function message_error($message, $head = true, $foot = true, $exit = true) { if ($head) { head('Error'); } section_subhead('Error'); message_inline_red($message); if ($foot) { foot(); } if ($exit) { exit; } }
function message_error($message, $head = true, $foot = true, $exit = true) { global $head_sent; if ($head && !$head_sent) { head(lang_get('error')); } section_subhead(lang_get('error')); message_inline_red($message); if ($foot) { foot(); } if ($exit) { exit; } }
function get_global_db_pdo() { global $db; if ($db === null) { try { $db = new PDO(DB_ENGINE . ':host=' . DB_HOST . ';port=' . DB_PORT . ';dbname=' . DB_NAME . ';charset=utf8', DB_USER, DB_PASSWORD); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } catch (Exception $e) { message_inline_red('Caught exception connecting to database'); throw $e; } } return $db; }
<th>Hint</th> <th>Manage</th> </tr> </thead> <tbody> '; $hints = db_select_all('hints', array('id', 'added', 'body'), array('challenge' => $_GET['id'])); foreach ($hints as $hint) { echo ' <tr> <td>', date_time($hint['added']), '</td> <td>', htmlspecialchars($hint['body']), '</td> <td><a href="edit_hint.php?id=', htmlspecialchars(short_description($hint['id'], 100)), '" class="btn btn-xs btn-primary">Edit</a></td> </tr> '; } echo ' </tbody> </table> <a href="new_hint.php?id=', htmlspecialchars($_GET['id']), '" class="btn btn-sm btn-warning">Add a new hint</a> '; section_subhead('Delete challenge: ' . $challenge['title']); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); form_hidden('id', $_GET['id']); message_inline_red('Warning! This will also delete all submissions, all hints and all files associated with challenge!'); form_button_submit('Delete challenge', 'danger'); form_end(); foot();
<?php require '../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); validate_id($_GET['id']); $category = db_select_one('categories', array('*'), array('id' => $_GET['id'])); head('Site management'); menu_management(); section_subhead('Edit category: ' . $category['title']); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category'); form_input_text('Title', $category['title']); form_textarea('Description', $category['description']); form_input_checkbox('Exposed', $category['exposed']); form_input_text('Available from', date_time($category['available_from'])); form_input_text('Available until', date_time($category['available_until'])); form_hidden('action', 'edit'); form_hidden('id', $_GET['id']); form_button_submit('Save changes'); form_end(); section_subhead('Delete category: ' . $category['title']); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); form_hidden('id', $_GET['id']); message_inline_red('Warning! This will delete all challenges under this category, as well as all submissions, files, and hints related those challenges!'); form_button_submit('Delete category', 'danger'); form_end(); foot();
echo ' <div class="challenge-submit"> <form method="post" class="form-flag" action="actions/challenges"> <textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea> <input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" /> <input type="hidden" name="action" value="submit_flag" />'; form_xsrf_token(); if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) { display_captcha(); } echo '<button class="btn btn-sm btn-primary flag-submit-button" type="submit" data-countdown="', max($challenge['latest_submission_added'] + $challenge['min_seconds_between_submissions'], 0), '" data-countdown-done="Submit flag">Submit flag</button>'; if (should_print_metadata($challenge)) { echo '<div class="challenge-submit-metadata">'; print_submit_metadata($challenge); echo '</div>'; } echo '</form>'; echo ' </div> '; } else { message_inline_red("You have no remaining submission attempts. If you've made an erroneous submission, please contact the organizers."); } } } echo ' </div> <!-- / panel-body --> </div> <!-- / challenge-container -->'; } echo '</div> <!-- / challenges-container-->'; foot();
<?php require '../../include/mellivora.inc.php'; enforce_authentication(CONFIG_UC_MODERATOR); validate_id($_GET['id']); head('Site management'); menu_management(); section_subhead('Edit user type'); $user_type = db_select_one('user_types', array('*'), array('id' => $_GET['id'])); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type'); form_input_text('Title', $user_type['title']); form_textarea('Description', $user_type['description']); form_hidden('action', 'edit'); form_hidden('id', $_GET['id']); form_button_submit('Save changes'); form_end(); section_subhead('Delete user type'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); form_hidden('id', $_GET['id']); message_inline_red('Warning! Any users of this type will be without a type. You must manually give them a type in the DB. If no types will exist after this action, you must set their type to 0.'); form_button_submit('Delete user type', 'danger'); form_end(); foot();
validate_id($_GET['id']); $user = db_select_one('users', array('team_name', 'email', 'enabled', 'competing', 'country_id'), array('id' => $_GET['id'])); head('Site management'); menu_management(); section_subhead('Edit user: '******'team_name']); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user'); form_input_text('Email', $user['email']); form_input_text('Team name', $user['team_name']); $opts = db_query_fetch_all('SELECT * FROM countries ORDER BY country_name ASC'); form_select($opts, 'Country', 'id', $user['country_id'], 'country_name'); form_input_checkbox('Enabled', $user['enabled']); form_input_checkbox('Competing', $user['competing']); form_hidden('action', 'edit'); form_hidden('id', $_GET['id']); form_button_submit('Save changes'); form_end(); section_subhead('Reset password'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user'); form_input_checkbox('Reset confirmation'); form_hidden('action', 'reset_password'); form_hidden('id', $_GET['id']); form_button_submit('Reset password', 'warning'); form_end(); section_subhead('Delete user'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); form_hidden('id', $_GET['id']); message_inline_red('Warning! This will delete all submissions made by this user!'); form_button_submit('Delete user', 'danger'); foot();
function head($title = '') { global $head_sent; header('Content-Type: text/html; charset=utf-8'); echo '<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>', $title ? htmlspecialchars($title) . ' : ' : '', CONFIG_SITE_NAME, ' - ', CONFIG_SITE_SLOGAN, '</title> <meta name="description" content="', CONFIG_SITE_DESCRIPTION, '"> <meta name="author" content=""> <link rel="icon" href="', CONFIG_SITE_URL_STATIC_RESOURCES, 'img/favicon.png" type="image/png" /> <!-- CSS --> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet"> <link href="', CONFIG_SITE_URL_STATIC_RESOURCES, 'css/mellivora.css" rel="stylesheet">'; js_global_dict(); if (CONFIG_SEGMENT_IO_KEY) { echo ' <script type="text/javascript"> window.analytics=window.analytics||[],window.analytics.methods=["identify","group","track","page","pageview","alias","ready","on","once","off","trackLink","trackForm","trackClick","trackSubmit"],window.analytics.factory=function(t){return function(){var a=Array.prototype.slice.call(arguments);return a.unshift(t),window.analytics.push(a),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var key=window.analytics.methods[i];window.analytics[key]=window.analytics.factory(key)}window.analytics.load=function(t){if(!document.getElementById("analytics-js")){var a=document.createElement("script");a.type="text/javascript",a.id="analytics-js",a.async=!0,a.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.io/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(a,n)}},window.analytics.SNIPPET_VERSION="2.0.9", window.analytics.load("', CONFIG_SEGMENT_IO_KEY, '"); window.analytics.page(); </script> '; } echo ' </head> <body>'; if (!user_is_logged_in()) { login_dialog(); } echo ' <div class="page"> <nav class="header" id="header"> <div id="header-inner"> <div id="header-logo"> <a href="', CONFIG_SITE_URL, '"> <h3 id="site-logo-text">', CONFIG_SITE_NAME, '</h3> <div id="site-logo"> <object data="' . CONFIG_SITE_URL_STATIC_RESOURCES . 'img/mellivora.svg" type="image/svg+xml"></object> </div> </a> </div> <div id="header-menu"> <ul class="nav nav-pills pull-right" id="menu-main">'; if (user_is_logged_in()) { if (user_is_staff()) { echo '<li><a href="', CONFIG_SITE_ADMIN_URL, '">', lang_get('manage'), '</a></li>'; } echo ' <li><a href="', CONFIG_SITE_URL, 'home">', lang_get('home'), '</a></li> <li><a href="', CONFIG_SITE_URL, 'challenges">', lang_get('challenges'), '</a></li> <li><a href="', CONFIG_SITE_URL, 'hints">', lang_get('hints'), '</a></li> <li><a href="', CONFIG_SITE_URL, 'scores">', lang_get('scores'), '</a></li> <li><a href="', CONFIG_SITE_URL, 'profile">', lang_get('profile'), '</a></li> ', dynamic_menu_content(), ' <li>', form_logout(), '</li> '; } else { echo ' <li><a href="', CONFIG_SITE_URL, 'home">', lang_get('home'), '</a></li> <li><a href="', CONFIG_SITE_URL, 'scores">', lang_get('scoreboard'), '</a></li> ', dynamic_menu_content(), ' <li><a href="', CONFIG_SITE_URL, 'register">', lang_get('register'), '</a></li> <li><a href="" data-toggle="modal" data-target="#login-dialog">', lang_get('log_in'), '</a></li> '; } echo ' </ul> </div> </div> </nav><!-- navbar --> <div class="container" id="body-container"> <div id="content-container"> '; if (isset($_GET['generic_success'])) { message_inline_green('<h3>' . lang_get('action_success') . '</h3>', false); } else { if (isset($_GET['generic_failure'])) { message_inline_red('<h3>' . lang_get('action_failure') . '</h3>', false); } else { if (isset($_GET['generic_warning'])) { message_inline_red('<h3>', lang_get('action_something_went_wrong'), '</h3>', false); } } } $head_sent = true; }
function check_server_configuration() { // check for DB and PHP time mismatch $dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp'); $time = time(); $error = abs($time - $dbInfo['timestamp']); if ($error >= 5) { message_inline_red('Database and PHP times are out of sync. This will likely cause problems. DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off). Maybe you have different time zones set?'); } // check that our writable dirs are writable foreach (get_directory_list_recursive(CONST_PATH_FILE_WRITABLE) as $dir) { if (!is_writable($dir)) { message_inline_red('Directory (' . $dir . ') must be writable by Apache.'); } } if (version_compare(PHP_VERSION, CONST_MIN_REQUIRED_PHP_VERSION, '<')) { message_inline_red('Your version of PHP is too old. You need at least ' . CONST_MIN_REQUIRED_PHP_VERSION . '. You are running: ' . PHP_VERSION); } }
function check_server_configuration() { // check for DB and PHP time mismatch $dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp'); $time = time(); $error = abs($time - $dbInfo['timestamp']); if ($error >= 5) { message_inline_red('Database and PHP times are out of sync. This will likely cause problems. DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off). Maybe you have different time zones set?'); } // check that our writable dirs are writable if (!is_writable(CONFIG_PATH_FILE_WRITABLE)) { message_inline_red('Writable directory does not exist, or your web server does not have write access to it. You will not be able to upload files or perform caching.'); } if (version_compare(PHP_VERSION, '5.3.7', '<')) { message_inline_red('Your version of PHP is too old. You need at least 5.3.7. You are running: ' . PHP_VERSION); } }
<?php require '../../include/ctf.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); head('Exceptions'); menu_management(); section_subhead('Clear exceptions'); form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_exceptions'); form_input_checkbox('Delete confirmation'); form_hidden('action', 'delete'); message_inline_red('Warning! This will delete ALL exception logs!!'); form_button_submit('Clear exceptions', 'danger'); form_end(); foot();
function head($title = '') { header('Content-Type: text/html; charset=utf-8'); echo '<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>', $title ? htmlspecialchars($title) . ' : ' : '', CONFIG_SITE_NAME, ' - ', CONFIG_SITE_SLOGAN, '</title> <meta name="description" content="', CONFIG_SITE_DESCRIPTION, '"> <meta name="author" content=""> <link rel="icon" href="', CONFIG_SITE_URL, 'img/favicon.png" type="image/png" /> <!-- CSS --> <link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet"> <link href="', CONFIG_SITE_URL, 'css/mellivora.css" rel="stylesheet">'; js_global_dict(); if (CONFIG_SEGMENT_IO_KEY) { echo ' <script type="text/javascript"> window.analytics=window.analytics||[],window.analytics.methods=["identify","group","track","page","pageview","alias","ready","on","once","off","trackLink","trackForm","trackClick","trackSubmit"],window.analytics.factory=function(t){return function(){var a=Array.prototype.slice.call(arguments);return a.unshift(t),window.analytics.push(a),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var key=window.analytics.methods[i];window.analytics[key]=window.analytics.factory(key)}window.analytics.load=function(t){if(!document.getElementById("analytics-js")){var a=document.createElement("script");a.type="text/javascript",a.id="analytics-js",a.async=!0,a.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.io/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(a,n)}},window.analytics.SNIPPET_VERSION="2.0.9", window.analytics.load("', CONFIG_SEGMENT_IO_KEY, '"); window.analytics.page(); </script> '; } echo ' </head> <body>'; if (!user_is_logged_in()) { login_dialog(); } if ($_GET["instanceURI"] != null) { loadInstanceURI($_GET["instanceURI"]); } if ($_GET["instanceID"] != null && $_SESSION['IID'] == null && !verifySAGlobal()) { loadInstance($_GET["instanceID"]); } if ($_SESSION['IID'] == null) { loadInstance('0'); } else { // loadInstance('') } echo ' <div class="page"> <nav class="header" id="header"> <div id="header-inner"> <div id="header-logo"> <a href="', CONFIG_SITE_URL, '"> <h4 id="site-logo-text">', CONFIG_SITE_NAME, '</h4> <h6 id="site-logo-text">' . $_SESSION["IName"] . '</h6> <div id="site-logo"/> <img src = "../img/btn_DIS1.jpg" height="50" width="50"><img src = "../img/sit_it_choices.jpg" height="50" width="50"> </div> </a> </div> <div id="header-menu"> <ul class="nav nav-pills pull-right" id="menu-main">'; if (user_is_logged_in()) { if (user_is_staff()) { echo '<li><a href="', CONFIG_SITE_ADMIN_URL, '">Manage</a></li>'; } echo ' <li><a href="', CONFIG_SITE_URL, 'home">Home</a></li> <li><a href="', CONFIG_SITE_URL, 'challenges">Challenges</a></li> <li><a href="', CONFIG_SITE_URL, 'scores">Scores</a></li> <li><a href="', CONFIG_SITE_URL, 'profile">Profile</a></li> ', $_SESSION['IID'] == 0 ? '<li><a href="' . CONFIG_SITE_URL . 'game">Game</a></li>' : "", ' ', dynamic_menu_content(), ' <li><a href="', CONFIG_SITE_URL, 'logout">Log out (', substr($_SESSION['UName'], 0, 10), ')</a></li> '; } else { echo ' <li><a href="', CONFIG_SITE_URL, 'home">Home</a></li> <li><a href="', CONFIG_SITE_URL, 'scores">Scores</a></li> ', dynamic_menu_content(), ' <li><a href="', CONFIG_SITE_URL, 'register">Register</a></li> <li><a href="" data-toggle="modal" data-target="#login-dialog">Log in</a></li> '; } echo ' </ul> </div> </div> </nav><!-- navbar --> <div class="container" id="body-container"> <div id="content-container"> '; if (isset($_GET['generic_success'])) { message_inline_green('<h3>Success!</h3>', false); } else { if (isset($_GET['generic_failure'])) { message_inline_red('<h3>Failure!</h3>', false); } else { if (isset($_GET['generic_warning'])) { message_inline_red('<h3>Something went wrong! Most likely the action you attempted has failed.</h3>', false); } } } }