']['adminlog'] == '1' and xlabisadmin()) {
return true;
} else {
return false;
}
} else {
return true;
}
}
return false;
}
case 'ctf':
if (!dvwaIfCtf()) {
break;
}
dvwaCtfSet();
$securityLevel = 'ctf';
break;
}
if (dvwaIfWork() and !dvwaIfWork()) {
$securityLevel = 'high';
}
dvwaSecurityLevelSet($securityLevel);
dvwaMessagePush("Security level set to {$securityLevel}");
dvwaPageReload();
}
if (isset($_GET['phpids']) and xlabisadmin()) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS is now enabled");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high', 'ctf') as $securityLevel) {
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
dvwaDatabaseConnect();
if (isset($_GET['del'])) {
$name = xlabGetSqli('del', $_GET);
if ($name == dvwaGetuser() or xlabisadmin()) {
$sql = "DELETE FROM userflag WHERE user='******'";
$result = mysql_query($sql);
dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} succfully!!!");
} else {
dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} fail!!!");
}
}
if (isset($_POST['submit']) && $_POST['submit'] == 'updata') {
#dvwadebug();
$vid = xlabGetSqli('vid', $_POST);
$site = xlabGetSqli('site', $_POST);
$vname = xlabGetSqli('name', $_POST);
$vdesc = xlabGetSqli('desc', $_POST);
$author = xlabGetSqli('author', $_POST);
$risk = xlabGetSqli('risk', $_POST);
if ($user == "admin") {
$sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',author='{$author}',risk='{$risk}' where vid='{$vid}'";
} else {
$sql = "select vid from vulns where author='{$user}' and vid='{$vid}'";
if (mysql_num_rows(mysql_query($sql)) < 1) {
$html = "Can't access ";
$sql = '';
} else {
$sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',risk='{$risk}' where author='{$user}' and vid='{$vid}'";
}
}
dvwadebug($sql);
$result = @mysql_query($sql);
if ($result) {
$html .= "updata sussfully!!!";
} else {
$html .= "updata fail!!!";
}
}
$readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'";
$modifiauthor = xlabisadmin() ? "\n\t\t<tr>\n\t\t<td width=\"100\">Author *</td> <td>\n\t\t<input name=\"author\" type=\"text\" size=\"50\" value={$author}></td>\n\t\t</tr>" : "";
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" {$readonly} value={$vid}></td>\n\t\t</tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist($risk) . "\n\t\t{$modifiauthor}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" value={$vname}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" value={$site}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" >{$vdesc}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\"> </td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n";
dvwaHtmlEcho($page);
