function check_question() { global $_POST; if (isset($_POST["answer"])) { return check_answer($_POST["answer"]); } else { return NULL; } }
<?php include '../core/init.php'; $answer = $_REQUEST["answer"]; if (!empty($_REQUEST)) { if (check_answer($answer, $user_data['level'])) { level_update($user_data['level'], $user_data['serial']); } header("Location: ../index.php"); }
function do_action(&$env, $action) { global $RAW_ID; global $ERROR; if (is_array($action)) { foreach ($action as $sub) { if (!do_action($env, $sub)) { return false; } if (@$env["HAS_FORKED"] || @$env["DO_BREAK"]) { return true; } } return true; } if (!$action) { return true; } //echo "ACTION: $action\n"; $oldlevel = $env["LEVEL"]; $env["LEVEL"]++; $ok = false; if (!$action) { $ok = true; } elseif (preg_match("/\\A(script|url)\\s+(.*)/", $action, $matches)) { $op = $matches[1]; $cmd = $matches[2]; if ($op == "url") { $cmd = "wget -O - '{$cmd}'"; } $cmd = subst_macros($env, $cmd); $ok = run_script($env, $cmd); } else { if (preg_match("/\\A(insert|update|delete)\\s+(?:({$RAW_ID})\\s+)?({$RAW_ID}\\s*=.*)/", $action, $matches)) { $mode = $matches[1]; $table = $env["TABLE"]; if (@$matches[2]) { $table = $matches[2]; } $rest = $matches[3]; $data = array(); //echo "MODE: $mode\n"; if ($mode == "update" || $mode == "delete") { $primary = _db_primary($table); foreach (split(",", $primary) as $pri) { if (isset($env[$pri])) { $data[0][$pri] = $env[$pri]; } } } while (preg_match("/\\A\\s*({$RAW_ID})\\s*=\\s*'((?:[^\\']|\\.)*)'(.*)/", $rest, $matches)) { $field = $matches[1]; $value = $matches[2]; $rest = $matches[3]; $data[0][$field] = subst_macros($env, $value, "'", "\\'"); } echo_rule($env); echo "{$mode} {$table}:"; foreach ($data[0] as $field => $value) { echo " {$field} = '{$value}'"; } echo "\n"; if ($mode == "delete") { $ok = db_delete($table, $data) && !$ERROR; check_answer($env, "DELETE {$ok}"); } elseif ($mode == "update") { $ok = db_update($table, $data) && !$ERROR; check_answer($env, "UPDATE {$ok}"); } else { $ok = db_insert($table, $data) && !$ERROR; check_answer($env, "INSERT {$ok}"); } if (!$ok) { check_answer($env, "DB_ERROR {$mode} ({$ERROR})"); } } else { if (preg_match("/\\Aquery\\s+({$RAW_ID})\\s+({$RAW_ID})\\s+({$RAW_ID}\\s*=.*)/", $action, $matches)) { $var = $matches[1]; $table = $matches[2]; $rest = $matches[3]; $cond = array(); while (preg_match("/\\A\\s*({$RAW_ID})\\s*=\\s*'((?:[^\\']|\\.)*)'(.*)/", $rest, $matches)) { $field = $matches[1]; $value = $matches[2]; $rest = $matches[3]; $cond[$field] = subst_macros($env, $value, "'", "\\'"); } $data = db_read($table, null, $cond, null, 0, 0); //echo "got....."; print_r($data); echo "\n"; $env[$var] = $data; $ok = true; } else { if (preg_match("/\\Avar\\s+({$RAW_ID}(?:->{$RAW_ID})*)\\s*=\\s*'((?:[^\\']|\\.)*)'/", $action, $matches)) { $var = $matches[1]; $expr = $matches[2]; $lvalue =& $env; while (preg_match("/\\A(?:->)?({$RAW_ID})(.*)/", $var, $matches)) { $field = $matches[1]; $var = $matches[2]; $lvalue =& $lvalue[$field]; } if ($var) { engine_error("cannot assign to variable '{$var}'"); } else { $lvalue = subst_macros($env, $expr, "'", "\\'"); $ok = true; } } else { if (preg_match("/\\A(call|start)\\s+({$RAW_ID})(.*)/", $action, $matches)) { $ok = false; $mode = $matches[1]; $call = $matches[2]; $rest = $matches[3]; $cond = array("bp_name" => $call); $data = db_read("bps", null, $cond); if (!$data || $ERROR) { check_answer($env, "DB_ERROR read ({$ERROR})"); } else { $newenv = array(); while (preg_match("/\\A\\s*({$RAW_ID})\\s*=\\s*'((?:[^\\']|\\.)*)'(.*)/", $rest, $matches)) { $field = $matches[1]; $value = $matches[2]; $rest = $matches[3]; $newenv[$field] = subst_macros($env, $value, "'", "\\'"); } if ($rest) { engine_error("bad call '{$call}', syntax rest '{$rest}'"); } else { $statefield = $data[0]["bp_statefield"]; $newrec = array(); $newrec["state_id"] = null; $newrec["bp_name"] = $call; if ($mode == "start") { // asynchronous call: make "return" later a nop $newenv["NO_RETURN"] = true; } $newrec["state_env"] = db_data_to_code($newenv); if (@$newenv["state_value"]) { $newrec["state_value"] = $newenv["state_value"]; } $table = $env["TABLE"]; $primary = _db_primary($table); $field = $env["FIELD"]; $newrec["state_returnfield"] = "{$table}.{$field}"; $id_rec = array(); foreach (split(",", $primary) as $pri) { $id_rec[$pri] = $env[$pri]; } $newrec["state_returnid"] = db_data_to_code($id_rec); $ok = db_insert("states", array($newrec)) && !$ERROR; if ($ok) { if (true) { echo_rule($env); echo "call {$table}.{$field} to states\n"; } // decide whether to finish the caller or not if ($mode == "call") { //echo "SHOULD_BREAK....\n"; $env["DO_BREAK"] = true; } else { } } else { check_answer($env, "DB_ERROR insert ({$ERROR})"); } } } } else { if (preg_match("/\\Areturn\\s+'((?:[^\\']|\\.)*)'(.*)/", $action, $matches)) { $returnvalue = subst_macros($env, $matches[1], "'", "\\'"); $rest = $matches[2]; if (@$env["NO_RETURN"]) { // original call was asynchronous: ignore return statement check_answer($env, "NO_RETURN"); if (true) { $table = $env["TABLE"]; $field = $env["FIELD"]; echo_rule($env); echo "done asynchronous call {$table}.{$field}\n"; } $ok = true; } else { // advance the caller's state $split = split("\\.", $env["state_returnfield"]); $tablename = $split[0]; $fieldname = $split[1]; $oldrec = eval("return " . $env["state_returnid"] . ";"); $data = db_read($tablename, null, $oldrec); if (!$data || $ERROR) { engine_error("cannot re-read caller's data from table {$tablename}"); } else { if ($test = @$data[0]["state_env"]) { // original caller had an environment $oldenv = eval("return {$test};"); while (preg_match("/\\A\\s*({$RAW_ID})\\s*=\\s*'((?:[^\\']|\\.)*)'(.*)/", $rest, $matches)) { $field = $matches[1]; $value = $matches[2]; $rest = $matches[3]; $oldenv[$field] = subst_macros($env, $value, "'", "\\'"); } if ($rest) { engine_warn("return statement has unparsable rest '{$rest}'"); } $oldrec["state_env"] = db_data_to_code($oldenv); } $oldrec[$fieldname] = $returnvalue; if (true) { echo_rule($env); echo "return to {$tablename}.{$fieldname} = '{$returnvalue}'\n"; } $ok = db_update($tablename, array($oldrec)) && !$ERROR; //echo "RETURN $tablename $fieldname='$returnvalue' ok='$ok' ERROR='$ERROR'\n"; if (!$ok) { check_answer($env, "DB_ERROR update ({$ERROR})"); } } } } else { engine_error("cannot parse action '{$action}'. correct your rules!"); } } } } } } if ($ok) { $env["HIT_FLAG"] = true; } $env["LEVEL"] = $oldlevel; return $ok; }
$vraagid = 101; break; case 3: $vraagid = 201; break; default: $vraagid = 1; break; } } else { $vraagid = 1; } } // Controleer antwoord en geef feedback // if (isset($_GET['antwoord'])) { $result = check_answer($vraagid, $_GET['antwoord']); // Volgende vraag (statische volgorde) $next = $vraagid + 1; if ($result) { // Geef punten // $_SESSION['punten'] = $_SESSION['punten'] + 5; ?> <div style="height: 100%; width: 100%; background-color: darkgreen;"> <div class="result"> GOED </div> </div> <?php } else { ?> <div style="height: 100%; width: 100%; background-color: darkred;">
<?php session_start(); $nb_steps = get_steps(); /* Token generation and initialization of the current step */ if (empty($_SESSION['step'])) { $_SESSION['step'] = 1; $_SESSION["token"] = generate_random_string(); } else { if ($_SESSION['step'] > $nb_steps) { $_SESSION['step'] = 1; $_SESSION["token"] = generate_random_string(); } } /* If some datas have been submited, we go to the next step */ if (!empty($_POST) && $_SESSION['step'] <= $nb_steps) { $id_answer = trim($_POST["id_answer"]); $token = $_SESSION["token"]; $step = $_SESSION["step"]; if (check_answer($id_answer, $step)) { $_SESSION["step"]++; add_user_answer($token, $id_answer); if ($_SESSION['step'] > $nb_steps) { header("Location:result.php"); } } } $progress = $_SESSION['step'] / $nb_steps * 100; $question = get_question($_SESSION['step']); $answers = get_answers($_SESSION['step']);
*/ include 'database_info.php'; session_start(); if (!isset($_SESSION['stu_id'])) { header("location: studentLogin.php"); } define("DB_NAME", $_SESSION["modCode"]); $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); $allCorrect = true; // If the question has been answered if (isset($_POST["submit"])) { $hints = array(); foreach ($_POST as $key => $value) { if ($key != "submit") { if (!check_answer($value, $key)) { $allCorrect = false; $hints[$key] = getHint($key); } } } } function scramble_answers($array) { if (!is_array($array)) { return $array; } $keys = array_keys($array); shuffle($keys); $random = array(); foreach ($keys as $key) {
} //为防止恶意注册,跨站攻击 check_code($_POST['code'], $_SESSION['code']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //唯一标识符第二个作用,登录cookie验证 $clean['uniqid'] = check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); //active也是唯一标识符,用来给刚注册的用户做激活处理用,不然也不能登录 $clean['active'] = sha1_uniqid(); $clean['username'] = check_username($_POST['username'], 2, 20); $clean['password'] = check_password($_POST['password'], $_POST['aginePassword'], 6); $clean['question'] = check_question($_POST['question'], 2, 20); $clean['answer'] = check_answer($_POST['question'], $_POST['answer'], 2, 20); $clean['sex'] = check_sex($_POST['sex']); $clean['photo'] = check_photo($_POST['photo']); $clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); //新增用户之前,判断用户名是否重复 is_repeat("SELECT bbs_username FROM bbs_users WHERE bbs_username='******'username']}' LIMIT 1", '对不起,该用户名已被注册'); //新增用户 //在双引号里面直接方变量可以$username,但如果是数组,就必须加一个花括号 query("INSERT INTO bbs_users (\n bbs_uniqid,\n bbs_active,\n bbs_username,\n bbs_password,\n bbs_question,\n bbs_answer,\n bbs_sex,\n bbs_photo,\n bbs_email,\n bbs_qq,\n bbs_url,\n bbs_reg_time,\n bbs_last_time,\n bbs_last_ip\n ) \n VALUES (\n '{$clean['uniqid']}',\n '{$clean['active']}',\n '{$clean['username']}',\n '{$clean['password']}',\n '{$clean['question']}',\n '{$clean['answer']}',\n '{$clean['sex']}',\n '{$clean['photo']}',\n '{$clean['email']}',\n '{$clean['qq']}',\n '{$clean['url']}',\n NOW(),\n NOW(),\n '{$_SERVER["REMOTE_ADDR"]}'\n )"); if (affected_rows() == 1) { //获取刚刚新增的id $clean['id'] = mysql_insert_id(); //关闭数据库 close();
<?php require_once "functions.php"; check_answer();
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Online Judge</title> </head> <body> <p> <?php $fresult = check_answer($_FILES['upfile']['tmp_name'], "./test.txt"); if ($fresult == 1) { printf("SUBMIT FILE READ ERROR<br>"); } if ($fresult == 2) { printf("ANSWER FILE READ ERROR<br>"); } if ($fresult == 3) { printf("ACCEPTED<br>"); } if ($fresult >= 4) { printf("WRONG ANSWER<br>"); } function check_answer($submitfile, $answerfile) { $result = 1; $submitfile_fp = fopen($submitfile, "r"); if (!$submitfile_fp) { return $result; } $result = 2;