private function addSubmission($challenge) { $challengeDetails = \webgoat\ContestChallenges::getByName($challenge); $flag = $_POST['flag']; $ip = \jf\HttpRequest::IP(); $challengeID = $challengeDetails[0]['ID']; $userID = jf::CurrentUser(); $data = array('UserID' => $userID, 'ChallengeID' => $challengeID, 'Flag' => $flag, 'IP' => $ip, 'timestamp' => time()); \webgoat\ContestSubmissions::add($data); \webgoat\ContestChallenges::incrementTotalAttempts($challenge); if (\webgoat\ContestSubmissions::evaluate($challengeID, $flag)) { $this->Submission = 1; // Increment complete count \webgoat\ContestChallenges::incrementCompletedCount($challenge); } else { $this->Submission = 0; } }
/** * prints html description of services * * @access private */ function webDescription() { global $HTTP_SERVER_VARS; $PHP_SELF = \jf\HttpRequest::URL(false); // if (isset($_SERVER)) { // $PHP_SELF = $_SERVER['PHP_SELF']; // } elseif (isset($HTTP_SERVER_VARS)) { // $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; // } else { // $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available"); // } $b = ' <html><head><title>NuSOAP: ' . $this->serviceName . '</title> <style type="text/css"> body { font-family: arial; color: #000000; background-color: #ffffff; margin: 0px 0px 0px 0px; } p { font-family: arial; color: #000000; margin-top: 0px; margin-bottom: 12px; } pre { background-color: silver; padding: 5px; font-family: Courier New; font-size: x-small; color: #000000;} ul { margin-top: 10px; margin-left: 20px; } li { list-style-type: none; margin-top: 10px; color: #000000; } .content{ margin-left: 0px; padding-bottom: 2em; } .nav { padding-top: 10px; padding-bottom: 10px; padding-left: 15px; font-size: .70em; margin-top: 10px; margin-left: 0px; color: #000000; background-color: #ccccff; width: 20%; margin-left: 20px; margin-top: 20px; } .title { font-family: arial; font-size: 26px; color: #ffffff; background-color: #999999; width: 100%; margin-left: 0px; margin-right: 0px; padding-top: 10px; padding-bottom: 10px;} .hidden { position: absolute; visibility: hidden; z-index: 200; left: 250px; top: 100px; font-family: arial; overflow: hidden; width: 600; padding: 20px; font-size: 10px; background-color: #999999; layer-background-color:#FFFFFF; } a,a:active { color: charcoal; font-weight: bold; } a:visited { color: #666666; font-weight: bold; } a:hover { color: cc3300; font-weight: bold; } </style> <script language="JavaScript" type="text/javascript"> <!-- // POP-UP CAPTIONS... function lib_bwcheck(){ //Browsercheck (needed) this.ver=navigator.appVersion this.agent=navigator.userAgent this.dom=document.getElementById?1:0 this.opera5=this.agent.indexOf("Opera 5")>-1 this.ie5=(this.ver.indexOf("MSIE 5")>-1 && this.dom && !this.opera5)?1:0; this.ie6=(this.ver.indexOf("MSIE 6")>-1 && this.dom && !this.opera5)?1:0; this.ie4=(document.all && !this.dom && !this.opera5)?1:0; this.ie=this.ie4||this.ie5||this.ie6 this.mac=this.agent.indexOf("Mac")>-1 this.ns6=(this.dom && parseInt(this.ver) >= 5) ?1:0; this.ns4=(document.layers && !this.dom)?1:0; this.bw=(this.ie6 || this.ie5 || this.ie4 || this.ns4 || this.ns6 || this.opera5) return this } var bw = new lib_bwcheck() //Makes crossbrowser object. function makeObj(obj){ this.evnt=bw.dom? document.getElementById(obj):bw.ie4?document.all[obj]:bw.ns4?document.layers[obj]:0; if(!this.evnt) return false this.css=bw.dom||bw.ie4?this.evnt.style:bw.ns4?this.evnt:0; this.wref=bw.dom||bw.ie4?this.evnt:bw.ns4?this.css.document:0; this.writeIt=b_writeIt; return this } // A unit of measure that will be added when setting the position of a layer. //var px = bw.ns4||window.opera?"":"px"; function b_writeIt(text){ if (bw.ns4){this.wref.write(text);this.wref.close()} else this.wref.innerHTML = text } //Shows the messages var oDesc; function popup(divid){ if(oDesc = new makeObj(divid)){ oDesc.css.visibility = "visible" } } function popout(){ // Hides message if(oDesc) oDesc.css.visibility = "hidden" } //--> </script> </head> <body> <div class=content> <br><br> <div class=title>' . $this->serviceName . '</div> <div class=nav> <p>View the <a href="' . $PHP_SELF . '?wsdl">WSDL</a> for the service. Click on an operation name to view it's details.</p> <ul>'; foreach ($this->getOperations() as $op => $data) { $b .= "<li><a href='#' onclick=\"popout();popup('{$op}')\">{$op}</a></li>"; // create hidden div $b .= "<div id='{$op}' class='hidden'>\r\n\t\t\t\t <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>"; foreach ($data as $donnie => $marie) { // loop through opdata if ($donnie == 'input' || $donnie == 'output') { // show input/output data $b .= "<font color='white'>" . ucfirst($donnie) . ':</font><br>'; foreach ($marie as $captain => $tenille) { // loop through data if ($captain == 'parts') { // loop thru parts $b .= " {$captain}:<br>"; //if(is_array($tenille)){ foreach ($tenille as $joanie => $chachi) { $b .= " {$joanie}: {$chachi}<br>"; } //} } else { $b .= " {$captain}: {$tenille}<br>"; } } } else { $b .= "<font color='white'>" . ucfirst($donnie) . ":</font> {$marie}<br>"; } } $b .= '</div>'; } $b .= ' <ul> </div> </div></body></html>'; return $b; }
<?php if (\jf\HttpRequest::File() == "sys/login" or \jf\HttpRequest::File() == "sys/logout") { return; } if (!j::UserID()) { header("location: " . SiteRoot . "/sys/login?return=/{\\jf\\HttpRequest::File()}"); } else { if (!j::$RBAC->Check("panel")) { j::$RBAC->Enforce("root"); } }