function get_two_factor_auth_qr_url()
{
require_once CONFIG_PATH_THIRDPARTY . 'Google2FA/Google2FA.php';
$user = db_query_fetch_one('SELECT
u.id,
u.team_name,
t.secret
FROM users AS u
JOIN two_factor_auth AS t
WHERE
u.id = :user_id', array('user_id' => $_SESSION['id']));
if (empty($user['id']) || empty($user['secret'])) {
message_error('No two-factor authentication tokens found for this user.');
}
return Google2FA::get_qr_code_url($user['team_name'], $user['secret']);
}
if (should_print_metadata($challenge)) {
print_time_left_tooltip($challenge);
}
echo '</div>
<div class="panel-body">';
unset($relies_on);
// if this challenge relies on another being solved, get the related information
if ($challenge['relies_on']) {
$relies_on = db_query_fetch_one('
SELECT
c.id,
c.title,
cat.id AS category_id,
cat.title AS category_title,
s.correct AS has_solved_requirement
FROM
challenges AS c
LEFT JOIN categories AS cat ON cat.id = c.category
LEFT JOIN submissions AS s ON s.challenge = c.id AND s.correct = 1
WHERE
c.id = :relies_on', array('relies_on' => $challenge['relies_on']));
}
// if this challenge relies on another, and the user hasn't solved that requirement
if (isset($relies_on) && !$relies_on['has_solved_requirement']) {
echo '
<div class="challenge-description relies-on">', lang_get('challenge_relies_on', array('relies_on_link' => '<a href="challenge?id=' . htmlspecialchars($relies_on['id']) . '">' . htmlspecialchars($relies_on['title']) . '</a>', 'relies_on_category_link' => '<a href="challenges?category=' . htmlspecialchars($relies_on['category_id']) . '">' . htmlspecialchars($relies_on['category_title']) . '</a>')), '</div>
';
} else {
// write out challenge description
if ($challenge['description']) {
<?php
require '../include/mellivora.inc.php';
validate_id($_GET['id']);
head('User details');
if (cache_start('user_' . $_GET['id'], CONFIG_CACHE_TIME_USER)) {
$user = db_query_fetch_one('
SELECT
u.team_name,
u.competing,
co.country_name,
co.country_code
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
WHERE
u.id = :user_id', array('user_id' => $_GET['id']));
section_head(htmlspecialchars($user['team_name']), country_flag_link($user['country_name'], $user['country_code'], true), false);
if (!$user['competing']) {
message_inline_blue('This user is listed as a non-competitor.');
}
$challenges = db_query_fetch_all('
SELECT
ca.title,
(SELECT SUM(ch.points) FROM challenges AS ch JOIN submissions AS s ON s.challenge = ch.id AND s.user_id = :user_id AND s.correct = 1 WHERE ch.category = ca.id GROUP BY ch.category) AS points,
(SELECT SUM(ch.points) FROM challenges AS ch WHERE ch.category = ca.id GROUP BY ch.category) AS category_total
FROM categories AS ca
ORDER BY ca.title ASC', array('user_id' => $_GET['id']));
$user_total = 0;
$ctf_total = 0;
foreach ($challenges as $challenge) {
echo '<strong>', htmlspecialchars($challenge['title']), '</strong>, ', number_format($challenge['points']), ' / ', number_format($challenge['category_total']), ' (', round($challenge['points'] / max(1, $challenge['category_total']) * 100), '%)';
function loadInstanceURI($uri)
{
$instance = db_query_fetch_one('SELECT * FROM instances WHERE instanceURI =' . $uri);
$_SESSION["IName"] = $instance['name'];
$_SESSION["IID"] = $instance['id'];
$_SESSION["IRQ"] = $instance['registrationToken'];
}
LEFT JOIN challenges AS c ON c.id = s.challenge
';
if (!empty($where)) {
$query .= 'WHERE ' . implode('=? AND ', array_keys($where)) . '=? ';
}
if (array_get($_GET, 'user_id')) {
section_head('User submissions', button_link('List all submissions', 'list_submissions?only_needing_marking=0'), false);
} else {
if ($only_needing_marking) {
section_head('Submissions in need of marking', button_link('List all submissions', 'list_submissions?only_needing_marking=0'), false);
} else {
section_head('All submissions', button_link('Show only submissions in need of marking', 'list_submissions?only_needing_marking=1'), false);
}
}
$num_subs = db_query_fetch_one('
SELECT
COUNT(*) AS num
' . $query, array_values($where));
$from = get_pager_from($_GET);
$results_per_page = 70;
pager(CONFIG_SITE_ADMIN_URL . 'list_submissions', $num_subs['num'], $results_per_page, $from);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Challenge</th>
<th>Team name</th>
<th>Added</th>
<th>Flag</th>
<th>Correct</th>
<th>Manage</th>
</tr>
s.added,
c.available_from
FROM users AS u
LEFT JOIN submissions AS s ON s.user_id = u.id
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE
u.competing = 1 AND
s.challenge = :id AND
s.correct = 1
ORDER BY s.added ASC', array('id' => $_GET['id']));
section_head($challenge['title']);
$num_correct_solves = count($submissions);
if (!$num_correct_solves) {
echo 'This challenge has not yet been solved by any teams.';
} else {
$user_count = db_query_fetch_one('SELECT COUNT(*) AS num FROM users WHERE competing = 1');
echo 'This challenge has been solved by ', number_format($num_correct_solves / $user_count['num'] * 100, 1), '% of users.';
echo '
<table class="challenge-table table table-striped table-hover">
<thead>
<tr>
<th>Position</th>
<th>Team</th>
<th>Solved</th>
</tr>
</thead>
<tbody>
';
$i = 1;
foreach ($submissions as $submission) {
echo '
<?php
require '../include/mellivora.inc.php';
$user = db_select_one('users', array('id', 'enabled'), array('download_key' => $_GET['team_key']));
if (!is_valid_id($user['id'])) {
log_exception(new Exception('Invalid team key used for download'));
message_error(lang_get('invalid_team_key'));
}
if (!$user['enabled']) {
message_error(lang_get('user_not_enabled'));
}
$file = db_query_fetch_one('
SELECT
f.id,
f.title,
f.size,
f.md5,
c.available_from
FROM files AS f
LEFT JOIN challenges AS c ON c.id = f.challenge
WHERE f.download_key = :download_key', array('download_key' => $_GET['file_key']));
if (!is_valid_id($file['id'])) {
log_exception(new Exception('Invalid file key used for download'));
message_error(lang_get('no_file_found'));
}
if (time() < $file['available_from'] && !user_is_staff()) {
message_error(lang_get('file_not_available'));
}
download_file($file);
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Submissions');
menu_management();
if (!isset($_GET['all'])) {
$_GET['all'] = 0;
}
if ($_GET['all']) {
section_head('All submissions', button_link('Show only submissions in need of marking', 'list_submissions?all=0'), false);
} else {
section_head('Submissions in need of marking', button_link('List all submissions', 'list_submissions?all=1'), false);
}
$num_subs = db_query_fetch_one('
SELECT
COUNT(*) AS num
FROM submissions AS s
LEFT JOIN challenges AS c ON c.id = s.challenge
' . ($_GET['all'] ? '' : 'WHERE c.automark = 0 AND s.marked = 0') . '
');
$from = get_pager_from($_GET);
$results_per_page = 70;
pager(CONFIG_SITE_ADMIN_URL . 'list_submissions?' . (isset($_GET['all']) ? 'all=' . $_GET['all'] : ''), $num_subs['num'], $results_per_page, $from);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Challenge</th>
<th>Team name</th>
<th>Added</th>
<th>Flag</th>
<th>Correct</th>
function check_server_configuration()
{
// check for DB and PHP time mismatch
$dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp');
$time = time();
$error = abs($time - $dbInfo['timestamp']);
if ($error >= 5) {
message_inline_red('Database and PHP times are out of sync.
This will likely cause problems.
DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off).
Maybe you have different time zones set?');
}
// check that our writable dirs are writable
foreach (get_directory_list_recursive(CONST_PATH_FILE_WRITABLE) as $dir) {
if (!is_writable($dir)) {
message_inline_red('Directory (' . $dir . ') must be writable by Apache.');
}
}
if (version_compare(PHP_VERSION, CONST_MIN_REQUIRED_PHP_VERSION, '<')) {
message_inline_red('Your version of PHP is too old. You need at least ' . CONST_MIN_REQUIRED_PHP_VERSION . '. You are running: ' . PHP_VERSION);
}
}
<?php
require '../include/mellivora.inc.php';
enforce_authentication();
validate_id($_GET['id']);
$file = db_query_fetch_one('
SELECT
f.id,
f.title,
f.size,
c.available_from
FROM files AS f
LEFT JOIN challenges AS c ON c.id = f.challenge
WHERE f.id = :id', array('id' => $_GET['id']));
if (empty($file)) {
message_error('No file found with this ID');
}
if (time() < $file['available_from'] && !user_is_staff()) {
message_error('This file is not available yet.');
}
download_file($file);
function check_server_configuration()
{
// check for DB and PHP time mismatch
$dbInfo = db_query_fetch_one('SELECT UNIX_TIMESTAMP() AS timestamp');
$time = time();
$error = abs($time - $dbInfo['timestamp']);
if ($error >= 5) {
message_inline_red('Database and PHP times are out of sync.
This will likely cause problems.
DB time: ' . date_time($dbInfo['timestamp']) . ', PHP time: ' . date_time($time) . ' (' . $error . ' seconds off).
Maybe you have different time zones set?');
}
// check that our writable dirs are writable
if (!is_writable(CONFIG_PATH_FILE_WRITABLE)) {
message_inline_red('Writable directory does not exist, or your web server does not have write access to it.
You will not be able to upload files or perform caching.');
}
if (version_compare(PHP_VERSION, CONST_MIN_REQUIRED_PHP_VERSION, '<')) {
message_inline_red('Your version of PHP is too old. You need at least ' . CONST_MIN_REQUIRED_PHP_VERSION . '. You are running: ' . PHP_VERSION);
}
}
require '../../include/mellivora.inc.php';
enforce_authentication();
if ($_GET['action'] == "purchase") {
$hint = db_select_one('hints', array('*'), array('id' => $_GET['id']));
$scores = db_query_fetch_one('
SELECT
u.id AS user_id,
u.team_name,
u.instanceid,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.id = \'' . $_SESSION["id"] . '\'
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC');
$hintpurchase = db_query_fetch_one('SELECT SUM(value) as total FROM purchases WHERE uid =' . $_SESSION['id']);
$userbal = $scores['score'] - $hintpurchase['score'];
if ($hint['value'] <= $userbal) {
$id = db_insert('purchases', array('type' => '1', 'value' => $hint['value'], 'uid' => $_SESSION["id"], 'hid' => $hint['id'], 'instanceID' => $_SESSION['IID']));
redirect('challenges');
} else {
redirect('challenges?BAlert=1');
}
}
<?php
require '../include/ctf.inc.php';
validate_id($_GET['id']);
head(lang_get('challenge_details'));
if (cache_start(CONST_CACHE_NAME_CHALLENGE . $_GET['id'], CONFIG_CACHE_TIME_CHALLENGE)) {
$challenge = db_query_fetch_one('
SELECT
ch.title,
ch.description,
ch.available_from AS challenge_available_from,
ca.title AS category_title,
ca.available_from AS category_available_from
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
WHERE
ch.id = :id AND
ch.exposed = 1 AND
ca.exposed = 1', array('id' => $_GET['id']));
if (empty($challenge)) {
message_generic(lang_get('sorry'), lang_get('no_challenge_for_id'), false);
}
$now = time();
if ($challenge['challenge_available_from'] > $now || $challenge['category_available_from'] > $now) {
message_generic(lang_get('sorry'), lang_get('challenge_not_available'), false);
}
$submissions = db_query_fetch_all('SELECT
u.id AS user_id,
u.team_name,
s.added,
c.available_from
