function dldc_update_profile(DLDC_User $user, $password) { $data = array('email' => trim(Common::getPostString('email')), 'firstname' => trim(Common::getPostString('firstname')), 'lastname' => trim(Common::getPostString('lastname'))); if (!empty($password)) { if (!DLDC_User::login(dldc_username(), Common::getPostString('password_old'))) { return dldc_error('You have to supply your current password to change it.'); } if ($password !== Common::getPostString('password_retype')) { return dldc_error('You have to retype your new password correctly.'); } $data['password'] = DLDC_User::hashPassword($password); dldc_message('Your password has been changed!'); } $user->saveVars($data); dldc_message('Information has been saved.'); }
function dldc_login($username, $password) { if ($user = DLDC_User::login($username, $password)) { $_SESSION['DLDC_USER'] = $user; $_SESSION['DLDC_IS_ADMIN'] = dldc_is_admin(); return true; } else { return false; } }
function dldc_reqister($username, $password, $email, $firstname, $lastname) { if (!dldc_is_valid_username($username)) { dldc_error('Invalid username. Start with a letter and then add 2-23 digits, letters or underscores.'); } elseif (!dldc_is_valid_password($password)) { dldc_error('Your password is not secure enough for this service.'); } elseif ($password !== Common::getPostString('password_retype')) { dldc_error('You have to confirm your password by retyping it.'); } elseif (empty($email)) { dldc_error('Please fill in an email address.'); } else { dldc_cleanup(); # DELETE YOUR OLD "PLAYER"! if (!DLDC_User::create($username, $password, $email, $firstname, $lastname)) { dldc_error('An error occured!'); } else { dldc_message('You have been successfully registered!'); } } }
$secret_user = (require 'secrets.php'); chdir("../../../"); require_once "challenge/html_head.php"; $title = 'Disclosures'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } ### Create challenge table and stuff require 'www/user.php'; require 'www/db.php'; $users = array('aaaaaron' => array('Aaronson', 'Aaron A.', '*****@*****.**', 'Sonnenblume2014'), 'administrator' => $secret_user, 'dloser' => array('Winner', 'BigRichardDick', '*****@*****.**', 'pwnedgizagain'), 'benja' => array('Barneby-Smith', 'Benjamin', '*****@*****.**', 'Wizard1234'), 'casi' => array('Casi', 'Casi', '*****@*****.**', 'casiisaccasiisac'), 'jannn' => array('L', 'Jan', '*****@*****.**', 'essenlol123'), 'ulla' => array('Kalele', 'Ulla', '*****@*****.**', 'Hannover!!'), 'test' => array('test', 'test', '*****@*****.**', '11111111'), 'admin' => array('test', 'test', '*****@*****.**', '11111111'), 'desiree' => array('Reelity', 'Daisy', '*****@*****.**', '.SOLAME.'), 'strider' => array('', '', '*****@*****.**', 'hahackah'), 'wildgoat' => array('', '', '*****@*****.**', 'iliketrains'), 'synergy' => array('', '', '*****@*****.**', 'syn.synack.ack'), 'fastfloats' => array('', '', '*****@*****.**', 'GMPDEV111'), 'teeest' => array('', '', '*****@*****.**', 'test'), 'lostchall' => array('', '', '*****@*****.**', 'PassWordPass!"§'), 'Weezer' => array('', '', '*****@*****.**', 'Weeeeeeeee'), 'olga' => array('Olga', 'Olga', '*****@*****.**', 'Pass123')); $i = 0; GDO::table('DLDC_User')->createTable(true); foreach ($users as $username => $data) { list($lastname, $firstname, $email, $password) = $data; $user = DLDC_User::instance($username, $password, $email, $firstname, $lastname); $minscore = $username === 'dloser' ? 90 : 0; $user->setVar('wechall_userid', --$i); $user->setVar('level', rand($minscore, 100)); $user->insert(); } ### WC continues GDO::setCurrentDB($db1); $score = 5; $url = "challenge/dloser/disclosures/index.php"; $creators = "gizmore,dloser"; $tags = 'Exploit'; WC_Challenge::installChallenge($title, DLDC_SOLUTION, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_S); require_once "challenge/html_foot.php";