<?php require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); $location = $_SERVER['SERVER_NAME'] . WEBROOT; $first = "<script language=JavaScript>function Try(password) { if (password ==\""; $last = <<<EOT ") {alert("This one was easy, you will receive a point ;)"); window.location = "https://{$location}/check.php?t={$token}"; return false;}else {alert("To bad, please try again.");return false;}} // --> </script> EOT; ?> <Script Language='Javascript'> <!-- document.write(unescape('%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%4a%61%76%61%53%63%72%69%70%74%3e%0d%0a%76%61%72%20%6d%65%73%73%61%67%65%3d%22%57%65%20%64%6f%20%74%72%79%20%74%6f%20%6d%61%6b%65%20%69%74%20%68%61%72%64%65%72%2e%20%3a%29%21%22%3b%66%75%6e%63%74%69%6f%6e%20%63%6c%69%63%6b%49%45%34%28%29%7b%69%66%20%28%65%76%65%6e%74%2e%62%75%74%74%6f%6e%3d%3d%32%29%7b%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%3b%7d%7d%66%75%6e%63%74%69%6f%6e%20%63%6c%69%63%6b%4e%53%34%28%65%29%7b%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%6c%61%79%65%72%73%7c%7c%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%26%26%21%64%6f%63%75%6d%65%6e%74%2e%61%6c%6c%29%7b%69%66%20%28%65%2e%77%68%69%63%68%3d%3d%32%7c%7c%65%2e%77%68%69%63%68%3d%3d%33%29%7b%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%3b%7d%7d%7d%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%6c%61%79%65%72%73%29%7b%64%6f%63%75%6d%65%6e%74%2e%63%61%70%74%75%72%65%45%76%65%6e%74%73%28%45%76%65%6e%74%2e%4d%4f%55%53%45%44%4f%57%4e%29%3b%64%6f%63%75%6d%65%6e%74%2e%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%63%6c%69%63%6b%4e%53%34%3b%7d%65%6c%73%65%20%69%66%20%28%64%6f%63%75%6d%65%6e%74%2e%61%6c%6c%26%26%21%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%29%7b%64%6f%63%75%6d%65%6e%74%2e%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%63%6c%69%63%6b%49%45%34%3b%7d%64%6f%63%75%6d%65%6e%74%2e%6f%6e%63%6f%6e%74%65%78%74%6d%65%6e%75%3d%6e%65%77%20%46%75%6e%63%74%69%6f%6e%28%22%61%6c%65%72%74%28%6d%65%73%73%61%67%65%29%3b%72%65%74%75%72%6e%20%66%61%6c%73%65%22%29%0d%0a%2f%2f%20%2d%2d%3e%0d%0a%3c%2f%73%63%72%69%70%74%3e')); //--> </Script> <Script Language='Javascript'> <!-- document.write(unescape("<?php echo util::ascii2hex($first . $pwd . "" . $last); ?> "));
$array['title'] = "CTF Login"; if (isset($_SESSION[Challenge::PLAYER])) { $array['ranking'] = $challenge->getRank(); $array['login'] = '******'; } else { $array['ranking'] = "You have to login to have a rank"; $array['login'] = '******'; } echo CTF::header($array); echo '<div id="challengecontainer"><div id="challengeframe">'; $output = ""; $db = new MySQL(HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_SESSION['player'])) { if (isset($_GET['t'])) { $t = util::getGet('t'); $token = $challenge->getToken(); echo "t={$t};token={$token}"; if (true === ($t == $token)) { $challenge->mark(); util::forward(WEBROOT . "/index.php"); } } else { if (isset($_POST['action'])) { $token = util::getPost('token'); $validtoken = $challenge->getToken(); if ($validToken === $token || in_array($token, $otherTokens)) { $output = "valid token"; // token is valid //$row = $result->fetch(); $user = util::getSession('player'); $sql = "INSERT INTO scoreboard SELECT id,'{$token}',now()+0 FROM players WHERE name='{$user}'";