function authenticate()
{
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$captcha = trim($_POST["captcha"]);
if ($username == '' || $password == '' || $captcha == '') {
set_login_error("Any emtpy field is not allowed");
} else {
include_once "/var/www/includes/captch_code.php";
if (check_code($captcha)) {
$cr = new crypto();
$password = $cr->one_way_crypt($password);
$u = new user();
if ($u->validate_user($username, $password)) {
$session = new user_session();
setcookie('app_session_id', $session->create_session_id($u->get_uid(), $u->get_uname(), $u->get_email()));
session_register($username);
header("Location: /challenges.php");
} else {
set_login_error("Authentication Failed");
}
} else {
set_login_error("Invalid Captcha");
}
}
}
?>
<h1> <font color="green"> <?php
echo $qObj->get_qtag();
?>
</font> </h1>
<p> <?php
echo $qObj->get_qname();
?>
</p>
<p style="font-size: 70%; color: red">Hint: <?php
echo $qObj->get_hint();
?>
</p>
<?php
$u = new user_session();
if (!$u->get_user_session()) {
header('Location: /index.php');
} else {
include_once "includes/game.php";
$g = new game();
if (!$g->solved_already($u->get_uid(), $qid)) {
?>
<form id="challenge" action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<div class="form_settings">
<p><font color="red"><?php
echo $err_msg;
?>
include_once "includes/auth.php";
?>
<header>
<div id="logo">
<div id="logo_text">
<!-- class="logo_colour", allows you to change the colour of the text -->
<h1><a href="index.php">HackWeek<span class="logo_colour">#hackTheFlag</span></a></h1>
<h2>Hack like ninja, play for proud, fun and profit!</h2>
</div>
</div>
<nav>
<?php
if (isset($_COOKIE['app_session_id'])) {
$session = new user_session();
if ($session->decode_session($_COOKIE['app_session_id'])) {
?>
<div id="menu_container">
<ul class="sf-menu" id="nav">
<li><a href="index.php">Home</a></li>
<li><a href="/scoreboard.php">ScoreBoard</a></li>
<li><a href="/chpwd.php">Change Password</a></li>
<?php
if ($session->get_uname() == 'krishs') {
?>
<li><a href="#">Moderator</a>
<ul>
<li><a href="/controlpanel.php?view=list_users">View Users</a></li>
<li><a href="#">Puzzles</a>
include "header.inc";
?>
<div id="site_content">
<?php
if (isset($_COOKIE['app_session_id']) && $_COOKIE["app_session_id"] != "") {
include "sidebar_menu.inc";
} else {
include "common_sidebar.php";
}
$user_id = 0;
$user_name = "";
if (isset($_COOKIE['app_session_id']) && $_COOKIE['app_session_id'] != '') {
include_once "/var/www/includes/session.php";
$s = new user_session();
if ($s->decode_session($_COOKIE['app_session_id'])) {
$user_name = $s->get_uname();
$user_id = $s->get_uid();
}
}
include_once "/var/www/includes/game.php";
?>
<div class="content">
<h3><font color="red">Scoreboard has been modified to remove discrepancies due to flag sharing</font></h3>
<?php
if ($user_id != 0) {
$my_g = new game();
$my_result = $my_g->get_my_scoreboard($user_id);
if (count($my_result) != 0) {
?>
$con_pwd = $_POST['confirm_password'];
if ($old_pwd === "" || $new_pwd === '' || $con_pwd === '') {
$msg = "None of the field should be empty";
} else {
if ($new_pwd != $con_pwd) {
$msg = "New and confirm password are mismatch";
} elseif (isset($_COOKIE['app_session_id']) && $_COOKIE['app_session_id'] != '') {
try {
include_once "/var/www/includes/user.php";
include_once "/var/www/includes/session.php";
include_once "/var/www/includes/crypt.php";
$cr = new crypto();
$password = $cr->one_way_crypt($new_pwd);
$old_pwd = $cr->one_way_crypt($old_pwd);
$cookie_token = $_COOKIE['app_session_id'];
$s = new user_session();
if ($s->decode_session($cookie_token)) {
$u = new user();
if (!$u->update_password($s->get_uid(), $old_pwd, $password)) {
throw new Exception("Password Mismacth: Try Again");
}
$msg = "Password Updated Successfully";
} else {
$msg = "Session Expired";
}
} catch (Exception $e) {
$msg = $e->getMesage();
}
} else {
$msg = "Session Expired";
}
