private static function validateCSRF($context, GWF_Form $form, $validator)
{
if (GWF_Form::CSRF_OFF === ($level = $form->getCSRFLevel())) {
} else {
if (false === ($token = GWF_CSRF::validateToken()) || $token !== $form->getCSRFToken()) {
return GWF_HTML::lang('ERR_CSRF');
}
}
return false;
}
}
# And display the header
$chall->showHeader();
# Show mission box (translated)
echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t'));
# Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input.
if (phpself_checkit()) {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
# Show this file as highlighted sourcecode, if desired
if ('christmas' === Common::getGetString('highlight')) {
$msg = file_get_contents('challenge/yourself_php/index.php');
$msg = '[' . 'code=php title=index.php]' . $msg . '[' . '/code]';
echo GWF_Box::box(GWF_Message::display($msg));
}
# __This is the challenge:
if (isset($_POST['username'])) {
echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username'))));
}
echo '<div class="box box_c">' . PHP_EOL;
echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']) . PHP_EOL;
echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')) . PHP_EOL;
echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>') . PHP_EOL;
echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>') . PHP_EOL;
echo sprintf('</form>') . PHP_EOL;
echo '</div>' . PHP_EOL;
# __End of challenge
# Print Challenge Footer
echo $chall->copyrightFooter();
# Print end of website
require_once 'challenge/html_foot.php';
<?php
$user = $tVars['user'];
$user instanceof GWF_User;
echo $tVars['form_add'];
?>
<form action="<?php
echo $tVars['form_action'];
?>
" method="post">
<?php
echo GWF_CSRF::hiddenForm('');
foreach ($tVars['groups'] as $name => $group) {
$group instanceof GWF_UserGroup;
$founderid = $group->getVar('group_founder');
echo '<div>';
if ($founderid === $user->getID()) {
echo sprintf('<input type="submit" name="remgroup[%s]" disabled="disabled" value="%s" />', $group->getVar('group_id'), $group->display('group_name'));
} else {
echo sprintf('<input type="submit" name="remgroup[%s]" value="%s"/>', $group->getVar('group_id'), $group->display('group_name'));
}
echo '</div>' . PHP_EOL;
}
?>
</form>
<?php
$headers = array(array('<input type="checkbox" onclick="gwfMassToggler(this, \'.gwf_mass_toggle input\');" />'), array($tLang->lang('th_user_country'), 'country_name'), array($tLang->lang('th_user_name'), 'user_name'), array($tLang->lang('th_user_level'), 'user_level'), array($tLang->lang('th_date_added'), 'pw_date'));
echo '<div class="fl">';
echo $tVars['form_settings']->templateX($tVars['module']->lang('ft_settings'));
echo '</div>' . PHP_EOL;
echo '<div class="fl">';
echo $tVars['form_add']->templateX($tLang->lang('ft_add_whitelist'));
echo '</div>' . PHP_EOL;
echo '<div class="fl">';
echo $tVars['form_clear']->templateX($tLang->lang('ft_clear_pois'));
echo '</div>' . PHP_EOL;
echo '<div class="cb"></div>' . PHP_EOL;
echo $tVars['page_menu'];
echo '<form method="post" action="' . htmlspecialchars($tVars['form_action']) . '">' . PHP_EOL;
echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('poi_whitelisting'));
echo GWF_Table::start('gwf_mass_toggle');
echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']);
$table = $tVars['table'];
$result = $table->select('user_id, user_countryid, country_name, user_name, user_level, pw_date', $tVars['where'], "{$tVars['by']} {$tVars['dir']}", array('userb', 'country'), $tVars['ipp'], $tVars['from']);
while (false !== ($row = $table->fetch($result, GDO::ARRAY_N))) {
echo GWF_Table::rowStart();
echo GWF_Table::column('<input type="checkbox" name="user[' . $row[0] . ']" />');
echo GWF_Table::column(GWF_Country::displayFlagS2($row[1], $row[2]));
echo GWF_Table::column(sprintf('<a href="%2$sprofile/%1$s">%1$s</a>', htmlspecialchars($row[3]), GWF_WEB_ROOT));
echo GWF_Table::column($row[4], 'gwf_num');
echo GWF_Table::column(GWF_Time::displayDate($row[5]), 'gwf_date');
echo GWF_Table::rowEnd();
}
echo GWF_Table::end();
echo GWF_Button::wrapStart();
public static function displayHeaderLoginBROKEN(Module_WeChall $module)
{
if (GWF_User::isLoggedIn() || !GWF_Session::haveCookies()) {
return '';
}
if (false === ($mod_login = GWF_Module::loadModuleDB('Login', false, true))) {
return '';
}
$formhash = GWF_Password::getToken('_username_password_bind_ip_login');
return '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . '<div>' . GWF_CSRF::hiddenForm($formhash) . '</div>' . '<div>' . $mod_login->lang('th_username') . ' <input type="text" name="username" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_password') . ' <input type="password" name="password" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_bind_ip') . ' <input type="checkbox" name="bind_ip" checked="checked" />' . '<input type="submit" name="login" value="' . $mod_login->lang('btn_login') . '" />' . '</div>' . '</form>';
}
function zreloadShowShell($shellid, $narrator, $level, $onfocus = true)
{
global $prompt, $title;
$sn = 'zreload_shell_' . $shellid;
if (!GWF_Session::exists($sn)) {
GWF_Session::set($sn, array());
}
?>
<div class="chall_rel_shell_wrap box">
<div class="chall_rel_shell_title"><?php
echo sprintf('%s (Level %d)', $title, $level);
?>
</div>
<div class="chall_rel_shell">
<div id="chall_rel_nar_<?php
echo $shellid;
?>
"><?php
echo $narrator;
?>
</div>
<div class="chall_rel_shell_out">
<div><?php
echo zreloadPrintShell($shellid);
?>
</div>
</div>
<hr/>
<form action="zshellz.php" method="post">
<?php
echo GWF_CSRF::hiddenForm('');
?>
<div><input type="hidden" name="level" value="<?php
echo $level;
?>
" /></div>
<div><input type="hidden" name="shellid" value="<?php
echo $shellid;
?>
" /></div>
<div style="color: white;">
<?php
echo $prompt;
?>
<input class="chall_rel_shell_input" id="zshell<?php
echo $shellid;
?>
" type="text" name="input" value="" />
<input type="submit" name="cmd" value="Enter" />
</div>
</form>
</div>
</div>
<!--<pre><?php
#echo zreloadGetDebug();
?>
</pre>-->
<?php
if ($onfocus) {
?>
<script type="text/javascript">
var input = document.getElementById('zshell<?php
echo $shellid;
?>
');
input.focus();
</script>
<?php
}
}
<?php
$headers = array(array($tLang->lang('th_pmf_name'), 'pmf_name', 'ASC'), array($tLang->lang('th_pmf_count'), 'pmf_count', 'DESC'), array());
echo GWF_Form::start($tVars['folder_action']);
echo GWF_CSRF::hiddenForm('PM_REM_FOLDER');
echo GWF_Table::start();
echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']);
foreach ($tVars['folders'] as $row) {
$foldername = $row->display('pmf_name');
$folderid = $row->getVar('pmf_id');
$href = $row->getOverviewHREF();
echo GWF_Table::rowStart();
echo GWF_Table::column(sprintf('<a href="%s">%s</a>', $href, $foldername), 'ri');
echo GWF_Table::column(sprintf('<a href="%s">%s</a>', $href, $row->getVar('pmf_count')), 'gwf_num');
echo GWF_Table::column(GWF_Form::checkbox("folder[{$folderid}]", false));
echo GWF_Table::rowEnd();
}
echo GWF_Table::rowStart();
echo GWF_Table::column(GWF_Form::submit('delete_folder', $tLang->lang('btn_delete')), 'ri', 3);
echo GWF_Table::rowEnd();
echo GWF_Table::end();
echo GWF_Form::end();
?>
<?php
echo $tVars['module']->getUserGroupButtons();
$user = GWF_User::getStaticOrGuest();
$tVars['module'] instanceof Module_Usergroups;
$btn_part = $tLang->lang('btn_part');
$btn_join = $tLang->lang('btn_join');
$headers = array(array($tLang->lang('th_group_name'), 'group_name'), array($tLang->lang('th_group_memberc'), 'group_memberc'), array($tLang->lang('th_group_founder'), 'user_name'), array($btn_part));
echo $tVars['page_menu'];
$user instanceof GWF_User;
echo '<form method="post" action="' . htmlspecialchars($tVars['form_action']) . '">' . PHP_EOL;
echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('partgrp'));
echo GWF_Table::start();
echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']);
foreach ($tVars['groups'] as $group) {
$group instanceof GWF_Group;
$groupname = $group->getVar('group_name');
$founder = $group->getFounder();
$in_grp = $user->isInGroupName($groupname);
if ($in_grp) {
$ugopt = $user->getUserGroupOptions($group->getID());
#getGroupByName($groupname)->getInt('group_options');
// $ugopt = $user->getUserGroupOptions($groupname);
} else {
$ugopt = 0;
}
if (($ugopt & (GWF_UserGroup::LEADER | GWF_UserGroup::CO_LEADER)) > 0) {
$edit = GWF_Button::edit(GWF_WEB_ROOT . 'edit_usergroup/' . $group->getID() . '/' . $group->urlencodeSEO('group_name'));
} else {
$edit = '';
}
<?php
GWF_Website::addJavascript(GWF_WEB_ROOT . 'js/module/Shoutbox/gwf_shoutbox.js');
?>
<div>
<form action="<?php
echo $tVars['form_action'];
?>
" method="post">
<?php
echo GWF_CSRF::hiddenForm('SHOUTBOX');
?>
<?php
if ($tVars['captcha']) {
?>
<div><?php
echo $tVars['captcha'];
?>
<input type="text" name="captcha" id="captcha" size="5" value="" /></div>
<?php
}
?>
<div>
<input type="text" name="message" size="32" id="gwf_shoutmsg" />
<input type="submit" name="shout" value="<?php
echo $tLang->lang('btn_shout');
?>
" onclick="gwfShout(); return false;" />
</div>
</form>
</div>