<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit user type');
$user_type = db_select_one('user_types', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_text('Title', $user_type['title']);
form_textarea('Description', $user_type['description']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete user type');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! Any users of this type will be without a type.
You must manually give them a type in the DB. If no types will exist after this action, you must set their type to 0.');
form_button_submit('Delete user type', 'danger');
form_end();
foot();
form_end();
section_subhead('Two-factor authentication', 'using TOTP');
form_start('actions/profile');
if ($user['2fa_status'] == 'generated') {
form_generic('QR', '<img src="' . get_two_factor_auth_qr_url() . '" alt="QR" title="Scan with your TOTP app" />');
form_input_text('Code');
form_hidden('action', '2fa_enable');
form_button_submit('Enable two-factor authentication');
} else {
if ($user['2fa_status'] == 'disabled') {
form_hidden('action', '2fa_generate');
form_button_submit('Generate codes');
} else {
if ($user['2fa_status'] == 'enabled') {
form_generic('QR', '<img src="' . get_two_factor_auth_qr_url() . '" alt="QR" title="Scan with your TOTP app" />');
form_hidden('action', '2fa_disable');
form_button_submit('Disable two-factor authentication', 'danger');
}
}
}
form_end();
section_subhead('Reset password');
form_start('actions/profile');
form_input_password('Current password');
form_input_password('New password');
form_input_password('New password again');
form_hidden('action', 'reset_password');
form_input_captcha();
form_button_submit('Reset password', 'warning');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit dynamic menu item');
$menu_item = db_select_one('dynamic_menu', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_text('Title', $menu_item['title']);
form_input_text('Permalink', $menu_item['permalink']);
dynamic_visibility_select($menu_item['visibility']);
$pages = db_select_all('dynamic_pages', array('id', 'title'));
array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---'));
form_select($pages, 'Internal page', 'id', $menu_item['internal_page'], 'title');
user_class_select($menu_item['min_user_class']);
form_input_text('URL', $menu_item['url']);
form_input_text('Priority', $menu_item['priority']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete menu item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete menu item', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
$rule = db_select_one('restrict_email', array('rule', 'enabled', 'white', 'priority'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit signup rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_text('Rule', $rule['rule']);
form_input_text('Priority', $rule['priority']);
form_input_checkbox('Whitelist', $rule['white']);
form_input_checkbox('Enabled', $rule['enabled']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete rule', 'danger');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New hint');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_hint');
form_textarea('Body');
$opts = db_query_fetch_all('
SELECT
ch.id,
ch.title,
ca.title AS category
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
ORDER BY ca.title, ch.title');
form_select($opts, 'Challenge', 'id', array_get($_GET, 'id', 0), 'title', 'category');
form_input_checkbox('Visible');
form_hidden('action', 'new');
form_button_submit('Create hint');
form_end();
foot();
' . ($search_for ? 'WHERE u.team_name LIKE :search_for_team_name OR u.email LIKE :search_for_email' : '') . (verifySA() ? '' : 'WHERE u.instanceID =' . $_SESSION["IID"]) . '
GROUP BY u.id
ORDER BY u.team_name ASC
LIMIT ' . $from . ', ' . $results_per_page, $values);
pager(CONFIG_SITE_ADMIN_URL . 'list_users/', count($users), $results_per_page, $from);
foreach ($users as $user) {
echo '
<tr>
<td>
<a href="', CONFIG_SITE_URL, 'user?id=', htmlspecialchars($user['id']), '">', htmlspecialchars($user['team_name']), '</a>
</td>
<td><a href="', CONFIG_SITE_ADMIN_URL, 'new_email.php?to=', htmlspecialchars($user['email']), '">', htmlspecialchars($user['email']), '</a></td>
<td>', date_time($user['added']), '</td>
<td>', user_class_name($user['class']), '</td>
<td>', $user['enabled'] ? 'Yes' : 'No', '</td>
<td><a href="', CONFIG_SITE_ADMIN_URL, 'list_ip_log.php?id=', htmlspecialchars($user['id']), '">', number_format($user['num_ips']), '</a></td>
<td>
<a href="', CONFIG_SITE_ADMIN_URL, 'edit_user.php?id=', htmlspecialchars($user['id']), '" class="btn btn-xs btn-primary">Edit</a>
</td>
</tr>
';
}
echo '
</tbody>
</table>
';
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/export_csv');
form_hidden('action', 'export');
form_button_submit('Export to CSV', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('Site management');
menu_management();
section_subhead('New news post');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_news');
form_input_text('Title');
form_textarea('Body');
echo '<script> window.onload = function(){CKEDITOR.replace("body", {
filebrowserUploadUrl: "actions/upload.php"
});}</script>';
form_hidden('action', 'new');
form_button_submit('Publish news item');
form_bbcode_manual();
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New email signup restriction rule');
message_inline_blue('Add rules to restrict which emails can sign up.
Rules in list below are applied top-down. Rules further down on the list override rules above.
List is ordered by "priority". A higher "priority" value puts a rule further down the list.
Rules are PCRE regex. Example: ^.+@.+$');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_restrict_email');
form_input_text('Rule');
form_input_text('Priority');
form_input_checkbox('Whitelist');
form_input_checkbox('Enabled');
form_hidden('action', 'new');
form_button_submit('Create new rule');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$news = db_select_one('news', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit news item: ' . $news['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_text('Title', $news['title']);
form_textarea('Body', $news['body']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_bbcode_manual();
form_end();
section_subhead('Delete news item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete news item', 'danger');
form_end();
foot();
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
if (array_get($_GET, 'bcc') == 'all') {
$users = db_select_all('users', array('email'));
$bcc = '';
foreach ($users as $user) {
$bcc .= $user['email'] . ",\n";
}
$bcc = trim($bcc);
}
section_subhead('New email');
message_inline_blue('Separate receiver emails with a comma and optional whitespace. You can use BBCode. If you do, you must send as HTML email.');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_email');
if (isset($bcc)) {
form_input_text('To', CONFIG_EMAIL_FROM_EMAIL);
form_input_text('CC');
form_textarea('BCC', $bcc);
} else {
form_input_text('To', isset($_GET['to']) ? $_GET['to'] : '');
form_input_text('CC');
form_input_text('BCC');
}
form_input_text('Subject');
form_textarea('Body');
form_input_checkbox('HTML email');
form_hidden('action', 'new');
message_inline_yellow('Important email? Remember to Ctrl+C before attempting to send!');
form_button_submit('Send email');
form_end();
foot();
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit hint');
$hint = db_select_one('hints', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_hint');
form_textarea('Body', $hint['body']);
$opts = db_query_fetch_all('SELECT
ch.id,
ch.title,
ca.title AS category
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
ORDER BY ca.title, ch.title');
form_select($opts, 'Challenge', 'id', $hint['challenge'], 'title', 'category');
form_input_checkbox('Visible', $hint['visible']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete hint');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_hint');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete hint', 'danger');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Exceptions');
menu_management();
section_subhead('Clear exceptions');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_exceptions');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
message_inline_red('Warning! This will delete ALL exception logs!!');
form_button_submit('Clear exceptions', 'danger');
form_end();
foot();
form_end();
section_subhead(lang_get('two_factor_auth'), lang_get('using_totp'));
form_start('actions/profile');
if ($user['2fa_status'] == 'generated') {
form_generic('QR', '<img src="' . get_two_factor_auth_qr_url() . '" alt="QR" title="' . lang_get('scan_with_totp_app') . '" />');
form_input_text('Code');
form_hidden('action', '2fa_enable');
form_button_submit(lang_get('enable_two_factor_auth'));
} else {
if ($user['2fa_status'] == 'disabled') {
form_hidden('action', '2fa_generate');
form_button_submit(lang_get('generate_codes'));
} else {
if ($user['2fa_status'] == 'enabled') {
form_generic('QR', '<img src="' . get_two_factor_auth_qr_url() . '" alt="QR" title="' . lang_get('scan_with_totp_app') . '" />');
form_hidden('action', '2fa_disable');
form_button_submit(lang_get('disable_two_factor_auth'), 'danger');
}
}
}
form_end();
section_subhead(lang_get('reset_password'));
form_start('actions/profile');
form_input_password('Current password');
form_input_password('New password');
form_input_password('New password again');
form_hidden('action', 'reset_password');
form_input_captcha();
form_button_submit(lang_get('reset_password'), 'warning');
form_end();
foot();
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
head('Site management');
menu_management();
section_subhead('New Instance');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_instance');
form_input_text('Name');
form_input_text('URI');
form_input_checkbox('Import Sample Challenge Set');
echo '<h4>Instance Administration</h4>';
form_input_text('Team Name');
form_input_text('Email');
echo '
<div class="form-group">
<label class="col-sm-2 control-label" for="password">Password</label>
<div class="col-sm-10">
<input id="password" name="password" class="form-control" placeholder="Password" type="password">
</div>
</div>
</div>
';
form_hidden('action', 'new');
form_button_submit('Create Instance');
form_end();
foot();
<?php
require '../include/mellivora.inc.php';
prefer_ssl();
head('Two-factor authentication required');
section_head('Two-factor authentication required');
form_start('actions/two_factor_auth');
form_input_text('Code', false, array('autocomplete' => 'off', 'autofocus' => true));
form_hidden('action', 'authenticate');
form_button_submit('Authenticate');
form_end();
foot();
<?php
require '../include/ctf.inc.php';
prefer_ssl();
head(lang_get('two_factor_auth_required'));
section_head(lang_get('two_factor_auth_required'));
form_start('actions/two_factor_auth');
form_input_text('Code', false, array('autocomplete' => 'off', 'autofocus' => true));
form_hidden('action', 'authenticate');
form_button_submit(lang_get('authenticate'));
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New user type');
message_inline_blue('User types are not required. You can add them if you wish to group contestants and give them separate scoreboards. If not, everyone will be in the same group.');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_user_type');
form_input_text('Title');
form_textarea('Description');
form_hidden('action', 'new');
form_button_submit('Create new user type');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
head('Site management');
menu_management();
section_subhead('Test signup rules');
message_inline_blue('Enter an email addess to test.');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/test_restrict_email');
form_input_text('Email');
form_hidden('action', 'test');
form_button_submit('Test');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('Search');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/search');
form_input_text('Search for');
$opts[] = array('id' => 'users', 'name' => 'Users');
$opts[] = array('id' => 'ip_log', 'name' => 'IP log');
form_select($opts, 'Search in', 'id', 'users', 'name');
form_button_submit('Search');
form_xsrf_token();
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New challenge');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_challenge');
form_input_text('Title');
form_textarea('Description');
form_textarea('Flag');
form_input_checkbox('Automark', true);
form_input_checkbox('Case insensitive');
form_input_text('Points');
form_input_text('Num attempts allowed');
form_input_text('Min seconds between submissions');
$opts = db_query_fetch_all('SELECT * FROM categories ORDER BY title');
form_select($opts, 'Category', 'id', array_get($_GET, 'category'), 'title');
form_input_checkbox('Exposed', true);
form_input_text('Available from', date_time());
form_input_text('Available until', date_time());
message_inline_blue('Create and edit challenge to add files.');
form_hidden('action', 'new');
form_button_submit('Create challenge');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$category = db_select_one('categories', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_text('Title', $category['title']);
form_textarea('Description', $category['description']);
form_input_checkbox('Exposed', $category['exposed']);
form_input_text('Available from', date_time($category['available_from']));
form_input_text('Available until', date_time($category['available_until']));
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will delete all challenges under this category, as well as all submissions, files, and hints related those challenges!');
form_button_submit('Delete category', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New category');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_category');
form_input_text('Title');
form_textarea('Description');
form_input_checkbox('Exposed', true);
form_input_text('Available from', date_time());
form_input_text('Available until', date_time());
form_hidden('action', 'new');
form_button_submit('Create category');
form_end();
foot();
<th>Hint</th>
<th>Manage</th>
</tr>
</thead>
<tbody>
';
$hints = db_select_all('hints', array('id', 'added', 'body'), array('challenge' => $_GET['id']));
foreach ($hints as $hint) {
echo '
<tr>
<td>', date_time($hint['added']), '</td>
<td>', htmlspecialchars($hint['body']), '</td>
<td><a href="edit_hint.php?id=', htmlspecialchars(short_description($hint['id'], 100)), '" class="btn btn-xs btn-primary">Edit</a></td>
</tr>
';
}
echo '
</tbody>
</table>
<a href="new_hint.php?id=', htmlspecialchars($_GET['id']), '" class="btn btn-sm btn-warning">Add a new hint</a>
';
section_subhead('Delete challenge: ' . $challenge['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will also delete all submissions, all hints and all files associated with challenge!');
form_button_submit('Delete challenge', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
section_subhead('New dynamic menu item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_dynamic_menu_item');
form_input_text('Title');
form_input_text('Permalink');
dynamic_visibility_select();
$pages = db_select_all('dynamic_pages', array('id', 'title'));
array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---'));
form_select($pages, 'Internal page', 'id', null, 'title');
user_class_select();
form_input_text('URL');
form_input_text('Priority');
form_hidden('action', 'new');
form_button_submit('Create');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
$rule = db_select_one('instances', array('*'), array('id' => $_SESSION['IID']));
head('Site management');
menu_management();
section_subhead('Edit Instance Settings');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_settings');
echo '<div class="form-group">
<label class="col-sm-2 control-label" for="rule">Registration Token</label>
<div class="col-sm-10">
<input id="rule" readonly name="rule" class="form-control" placeholder="Registration Token" value="', $rule['registrationToken'] != 0 ? $rule['registrationToken'] : 'Registration Tokens are not enabled.', '" type="text">
</div>
</div>';
form_hidden('action', 'edit');
echo $rule['registrationToken'] == 0 ? form_button_submit('Enable Registration Token') : form_button_submit('Disable Registration Token');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit instance');
$user_type = db_select_one('instances', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_instance');
form_input_text('Instance Name', $user_type['name'], array('disabled' => true));
form_input_text('Instance URI', $user_type['instanceURI'], array('disabled' => true));
form_end();
echo showConfirmDialogNoEditor('delete_instance', 'Warning! You are about to delete an instance. Do note that records will be stored as part of our archival policy. Contact the Director of the Defense Intelligence Agency for any query.');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_instance');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete instance', 'danger');
form_end();
foot();
