$output = showLogin("", isset($_SESSION[Challenge::PLAYER])); //$output[] = "You are logged in"; if (isset($_SESSION['referrer'])) { $location = util::getSession('referrer'); unset($_SESSION['referrer']); header("Location:" . $location); } } else { $output = showLogin("Unknown user", isset($_SESSION[Challenge::PLAYER])); } break; case 'doregister': $output = showRegister(''); break; case 'register': if (util::getPost('password1') === false) { $output = showRegister(''); } else { extract($_POST); // print_r($_POST); if ("" == $email) { // echo "setting email"; $email = ""; } if (!"" == $name) { if ($password1 != $password2) { // not all set $output = showRegister("Passwords not equal"); } else { if (CTF::register($name, $password1, $email)) { $output = showLogin("", isset($_SESSION[Challenge::PLAYER]));
<?php session_start(); /* * To change this template, choose Tools | Templates * and open the template in the editor. */ require_once "../config/config.inc.php"; $challenge = new Challenge(); if (isset($_POST['m'])) { $mail = util::getPost('m'); $db = new MySQL(HOST, DB_USER, DB_PASSWORD, DB_NAME); $sql = "SELECT mfrom,mto,msubject,mbody,mdate FROM mailbox m,players u WHERE u.id=m.userid AND u.name='" . $challenge->getUser() . "' AND m.mailid={$mail}"; // echo $sql; $result = $db->query($sql); $row = $result->fetch(); extract($row); $text = <<<EOT <div id="message"> <!-- mail starts here --> <table id="mailheader" cellpadding="15" cellspacing="3"> <tr><td align="right">To:</td><td> </td><td>{$mto}</td></tr> <tr><td align="right">From:</td><td> </td><td>{$mfrom}</td></tr> <tr><td align="right">Date:</td><td> </td><td>{$mdate}</td></tr> <tr><td align="right">Subject:</td><td> </td><td>{$msubject}</td></tr> </table> <hr/> <div id="mailbody">{$mbody}</div> <!-- mail ends here --> </div> EOT;
<?php require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); $user = "******"; $sessionhack = base64_encode($user . "/" . $pwd); if (isset($_POST['submit'])) { $code = util::getPost('password'); if ($code == $pwd) { $challenge->mark(); CTF::showAchieved(); } } ?> <br/><br/><applet code="Applet1.class" height=60><param name="session" value="<?php echo $sessionhack; ?> " /></applet> <hr/> <form autocomplete="off" method="post"> <input type="hidden" name="action" value="login" /> <table> <tr><td>Code</td><td>:</td><td><input type="text" name="password" /></td></tr> <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /></td></tr> </table> </form>
<?php require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); if (isset($_POST['submit'])) { $uid = util::getPost('username'); $passwd = util::getPost('password'); if ($uid = "admin" && $passwd == $pwd) { $challenge->mark(); CTF::showAchieved(); } } ?> <a href="show.php?filename=example.php" style="color:blue;">You can look at a PHP example here</a> <br/><br/> <hr/> <br/> <form autocomplete="off" method="post"> <table> <tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr> <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit"/> <?php $challenge->nextButton(); ?> </td></tr> </table> </form> <?php
echo CTF::header($array); echo '<div id="challengecontainer"><div id="challengeframe">'; $output = ""; $db = new MySQL(HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_SESSION['player'])) { if (isset($_GET['t'])) { $t = util::getGet('t'); $token = $challenge->getToken(); echo "t={$t};token={$token}"; if (true === ($t == $token)) { $challenge->mark(); util::forward(WEBROOT . "/index.php"); } } else { if (isset($_POST['action'])) { $token = util::getPost('token'); $validtoken = $challenge->getToken(); if ($validToken === $token || in_array($token, $otherTokens)) { $output = "valid token"; // token is valid //$row = $result->fetch(); $user = util::getSession('player'); $sql = "INSERT INTO scoreboard SELECT id,'{$token}',now()+0 FROM players WHERE name='{$user}'"; //$sql = "INSERT INTO scoreboard VALUES($user,'$token',now()+1)"; $result = $db->query($sql); } else { $output = "not valid"; } } } } else {