function validate_two_factor_auth_code($code)
{
    require_once CONFIG_PATH_THIRDPARTY . 'Google2FA/Google2FA.php';
    $valid = false;
    $secret = db_select_one('two_factor_auth', array('secret'), array('user_id' => $_SESSION['id']));
    try {
        $valid = Google2FA::verify_key($secret['secret'], $code);
    } catch (Exception $e) {
        message_error('Could not verify key.');
    }
    return $valid;
}
예제 #2
0
function db_count($tbl, $where = '')
{
    return db_select_one($tbl, 'COUNT(1)', $where);
}
예제 #3
0
<?php

require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$challenge = db_select_one('challenges', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit challenge: ' . $challenge['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge');
form_input_text('Title', $challenge['title']);
form_textarea('Description', $challenge['description']);
form_textarea('Flag', $challenge['flag']);
form_input_checkbox('Automark', $challenge['automark']);
form_input_checkbox('Case insensitive', $challenge['case_insensitive']);
form_input_text('Points', $challenge['points']);
form_input_text('Num attempts allowed', $challenge['num_attempts_allowed']);
form_input_text('Min seconds between submissions', $challenge['min_seconds_between_submissions']);
$opts = db_query_fetch_all('SELECT * FROM categories ORDER BY title');
form_select($opts, 'Category', 'id', $challenge['category'], 'title');
$opts = db_query_fetch_all('
    SELECT
       ch.id,
       ch.title,
       ca.title AS category
    FROM challenges AS ch
    LEFT JOIN categories AS ca ON ca.id = ch.category
    ORDER BY ca.title, ch.title');
array_unshift($opts, array('id' => 0, 'title' => '-- User must solve selected challenge before revealing this one --'));
form_select($opts, 'Relies on', 'id', $challenge['relies_on'], 'title', 'category');
form_input_checkbox('Exposed', $challenge['exposed']);
예제 #4
0
<?php

require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$category = db_select_one('categories', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_text('Title', $category['title']);
form_textarea('Description', $category['description']);
form_input_checkbox('Exposed', $category['exposed']);
form_input_text('Available from', date_time($category['available_from']));
form_input_text('Available until', date_time($category['available_until']));
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will delete all challenges under this category, as well as all submissions, files, and hints related those challenges!');
form_button_submit('Delete category', 'danger');
form_end();
foot();
예제 #5
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit user type');
$user_type = db_select_one('user_types', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_text('Title', $user_type['title']);
form_textarea('Description', $user_type['description']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete user type');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! Any users of this type will be without a type.
You must manually give them a type in the DB. If no types will exist after this action, you must set their type to 0.');
form_button_submit('Delete user type', 'danger');
form_end();
foot();
예제 #6
0
<?php

require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$user = db_select_one('users', array('team_name', 'email', 'enabled', 'competing', 'country_id'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit user: '******'team_name']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_text('Email', $user['email']);
form_input_text('Team name', $user['team_name']);
$opts = db_query_fetch_all('SELECT * FROM countries ORDER BY country_name ASC');
form_select($opts, 'Country', 'id', $user['country_id'], 'country_name');
form_input_checkbox('Enabled', $user['enabled']);
form_input_checkbox('Competing', $user['competing']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Reset password');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Reset confirmation');
form_hidden('action', 'reset_password');
form_hidden('id', $_GET['id']);
form_button_submit('Reset password', 'warning');
form_end();
section_subhead('Delete user');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
예제 #7
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('IP log');
menu_management();
// show a users IP log
if (isset($_GET['id']) && valid_id($_GET['id'])) {
    $user = db_select_one('users', array('team_name'), array('id' => $_GET['id']));
    section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false);
    user_ip_log($_GET['id']);
} else {
    if (isset($_GET['ip']) && valid_ip($_GET['ip'])) {
        section_head('Teams using IP ' . $_GET['ip']);
        echo '
    <table id="files" class="table table-striped table-hover">
      <thead>
        <tr>
          <th>Team name</th>
          <th>Hostname</th>
          <th>First used</th>
          <th>Last used</th>
          <th>Times used</th>
        </tr>
      </thead>
      <tbody>
    ';
        $entries = db_query_fetch_all('
        SELECT
           INET_NTOA(ipl.ip) AS ip,
           ipl.added,
예제 #8
0
파일: important.php 프로젝트: qhxh/todolist
<?php

/**
*	componet: job	
*	liet ke cac job cua user
*/
//kiem tra userlogin chua
session_start();
if (!isset($_SESSION["username"])) {
    header('Location:' . BASE_URL . 'index.php');
    exit;
}
//Liet ke tat cac cac cong viec cua user
//Ket noi co so du lieu
require_once LIB_PATH . '/database.php';
db_connect();
//dau tien lay id cua nguoi dung
$username = $_SESSION["username"];
$userIDQuery = "SELECT uid FROM user WHERE uaccount = '{$username}'";
$uid = db_select_one($userIDQuery);
//Liet ke cong viec
$job_query = "SELECT * FROM job WHERE juser = {$uid} and jprioty = 3";
$jobs = db_select($job_query);
//load template
$pageTitle = "qhxh.todo | manager your idea";
require PUBLIC_PATH . '/tjob.php';
예제 #9
0
<?php

require '../../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    validate_id($_POST['id']);
    validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
    if ($_POST['action'] == 'delete') {
        db_delete('submissions', array('id' => $_POST['id']));
        redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
    } else {
        if ($_POST['action'] == 'mark_incorrect') {
            db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id']));
            redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
        } else {
            if ($_POST['action'] == 'mark_correct') {
                $submission = db_select_one('submissions', array('user_id', 'challenge', 'correct'), array('id' => $_POST['id']));
                $num_correct_submissions = db_count_num('submissions', array('user_id' => $submission['user_id'], 'challenge' => $submission['challenge'], 'correct' => 1));
                if ($num_correct_submissions > 0) {
                    message_error('This user already has a correct submission for this challenge');
                }
                db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id']));
                redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
            }
        }
    }
}
예제 #10
0
 /**
  * isPeakTime()
  */
 public static function isPeakTime($f_iResource, $f_szDate, $f_szTime)
 {
     $iUtcStartTime = common::mktime($f_szDate);
     $iToday = (int) date('w', $iUtcStartTime);
     if ($iSpecialSet = db_select_one('special_opening_hours_sets', 'id', 'resource_id = ' . (int) $f_iResource . " AND ('" . $f_szDate . "' BETWEEN start_date AND end_date) ORDER BY id DESC")) {
         return 0 < db_count('resource_opening_hours t, peak_times_in_special_opening_hours_sets p', 't.id = p.resource_opening_hours_id AND p.special_opening_hours_set_id = ' . (int) $iSpecialSet . ' AND t.open_' . $iToday . " <= '" . $f_szTime . "' AND t.closed_" . $iToday . " > '" . $f_szTime . "' AND t.open_" . $iToday . ' != t.closed_' . $iToday);
     }
     return 0 < db_count('resource_opening_hours t, peak_hours_in_resources p', 't.id = p.resource_opening_hours_id AND p.resource_id = ' . (int) $f_iResource . ' AND t.open_' . $iToday . " <= '" . $f_szTime . "' AND t.closed_" . $iToday . " > '" . $f_szTime . "' AND t.open_" . $iToday . ' != t.closed_' . $iToday);
 }
예제 #11
0
<?php

require '../../include/mellivora.inc.php';
prefer_ssl();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if ($_POST['action'] == 'register') {
        if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
            validate_captcha();
        }
        validate_email($_POST['email']);
        $interest = db_select_one('interest', array('id'), array('email' => $_POST['email']));
        if ($interest['id']) {
            message_error('You have already registered your interest!');
        }
        $id = db_insert('interest', array('added' => time(), 'name' => $_POST['name'], 'email' => $_POST['email'], 'secret' => generate_random_string(40)));
        if ($id) {
            message_generic('Success', 'The email ' . htmlspecialchars($_POST['email']) . ' has been registered. We look forward to seeing you in our next competition!');
        } else {
            message_error('Could not register interest. You must not be interested enough!');
        }
    }
}
예제 #12
0
<?php

require '../include/mellivora.inc.php';
login_session_refresh();
if (!isset($_GET['show'])) {
    message_error(lang_get('please_request_page'));
}
$menu_data = db_select_one('dynamic_menu', array('internal_page'), array('permalink' => $_GET['show']));
if (!is_valid_id($menu_data['internal_page'])) {
    message_error(lang_get('not_a_valid_link'));
}
$content = db_select_one('dynamic_pages', array('id', 'title', 'body', 'visibility', 'min_user_class'), array('id' => $menu_data['internal_page']));
if ($content['visibility'] == 'private') {
    enforce_authentication($content['min_user_class']);
}
head($content['title']);
if (cache_start($content['id'], CONFIG_CACHE_TIME_DYNAMIC, CONST_CACHE_DYNAMIC_PAGES_GROUP)) {
    section_head($content['title']);
    require CONST_PATH_THIRDPARTY . 'nbbc/nbbc.php';
    $bbc = new BBCode();
    $bbc->SetEnableSmileys(false);
    echo $bbc->parse($content['body']);
    cache_end($content['id'], CONST_CACHE_DYNAMIC_PAGES_GROUP);
}
foot();
예제 #13
0
        echo '<tr class="bt">';
        echo '<td><a href=?id=' . $arrTopic['id'] . '>' . (trim($arrTopic['title']) ? htmlspecialchars($arrTopic['title']) : '---') . '</a></td>';
        echo '<td align="center"><b>' . $arrTopic['rulername'] . '</b><!-- of <b>' . $arrTopic['planetname'] . '</b>--></td>';
        echo '<td class="right">' . strtolower(date("d-M-Y \\a\\t H:i", $arrTopic['utc_time'])) . '</td>';
        echo '<th class="right">' . $arrTopic['num_replies'] . '</th>';
        if ((int) $g_arrUser['moc_planet_id'] === PLANET_ID) {
            echo '<td align=right><a href="?delete_id=' . $arrTopic['id'] . '">del</a></td>';
        }
        echo '</tr>';
    }
    echo '</table>';
}
echo "<br>\n<br>\n\n";
$disabled_ornot = '';
if (isset($_GET['id']) && !empty($t) && (int) $GAMEPREFS['galaxy_forum_wait_for_turn']) {
    if (PLANET_ID === (int) db_select_one('politics', 'creator_planet_id', 'galaxy_id = ' . (int) $g_arrUser['galaxy_id'] . ' AND (id = ' . (int) $_GET['id'] . ' OR parent_thread_id = ' . (int) $_GET['id'] . ') ORDER BY id DESC')) {
        $disabled_ornot = ' disabled="1"';
    }
}
?>
<form method="post" action="">
<table border="0" cellpadding="4" cellspacing="0" width="600" align="center">
<tr>
	<th class="bb"><?php 
echo !empty($t) ? 'REPLY' : 'NEW POST';
?>
</th>
</tr>
<?php 
echo !empty($t) ? '<input type="hidden" name="parent_thread_id" value="' . (int) $_GET['id'] . '" />' : '<tr class="bt"><td class="c">Title:</td></tr><tr><td class="c"><input' . $disabled_ornot . ' type="text" name="title" style="width:450px;" /></td></tr>';
?>
예제 #14
0
<?php

require '../../include/ctf.inc.php';
prefer_ssl();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if ($_POST['action'] == 'register') {
        if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
            validate_captcha();
        }
        validate_email($_POST['email']);
        $recruit = db_select_one('recruit', array('id'), array('email' => $_POST['email']));
        if ($recruit['id']) {
            message_generic('Thank you', 'Your email was already registered!');
        }
        $id = db_insert('recruit', array('added' => time(), 'user_id' => $_SESSION['id'], 'name' => $_POST['name'], 'email' => $_POST['email'], 'city' => $_POST['city'], 'country' => $_POST['country']));
        if ($id) {
            message_generic('Success', 'The email ' . htmlspecialchars($_POST['email']) . ' has been registered. Thanks!');
        } else {
            message_error('Could not register interest. You must not be interested enough!');
        }
    }
}
예제 #15
0
<?php

require '../../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
if ($_GET['action'] == 'view') {
    $instanceInformation = db_select_one('instances', array('id', 'instanceURI', 'name', 'authoratativeAccountID', 'registrationToken'), array('id' => $_GET['id']));
    $_SESSION['IID'] = $instanceInformation['id'];
    $_SESSION['IName'] = $instanceInformation['name'];
    $_SESSION['IAID'] = $instanceInformation['authoratativeAccountID'];
    redirect(CONFIG_SITE_ADMIN_RELPATH . 'index.php');
}
if ($_GET['action'] == 'reset') {
    $instanceInformation = db_select_one('instances', array('id', 'instanceURI', 'name', 'authoratativeAccountID', 'registrationToken'), array('id' => '0'));
    $_SESSION['IID'] = $instanceInformation['id'];
    $_SESSION['IName'] = $instanceInformation['name'];
    $_SESSION['IAID'] = $instanceInformation['authoratativeAccountID'];
    redirect(CONFIG_SITE_ADMIN_RELPATH . 'index.php');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    validate_id($_POST['id']);
    validate_xsrf_token($_POST['xsrf_token']);
    if ($_POST['action'] == 'delete') {
        db_delete('categories', array('instanceID' => $_POST['id']));
        db_delete('challenges', array('instanceID' => $_POST['id']));
        db_delete('news', array('instanceID' => $_POST['id']));
        db_delete('submissions', array('instanceID' => $_POST['id']));
        db_delete('purchases', array('instanceID' => $_POST['id']));
        db_delete('hints', array('instanceID' => $_POST['id']));
        db_delete('instances', array('id' => $_POST['id']));
        redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_instance.php');
예제 #16
0
         ', $challenge['description'], '
     </div> <!-- / challenge-description -->';
 }
 if ($_GET['BAlert'] == "1") {
     echo '<script>window.onload = function(){bootbox.alert("You do not enough points to perform that transaction.");}</script>';
 }
 // only show the hints and flag submission form if we're not already correct and if the challenge hasn't expired
 if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) {
     // write out hints
     if (cache_start('hints_challenge_' . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
         $hints = db_select_all('hints', array('*'), array('visible' => 1, 'challenge' => $challenge['id']));
         foreach ($hints as $hint) {
             if ($hint['value'] == 0) {
                 message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
             } else {
                 $hint1 = db_select_one('purchases', array('*'), array('hid' => $hint['id'], 'uid' => $_SESSION['id']));
                 if ($hint1['value'] > 0) {
                     message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
                 } else {
                     echo '<p><a href="actions/hints.php?action=purchase&id=' . $hint['id'] . '" class="btn btn-xs btn-info">Purchase hint</a><strong> [This hint is available for purchase at ' . $hint['value'] . ' points.]</strong></p>';
                 }
             }
         }
         cache_end('hints_challenge_' . $challenge['id']);
     }
     if ($remaining_submissions) {
         if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
             message_inline_blue('Your submission is awaiting manual marking.');
         }
         // write out files
         if (cache_start('files_' . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
예제 #17
0
function register_account($email, $password, $team_name, $country, $type = null, $phoneNo, $age, $eduI, $eduLevel, $fullName, $instanceID)
{
    if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
        message_error('Registration is currently closed.');
    }
    if (empty($email) || empty($password) || empty($team_name)) {
        message_error('Please fill in all the details correctly.');
    }
    if (isset($type) && !is_valid_id($type)) {
        message_error('That does not look like a valid team type.');
    }
    if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
        message_error('Your team name was too long or too short.');
    }
    validate_email($email);
    if (!allowed_email($email)) {
        message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.');
    }
    $num_countries = db_select_one('countries', array('COUNT(*) AS num'));
    if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
        message_error('Please select a valid country.');
    }
    $user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
    if ($user['id']) {
        message_error('An account with this team name or email already exists.');
    }
    $user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country, 'DOB' => $age, 'mobileNo' => $phoneNo, 'eduInstitution' => $eduI, 'eduLevel' => $eduLevel, 'fullName' => $fullName, 'instanceID' => $instanceID));
    // insertion was successful
    if ($user_id) {
        // log signup IP
        log_user_ip($user_id);
        // if account isn't enabled by default, display message and die
        if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
            message_generic('Signup successful', 'Thank you for registering!
            Your chosen email is: ' . htmlspecialchars($email) . '.
            Make sure to check your spam folder as emails from us may be placed into it.
            Please stay tuned for updates!');
        } else {
            return true;
        }
    }
    // no rows were inserted
    return false;
}
예제 #18
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication();
if ($_GET['action'] == "purchase") {
    $hint = db_select_one('hints', array('*'), array('id' => $_GET['id']));
    $scores = db_query_fetch_one('
            SELECT
               u.id AS user_id,
               u.team_name,
               u.instanceid,
               co.id AS country_id,
               co.country_name,
               co.country_code,
               SUM(c.points) AS score,
               MAX(s.added) AS tiebreaker
            FROM users AS u
            LEFT JOIN countries AS co ON co.id = u.country_id
            LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
            LEFT JOIN challenges AS c ON c.id = s.challenge
            WHERE u.id = \'' . $_SESSION["id"] . '\'
            GROUP BY u.id
            ORDER BY score DESC, tiebreaker ASC');
    $hintpurchase = db_query_fetch_one('SELECT SUM(value) as total FROM purchases WHERE uid =' . $_SESSION['id']);
    $userbal = $scores['score'] - $hintpurchase['score'];
    if ($hint['value'] <= $userbal) {
        $id = db_insert('purchases', array('type' => '1', 'value' => $hint['value'], 'uid' => $_SESSION["id"], 'hid' => $hint['id'], 'instanceID' => $_SESSION['IID']));
        redirect('challenges');
    } else {
        redirect('challenges?BAlert=1');
    }
예제 #19
0
require '../../include/ctf.inc.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // get auth data
    if (isset($_POST['auth_key']) && is_valid_id($_POST['id'])) {
        $auth = db_select_one('reset_password', array('id', 'user_id', 'auth_key'), array('auth_key' => $_POST['auth_key'], 'user_id' => $_POST['id']));
        if (!$auth['user_id']) {
            message_error('No reset data found');
        }
    }
    // stage 1, part 2
    if ($_POST['action'] == 'reset_password') {
        if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
            validate_captcha();
        }
        $user = db_select_one('users', array('id', 'team_name', 'email'), array('email' => $_POST[md5(CONFIG_SITE_NAME . 'EMAIL')]));
        if ($user['id']) {
            $auth_key = hash('sha256', generate_random_string(128));
            db_insert('reset_password', array('added' => time(), 'user_id' => $user['id'], 'ip' => get_ip(true), 'auth_key' => $auth_key));
            $email_subject = 'Password recovery for team ' . htmlspecialchars($user['team_name']);
            // body
            $email_body = htmlspecialchars($user['team_name']) . ', please follow the link below to reset your password:'******'reset_password?action=choose_password&auth_key=' . $auth_key . '&id=' . $user['id'] . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME;
            // send details to user
            send_email(array($user['email']), $email_subject, $email_body);
        }
        message_generic('Success', 'If the email you provided was found in the database, an email has now been sent to it with further instructions!');
    } else {
        if ($_POST['action'] == 'choose_password' && is_valid_id($auth['user_id'])) {
            $new_password = $_POST[md5(CONFIG_SITE_NAME . 'PWD')];
            if (empty($new_password)) {
                message_error('You can\'t have an empty password');
예제 #20
0
function db_count_num($table, array $where = null, $whereGlue = 'AND')
{
    $count = db_select_one($table, array('COUNT(*) AS num'), $where, false, $whereGlue, false);
    return $count['num'];
}
예제 #21
0
 if (empty($_POST['flag'])) {
     message_error('Did you really mean to submit an empty flag?');
 }
 $submissions = db_select_all('submissions', array('correct', 'added'), array('user_id' => $_SESSION['id'], 'challenge' => $_POST['challenge']));
 // make sure user isn't "accidentally" submitting a correct flag twice
 $latest_submission_attempt = 0;
 $num_attempts = 0;
 foreach ($submissions as $submission) {
     $latest_submission_attempt = max($submission['added'], $latest_submission_attempt);
     if ($submission['correct']) {
         message_error('You may only submit a correct flag once.');
     }
     $num_attempts++;
 }
 // get challenge information
 $challenge = db_select_one('challenges', array('flag', 'category', 'case_insensitive', 'automark', 'available_from', 'available_until', 'num_attempts_allowed', 'min_seconds_between_submissions'), array('id' => $_POST['challenge']));
 $seconds_since_submission = $time - $latest_submission_attempt;
 if ($seconds_since_submission < $challenge['min_seconds_between_submissions']) {
     message_generic('Sorry', 'You may not submit another solution for this challenge for another ' . seconds_to_pretty_time($challenge['min_seconds_between_submissions'] - $seconds_since_submission));
 }
 if ($challenge['num_attempts_allowed'] && $num_attempts >= $challenge['num_attempts_allowed']) {
     message_generic('Sorry', 'You\'ve already tried ' . $challenge['num_attempts_allowed'] . ' times. Sorry!');
 }
 if ($challenge['available_from'] && $time < $challenge['available_from']) {
     message_generic('Sorry', 'This challenge hasn\'t started yet.');
 }
 if ($challenge['available_until'] && $time > $challenge['available_until']) {
     message_generic('Sorry', 'This challenge has expired.');
 }
 $correct = false;
 // automark the submission
예제 #22
0
function register_account($email, $password, $team_name, $country, $type = null)
{
    if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
        message_error(lang_get('registration_closed'));
    }
    if (empty($email) || empty($password) || empty($team_name)) {
        message_error(lang_get('please_fill_details_correctly'));
    }
    if (isset($type) && !is_valid_id($type)) {
        message_error(lang_get('invalid_team_type'));
    }
    if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
        message_error('team_name_too_long_or_short');
    }
    validate_email($email);
    if (!allowed_email($email)) {
        message_error(lang_get('email_not_whitelisted'));
    }
    $num_countries = db_select_one('countries', array('COUNT(*) AS num'));
    if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
        message_error(lang_get('please_supply_country_code'));
    }
    $user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
    if ($user['id']) {
        message_error(lang_get('user_already_exists'));
    }
    $user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country));
    // insertion was successful
    if ($user_id) {
        // log signup IP
        log_user_ip($user_id);
        // signup email
        $email_subject = lang_get('signup_email_subject', array('site_name' => CONFIG_SITE_NAME));
        // body
        $email_body = lang_get('signup_email_success', array('team_name' => htmlspecialchars($team_name), 'site_name' => CONFIG_SITE_NAME, 'signup_email_availability' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? lang_get('signup_email_account_availability_message_login_now') : lang_get('signup_email_account_availability_message_login_later'), 'signup_email_password' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('your_password_is') . ': ' . $password : lang_get('your_password_was_set')));
        // send details to user
        send_email(array($email), $email_subject, $email_body);
        // if account isn't enabled by default, display message and die
        if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
            message_generic(lang_get('signup_successful'), lang_get('signup_successful_text', array('email' => htmlspecialchars($email))));
        } else {
            return true;
        }
    }
    // no rows were inserted
    return false;
}
예제 #23
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit dynamic menu item');
$menu_item = db_select_one('dynamic_menu', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_text('Title', $menu_item['title']);
form_input_text('Permalink', $menu_item['permalink']);
dynamic_visibility_select($menu_item['visibility']);
$pages = db_select_all('dynamic_pages', array('id', 'title'));
array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---'));
form_select($pages, 'Internal page', 'id', $menu_item['internal_page'], 'title');
user_class_select($menu_item['min_user_class']);
form_input_text('URL', $menu_item['url']);
form_input_text('Priority', $menu_item['priority']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete menu item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete menu item', 'danger');
form_end();
foot();
예제 #24
0
파일: addjob.php 프로젝트: qhxh/todolist
    }
    if (empty($_POST['job-end'])) {
        $addError['end'] = 'Job Start date must be filled';
        $addOk = FALSE;
    } else {
        $jobEnd = $_POST['job-end'];
    }
    //Lay du lieu tu select va radio
    $jobPrioty = $_POST['job-prioty'];
    $jobStatus = $_POST['job-status'];
    require_once LIB_PATH . '/database.php';
    db_connect();
    if ($addOk == TRUE) {
        //Lay id user
        $username = $_SESSION["username"];
        $uid = db_select_one("SELECT uid FROM user WHERE uaccount = '{$username}'");
        $listRecords = array('jtitle', 'jinfo', 'jstart', 'jend', 'jprioty', 'jstatus', 'juser');
        $listValues = array($jobTitle, $jobInfo, $jobStart, $jobEnd, $jobPrioty, $jobStatus, $uid);
        if (db_insert('job', $listRecords, $listValues)) {
            $addError['message'] = "Insert successfull";
        } else {
            $addError['message'] = 'insert fail';
        }
    }
    db_close();
}
//load template
$pageTitle = 'Add more job for life';
if (file_exists(PUBLIC_PATH . '/taddjob.php')) {
    include PUBLIC_PATH . '/taddjob.php';
} else {
예제 #25
0
<?php

require '../include/mellivora.inc.php';
login_session_refresh();
if (strlen(array_get($_GET, 'code')) != 2) {
    message_error(lang_get('please_supply_country_code'));
}
$country = db_select_one('countries', array('id', 'country_name', 'country_code'), array('country_code' => $_GET['code']));
if (!$country) {
    message_error(lang_get('please_supply_country_code'));
}
head($country['country_name']);
if (cache_start(CONST_CACHE_NAME_COUNTRY . $_GET['code'], CONFIG_CACHE_TIME_COUNTRIES)) {
    section_head(htmlspecialchars($country['country_name']) . country_flag_link($country['country_name'], $country['country_code'], true), '', false);
    $scores = db_query_fetch_all('
            SELECT
               u.id AS user_id,
               u.team_name,
               u.competing,
               co.id AS country_id,
               co.country_name,
               co.country_code,
               SUM(c.points) AS score,
               MAX(s.added) AS tiebreaker
            FROM users AS u
            LEFT JOIN countries AS co ON co.id = u.country_id
            LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
            LEFT JOIN challenges AS c ON c.id = s.challenge
            WHERE u.competing = 1 AND co.id = :country_id
            GROUP BY u.id
            ORDER BY score DESC, tiebreaker ASC', array('country_id' => $country['id']));
예제 #26
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$news = db_select_one('news', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit news item: ' . $news['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_text('Title', $news['title']);
form_textarea('Body', $news['body']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_bbcode_manual();
form_end();
section_subhead('Delete news item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete news item', 'danger');
form_end();
foot();
예제 #27
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
$rule = db_select_one('restrict_email', array('rule', 'enabled', 'white', 'priority'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit signup rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_text('Rule', $rule['rule']);
form_input_text('Priority', $rule['priority']);
form_input_checkbox('Whitelist', $rule['white']);
form_input_checkbox('Enabled', $rule['enabled']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete rule', 'danger');
form_end();
foot();
예제 #28
0
<?php

require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$page = db_select_one('dynamic_pages', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit dynamic page: ' . $page['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_page');
form_input_text('Title', $page['title']);
form_textarea('Body', $page['body']);
dynamic_visibility_select($page['visibility']);
user_class_select($page['min_user_class']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_bbcode_manual();
form_end();
section_subhead('Delete');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_page');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete', 'danger');
form_end();
foot();
예제 #29
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
$rule = db_select_one('instances', array('*'), array('id' => $_SESSION['IID']));
head('Site management');
menu_management();
section_subhead('Edit Instance Settings');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_settings');
echo '<div class="form-group">
      <label class="col-sm-2 control-label" for="rule">Registration Token</label>
      <div class="col-sm-10">
          <input id="rule" readonly name="rule" class="form-control" placeholder="Registration Token" value="', $rule['registrationToken'] != 0 ? $rule['registrationToken'] : 'Registration Tokens are not enabled.', '" type="text">
      </div>
    </div>';
form_hidden('action', 'edit');
echo $rule['registrationToken'] == 0 ? form_button_submit('Enable Registration Token') : form_button_submit('Disable Registration Token');
form_end();
foot();
예제 #30
0
<?php

require '../include/mellivora.inc.php';
$user = db_select_one('users', array('id', 'enabled'), array('download_key' => $_GET['team_key']));
if (!is_valid_id($user['id'])) {
    log_exception(new Exception('Invalid team key used for download'));
    message_error(lang_get('invalid_team_key'));
}
if (!$user['enabled']) {
    message_error(lang_get('user_not_enabled'));
}
$file = db_query_fetch_one('
    SELECT
      f.id,
      f.title,
      f.size,
      f.md5,
      c.available_from
    FROM files AS f
    LEFT JOIN challenges AS c ON c.id = f.challenge
    WHERE f.download_key = :download_key', array('download_key' => $_GET['file_key']));
if (!is_valid_id($file['id'])) {
    log_exception(new Exception('Invalid file key used for download'));
    message_error(lang_get('no_file_found'));
}
if (time() < $file['available_from'] && !user_is_staff()) {
    message_error(lang_get('file_not_available'));
}
download_file($file);