function create_team($name, $code)
{
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (isset($_SESSION['User'])) {
$team = load_user_data('team');
$role = load_user_data('role');
if (!empty($team) && $role != "admin") {
return 'You are already on a team! You can only create a team if you are not currently on one.';
}
} else {
return 'You are not logged in! You must be logged in to create a team.';
}
$ename = $conn->real_escape_string($name);
$ecode = $conn->real_escape_string($code);
$checkquery = "SELECT * FROM `teams` WHERE name='{$ename}' OR teamcode='{$ecode}'";
$checkres = $conn->query($checkquery);
if ($checkres) {
if ($checkres->fetch_assoc()) {
return 'Team with that name or team code already exists.';
}
}
$query = "INSERT INTO `teams` VALUES('{$ename}', '', 0, '{$ecode}', '')";
$conn->query($query);
if ($conn->error) {
return 'A database error occurred.';
}
$euser = $conn->real_escape_string($_SESSION['User']);
$joinquery = "UPDATE `users` SET team='{$ename}' WHERE name='{$euser}'";
$conn->query($joinquery);
if ($conn->error) {
return 'Created team, but could not join it.';
}
return 'OK';
}
<span class="title">
<?php
echo htmlentities(CTF_NAME);
?>
</span>
<ul id="nav">
<?php
if (!$logged_in) {
?>
<li onclick="Data.ShowDialog('Register')"><span class="text">Register</span></li>
<li onclick="Data.ShowDialog('Login')"><span class="text">Log In</span></li>
<?php
} else {
?>
<?php
if (load_user_data('role') === "admin") {
?>
<li onclick="location.assign('dashboard.php')"><span class="text">Dashboard</span></li>
<?php
}
?>
<li onclick="location.assign('account.php')"><span class="text">Account</span></li>
<li onclick="location.assign('challenges.php')"><span class="text">Challenges</span></li>
<li onclick="location.assign('index.php')"><span class="text">Home</span></li>
<li onclick="Data.SignOut()"><span class="text">Log Out</span></li>
<?php
}
?>
</ul>
</div>
<div id="main">
<li onclick="location.assign('dashboard.php')"><span class="text">Dashboard</span></li>
<?php
}
?>
<li onclick="location.assign('account.php')"><span class="text">Account</span></li>
<li onclick="location.assign('index.php')"><span class="text">Home</span></li>
<li onclick="location.assign('scoreboard.php')"><span class="text">Scoreboard</span></li>
<li onclick="Data.SignOut()"><span class="text">Log Out</span></li>
<?php
}
?>
</ul>
</div>
<div id="main" class="challenges">
<?php
if (load_user_data('team')) {
$all = load_challenges();
if (count($all) > 0) {
$lst = [];
foreach ($all as $chal) {
$lst[] = load_full_challenge($chal);
}
$dsp = [];
foreach ($lst as $item) {
$cat = $item['category'];
$dsp[$cat][] = ["points" => $item['points'], "id" => $item['challenge_id']];
}
foreach ($dsp as $cname => $category) {
echo "<div class=\"row\">";
echo "<div class=\"cname\">" . htmlentities($cname) . "</div>";
foreach ($category as $questiondata) {
<table>
<tbody>
<tr>
<td>Attribute:</td>
<td>
<select id="account_attribute" onchange="update_user_data()">
<option value="<?php
if ($is_logged) {
echo htmlentities($_SESSION['User']);
}
?>
" data-attr="name">Username</option>
<option value="<redacted>" data-attr="password">Password</option>
<option value="<?php
if ($is_logged) {
echo htmlentities(load_user_data('email'));
}
?>
" data-attr="email">E-Mail</option>
</select>
</td>
</tr>
<tr>
<td>Value:</td>
<td><input id="data_target" type="text" value="<?php
if ($is_logged) {
echo htmlentities($_SESSION['User']);
}
?>
" onchange="update_app_data()" /></td>
</tr>
unset($_SESSION['edit_id']);
$_SESSION['edit'] = '_no_';
user_goto('users.php?psi=last');
}
if (check_user_data($_SESSION['user_id'], $editid)) {
// Save data to db
$_SESSION['dedit'] = "_yes_";
user_goto('users.php?psi=last');
}
load_additional_data($_SESSION['user_id'], $editid);
} else {
// Get user id that comes for edit
if (isset($_GET['edit_id'])) {
$editid = $_GET['edit_id'];
}
load_user_data($_SESSION['user_id'], $editid);
$_SESSION['edit_id'] = $editid;
}
gen_editdomain_page($tpl);
// static page messages
gen_logged_from($tpl);
$tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP - Domain/Edit'), 'TR_EDIT_DOMAIN' => tr('Edit Domain'), 'TR_DOMAIN_PROPERTIES' => tr('Domain properties'), 'TR_DOMAIN_NAME' => tr('Domain name'), 'TR_DOMAIN_EXPIRE' => tr('Domain expire'), 'TR_DOMAIN_IP' => tr('Domain IP'), 'TR_PHP_SUPP' => tr('PHP support'), 'TR_PHP_EDIT' => tr('PHP editor'), 'TR_CGI_SUPP' => tr('CGI support'), 'TR_SSL_SUPP' => tr('SSL support'), 'TR_DNS_SUPP' => tr('Manual DNS support'), 'TR_SUBDOMAINS' => tr('Max subdomains<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_ALIAS' => tr('Max aliases<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_MAIL_ACCOUNT' => tr('Mail accounts limit<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_FTP_ACCOUNTS' => tr('FTP accounts limit<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_SQL_DB' => tr('SQL databases limit<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_SQL_USERS' => tr('SQL users limit<br /><em>(-1 disabled, 0 unlimited)</em>'), 'TR_TRAFFIC' => tr('Traffic limit [MB]<br /><em>(0 unlimited)</em>'), 'TR_DISK' => tr('Disk limit [MB]<br /><em>(0 unlimited)</em>'), 'TR_USER_NAME' => tr('Username'), 'TR_BACKUP' => tr('Backup'), 'TR_BACKUP_DOMAIN' => tr('Domain'), 'TR_BACKUP_SQL' => tr('SQL'), 'TR_BACKUP_FULL' => tr('Full'), 'TR_BACKUP_NO' => tr('No'), 'TR_BACKUP_COUNT' => tr('Count backups to disk usage'), 'TR_UPDATE_DATA' => tr('Submit changes'), 'TR_CANCEL' => tr('Cancel'), 'TR_YES' => tr('Yes'), 'TR_NO' => tr('No'), 'TR_EXPIRE_CHECKBOX' => tr('or check if domain should <strong>never</strong> expire'), 'TR_SU' => tr('Su'), 'TR_MO' => tr('Mo'), 'TR_TU' => tr('Tu'), 'TR_WE' => tr('We'), 'TR_TH' => tr('Th'), 'TR_FR' => tr('Fr'), 'TR_SA' => tr('Sa'), 'TR_JANUARY' => tr('January'), 'TR_FEBRUARY' => tr('February'), 'TR_MARCH' => tr('March'), 'TR_APRIL' => tr('April'), 'TR_MAY' => tr('May'), 'TR_JUNE' => tr('June'), 'TR_JULY' => tr('July'), 'TR_AUGUST' => tr('August'), 'TR_SEPTEMBER' => tr('September'), 'TR_OCTOBER' => tr('October'), 'TR_NOVEMBER' => tr('November'), 'TR_DECEMBER' => tr('December'), 'VL_DATE_FORMAT' => jQueryDatepickerDateFormat($cfg->DATE_FORMAT)));
gen_reseller_mainmenu($tpl, 'reseller/main_menu_users_manage.tpl');
gen_reseller_menu($tpl, 'reseller/menu_users_manage.tpl');
gen_page_message($tpl);
if ($cfg->DUMP_GUI_DEBUG) {
dump_gui_debug($tpl);
}
$tpl->display($template);
unset_messages();
// Begin function block
$pwd = $conn->real_escape_string(password_hash($value, PASSWORD_BCRYPT, ['cost' => 11]));
if (empty($pwd)) {
die("Error: Password cannot be empty.");
}
$cname = $conn->real_escape_string($_SESSION['User']);
$updatequery = "UPDATE `users` SET password='******' WHERE name='{$cname}'";
$conn->query($updatequery);
if ($conn->error) {
die("A database error occurred. Could not update data.");
}
echo "OK";
break;
}
break;
case 'force_update':
if (load_user_data('role') !== 'admin') {
die("Error: You don't have the authority to do this!");
//Only admins can change other users' details!
}
if (!(isset($_POST['datatype']) && isset($_POST['value']) && isset($_POST['target_user']))) {
die("Error: Insufficient data to edit user data!");
}
$type = $_POST['datatype'];
$value = $_POST['value'];
$target = $conn->real_escape_string($_POST['target_user']);
switch ($type) {
case 'delete':
$delquery = "DELETE FROM `users` WHERE name='{$target}'";
$conn->query($conn);
if ($conn->error) {
die("A database error has occurred.");
function modify($id, $q, $a, $cat, $points)
{
if (load_user_data('role') !== 'admin') {
die("You are not authorized to do this!");
}
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$eid = $conn->real_escape_string($id);
$checkquery = "SELECT * FROM `challenges` WHERE challenge_id={$eid}";
$res = $conn->query($checkquery);
if (!$res) {
create($q, $a, $conn);
return;
} else {
if (!$res->fetch_assoc()) {
create($q, $a, $cat, $points, $conn);
return;
}
}
$eq = $conn->real_escape_string($q);
$ea = $conn->real_escape_string($a);
$ec = $conn->real_escape_string($cat);
$ep = $conn->real_escape_string($points);
$updatequery = "UPDATE `challenges` SET qtext='{$eq}', answer='{$ea}', category='{$ec}', points={$ep} WHERE challenge_id={$eid}";
$conn->query($updatequery);
if ($conn->error) {
die("A database error occurred.");
}
echo "OK";
}