echo '
<table id="hints" class="table table-striped table-hover">
<thead>
<tr>
<th>Message</th>
<th>Added</th>
<th>User</th>
<th>IP</th>
<th>Trace</th>
<th>User agent</th>
</tr>
</thead>
<tbody>
';
$from = get_pager_from($_GET);
$num_exceptions = db_count_num('exceptions');
$results_per_page = 30;
pager(CONFIG_SITE_ADMIN_URL . 'list_exceptions/', $num_exceptions, $results_per_page, $from);
$exceptions = db_query_fetch_all('
SELECT
e.id,
e.message,
e.added,
e.added_by,
e.trace,
INET_NTOA(e.user_ip) AS user_ip,
e.user_agent,
u.team_name
FROM exceptions AS e
LEFT JOIN users AS u ON u.id = e.added_by
ORDER BY e.id DESC
<th>Class</th>
<th>Enabled</th>
<th>Num IPs</th>
<th>Manage</th>
</tr>
</thead>
<tbody>
';
$values = array();
$search_for = array_get($_GET, 'search_for');
if ($search_for) {
$values['search_for_team_name'] = '%' . $search_for . '%';
$values['search_for_email'] = '%' . $search_for . '%';
}
$from = get_pager_from($_GET);
$num_users = db_count_num('users');
$results_per_page = 100;
$users = db_query_fetch_all('
SELECT
u.id,
u.email,
u.team_name,
u.added,
u.class,
u.enabled,
co.country_name,
co.country_code,
COUNT(ipl.id) AS num_ips
FROM users AS u
LEFT JOIN ip_log AS ipl ON ipl.user_id = u.id
LEFT JOIN countries AS co ON co.id = u.country_id
function challenges($categories)
{
$now = time();
$num_participating_users = get_num_participating_users();
foreach ($categories as $category) {
echo '
<table class="team-table table table-striped table-hover">
<thead>
<tr>
<th>', htmlspecialchars($category['title']), '</th>
<th class="center">', lang_get('points'), '</th>
<th class="center"><span class="has-tooltip" data-toggle="tooltip" data-placement="top" title="% of actively participating users">', lang_get('percentage_solvers'), '</span></th>
<th>', lang_get('first_solvers'), '</th>
</tr>
</thead>
<tbody>
';
$challenges = db_query_fetch_all('
SELECT
id,
title,
points,
available_from
FROM challenges
WHERE
available_from < ' . $now . ' AND
category = :category AND
exposed = 1
ORDER BY points ASC', array('category' => $category['id']));
foreach ($challenges as $challenge) {
$num_solvers = db_count_num('submissions', array('correct' => 1, 'challenge' => $challenge['id']));
echo '
<tr>
<td>
<a href="challenge?id=', htmlspecialchars($challenge['id']), '">', htmlspecialchars($challenge['title']), '</a>
</td>
<td class="center">
', number_format($challenge['points']), '
</td>
<td class="center">
', number_format($num_solvers / $num_participating_users * 100), '%
</td>
<td class="team-name">';
$users = db_query_fetch_all('
SELECT
u.id,
u.team_name
FROM users AS u
JOIN submissions AS s ON s.user_id = u.id
WHERE
u.competing = 1 AND
s.correct = 1 AND
s.challenge = :challenge
ORDER BY s.added ASC
LIMIT 3', array('challenge' => $challenge['id']));
if (count($users)) {
$pos = 1;
foreach ($users as $user) {
echo get_position_medal($pos++), '<a href="user?id=', htmlspecialchars($user['id']), '">', htmlspecialchars($user['team_name']), '</a><br />';
}
} else {
echo '<i>', lang_get('unsolved'), '</i>';
}
echo '
</td>
</tr>';
}
echo '
</tbody>
</table>';
}
}
<?php
require '../../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_id($_POST['id']);
validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
if ($_POST['action'] == 'delete') {
db_delete('submissions', array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_incorrect') {
db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_correct') {
$submission = db_select_one('submissions', array('user_id', 'challenge', 'correct'), array('id' => $_POST['id']));
$num_correct_submissions = db_count_num('submissions', array('user_id' => $submission['user_id'], 'challenge' => $submission['challenge'], 'correct' => 1));
if ($num_correct_submissions > 0) {
message_error('This user already has a correct submission for this challenge');
}
db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
}
}
}
}
<thead>
<tr>
<th>Message</th>
<th>Added</th>
<th>User</th>
<th>IP</th>
</tr>
</thead>
<tbody>
';
$where = array();
if (is_valid_id(array_get($_GET, 'user_id'))) {
$where['added_by'] = $_GET['user_id'];
}
$from = get_pager_from($_GET);
$num_exceptions = db_count_num('exceptions', $where);
pager(CONFIG_SITE_ADMIN_URL . 'list_exceptions', $num_exceptions, CONST_NUM_EXCEPTIONS_PER_PAGE, $from);
$query = 'SELECT
e.id,
e.message,
e.added,
e.added_by,
e.trace,
INET_NTOA(e.user_ip) AS user_ip,
u.team_name
FROM exceptions AS e
LEFT JOIN users AS u ON u.id = e.added_by
';
if (!empty($where)) {
$query .= 'WHERE ' . implode('=? AND ', array_keys($where)) . '=? ';
}
</thead>
<tbody>
';
$values = array();
$search_for = array_get($_GET, 'search_for');
if ($search_for) {
$values['search_for_team_name'] = '%' . $search_for . '%';
$values['search_for_email'] = '%' . $search_for . '%';
$res = db_query('
SELECT COUNT(*) AS num
FROM users AS u
WHERE u.team_name LIKE :search_for_team_name OR u.email LIKE :search_for_email
', $values, false);
$total_results = $res['num'];
} else {
$total_results = db_count_num('users');
}
$from = get_pager_from($_GET);
$results_per_page = 100;
$users = db_query_fetch_all('
SELECT
u.id,
u.email,
u.team_name,
u.added,
u.class,
u.enabled,
co.country_name,
co.country_code,
COUNT(ipl.id) AS num_ips
FROM users AS u
