public function execute() { if (false === ($user = GWF_User::getByName(Common::getGetString('username')))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if (false !== ($error = $this->module->isExcludedFromAPI($user, false))) { return $error; } $this->module->includeClass('WC_RegAt'); $format = Common::getGetString('format', self::FORMAT); $bg = Common::getGetString('bg', self::BGCOLOR); $fg = Common::getGetString('fg', self::FGCOLOR); $size = Common::clamp(Common::getGetInt('s', self::SIZE), 6, 30); $spacingx = Common::clamp(Common::getGetInt('sx', 1), 0, 30); $spacingy = Common::clamp(Common::getGetInt('sy', 1), 0, 30); $marginx = Common::clamp(Common::getGetInt('mx', 1), 0, 30); $marginy = Common::clamp(Common::getGetInt('my', 1), 0, 30); $divider = Common::getGetString('div', ' '); $font = Common::getGetString('font', self::FONT); $_GET['font'] = $font; if (!preg_match('/^[a-z_0-9]+$/iD', $font) || !Common::isFile(GWF_EXTRA_PATH . 'font/' . $font . '.ttf')) { return "Font not found. Available fonts: " . $this->listFonts(); } die($this->displayBanner($user, $format, $bg, $fg, $size, $spacingx, $spacingy, $marginx, $marginy, $divider)); }
public function execute() { if (false === ($user = GWF_User::getByName(Common::getGet('username')))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } return $this->templateHistory($user); }
private function templateSingleU($username) { if (false === ($user = GWF_User::getByName($username))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } return $this->templateSingle($user->getCountryID(), $user); }
private function onRequest() { $form = $this->getForm(); if (false !== ($errors = $form->validate($this->module))) { return $errors . $this->form(); } $email = Common::getPost('email', ''); $user1 = GWF_User::getByName(Common::getPost('username')); $user2 = GWF_Validator::isValidEmail($email) ? GWF_User::getByEmail($email) : false; # nothing found if ($user1 === false && $user2 === false) { return $this->module->error('err_not_found') . $this->form(); } # Two different users if ($user1 !== false && $user2 !== false && $user1->getID() !== $user2->getID()) { return $this->module->error('err_not_same_user') . $this->form(); } # pick the user and send him mail if ($user1 !== false && $user2 !== false) { $user = $user1; } elseif ($user1 !== false) { $user = $user1; } elseif ($user2 !== false) { $user = $user2; } return $this->sendMail($user); }
private function templateRankingU($username) { if (false === ($user = GWF_User::getByName($username))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } return $this->templateRanking($user); }
public function validate_username(Module_WeChall $m, $arg) { if (false === ($this->user = GWF_User::getByName($arg))) { return GWF_HTML::lang('ERR_UNKNOWN_USER'); } return false; }
public function validate_username(Module_Ban $m, $arg) { if (false === ($this->user = GWF_User::getByName($arg))) { $_POST['username'] = ''; return GWF_HTML::lang('ERR_UNKNOWN_USER'); } return false; }
private function onCrossLogin($username) { if (false === ($user = GWF_User::getByName($username))) { if (false === ($user = $this->onCrossRegister($username))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } } return $this->onCrossLoginB($user); }
private function outputLink($username, $email) { if (false === ($user = GWF_User::getByName($username))) { die('0'); } if ($user->getValidMail() !== $email) { die('0'); } die('1'); }
public function validate_user_name(Module_Profile $m, $arg) { if (!($this->user_to_add = GWF_User::getByName($arg))) { return GWF_HTML::lang('ERR_UNKNOWN_USER'); } if ($this->user_to_add->getID() == GWF_Session::getUserID()) { return $m->lang('err_self_whitelist'); } return false; }
function warscore_function($socket, $pid) { # Init GWF $gwf = new GWF3(getcwd(), array('website_init' => false, 'autoload_modules' => false, 'load_module' => false, 'start_debug' => true, 'get_user' => false, 'log_request' => false, 'no_session' => true, 'store_last_url' => false, 'ignore_user_abort' => false)); gdo_db(); GWF_Debug::setDieOnError(false); GWF_HTML::init(); if (false === ($wechall = GWF_Module::loadModuleDB('WeChall', true, true, true))) { warscore_error($socket, 'Cannot load WeChall!'); } $wechall->includeClass('WC_Warbox'); $wechall->includeClass('WC_WarToken'); $wechall->includeClass('WC_Warflag'); $wechall->includeClass('WC_Warflags'); $wechall->includeClass('sites/warbox/WCSite_WARBOX'); if (false === ($input = socket_read($socket, 2048))) { warscore_error($socket, 'Read Error 1!'); } warscore_debug("GOT INPUT: {$input}"); if (false === ($username = Common::substrUntil($input, "\n", false))) { warscore_error($socket, 'No username sent!'); } if (false === ($user = GWF_User::getByName($username))) { warscore_error($socket, 'Unknown user!'); } warscore_debug("GOT USER: {$username}"); if ('' === ($token = Common::substrFrom($input, "\n", ''))) { warscore_error($socket, 'No token sent!'); } $token = trim(Common::substrUntil($token, "\n", $token)); if (!WC_WarToken::isValidWarToken($user, $token)) { warscore_error($socket, 'Invalid Token!'); } if (!socket_getpeername($socket, $client_ip, $client_port)) { warscore_error($socket, 'Socket Error 2!'); } echo "{$client_ip}\n"; $boxes = WC_Warbox::getByIP($client_ip); if (count($boxes) === 0) { warscore_error($socket, 'Unknown Warbox!'); } warscore_debug("GOT N BOXES: " . count($boxes)); $curr_port = 0; foreach ($boxes as $box) { $box instanceof WC_Warbox; if ($curr_port !== $box->getVar('wb_port')) { $curr_port = $box->getVar('wb_port'); warscore_identd($socket, $box, $user, $client_ip, $client_port); } } socket_write($socket, 'Bailing out! You should not see me.'); socket_close($socket); die(0); }
public function onLoginAs() { $form = $this->getForm(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templateLoginAs(); } if (false === ($user = GWF_User::getByName($form->getVar('username')))) { return GWF_HTML::lang('ERR_UNKNOWN_USER'); } GWF_Session::onLogin($user); return $this->module->message('msg_login_as', array($user->displayUsername())); }
public function execute() { if (false === ($user = GWF_User::getByName(Common::getGet('username')))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if ('' === ($email = $user->getValidMail()) || !$user->isOptionEnabled(GWF_User::ALLOW_EMAIL)) { return $this->module->error('err_no_mail'); } if (false !== Common::getPost('send')) { return $this->send($user); } return $this->template($user); }
public function validate_username(Module_Admin $module, $arg) { $_POST['username'] = $arg = trim($arg); if ($this->user->getVar('user_name') === $arg) { return false; } if (GWF_User::getByName($arg) !== false) { return $this->module->lang('err_username_taken'); } if (!GWF_Validator::isValidUsername($arg)) { return $this->module->lang('err_username'); } return false; }
public function execute() { if (false === ($user = GWF_User::getByName(Common::getGet('username')))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if ($user->isDeleted()) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } $uname = $user->displayUsername(); GWF_Website::setPageTitle($this->module->lang('pt_profile', array($uname, $uname))); GWF_Website::setMetaTags($this->module->lang('mt_profile', array($uname, $uname))); GWF_Website::setMetaDescr($this->module->lang('md_profile', array($uname, $uname))); return $this->profile($user); }
public function execute() { $_GET['ajax'] = 1; GWF_Website::plaintext(); if (false === Common::getGet('no_session')) { die('The mandatory parameter \'no_session\' is not set. Try \'&no_session=1\'.'); } if (false === ($username = Common::getGet('username'))) { die('The mandatory parameter \'username\' is not set. Try \'&username=nickname\'.'); } if (false === ($user = GWF_User::getByName($username))) { die(GWF_HTML::lang('ERR_UNKNOWN_USER')); } die($this->showUser($user, Common::getGet('apikey'))); }
private function sanitize() { if (false === Common::getGet('no_session')) { return 'The mandatory parameter \'no_session\' is not set. Try \'&no_session=1\'.'; } # Validate Date if (false !== ($date = Common::getGet('datestamp'))) { if (GWF_Time::isValidDate($date, false, GWF_Date::LEN_SECOND)) { $this->time = GWF_Time::getTimestamp($date); } } # Validate username if (false !== ($username = Common::getGet('username'))) { if (false === ($this->user = GWF_User::getByName($username))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if (false !== ($error = $this->module->isExcludedFromAPI($this->user, Common::getGet('password')))) { return $error; } } # Validate sitename if (false !== ($sitename = Common::getGet('sitename'))) { if (false === ($this->site = WC_Site::getByName($sitename)) && false === ($this->site = WC_Site::getByClassName($sitename))) { return $this->module->error('err_site'); } } # Validate Limit if (in_array(Common::getGet('masterkey'), self::$masterKeys)) { $max_limit = PHP_INT_MAX; } elseif ($this->user === false && $this->site === false) { $max_limit = self::MAX_LIMIT_ALL; } else { $max_limit = self::MAX_LIMIT_SINGLE; } $this->limit = Common::clamp(Common::getGet('limit', self::DEFAULT_LIMIT), 1, $max_limit); // if (!isset($no_block)) // { // require_once 'core/module/WeChall/WC_API_Block.php'; // if (WC_API_Block::isBlocked()) // { // return $this->module->error('err_api_block'); // } // } return false; }
private static function install_spider($botname, $ips) { GWF_Numeric::setInputCharset('0123456789abcdef'); GWF_Numeric::setOutputCharset('0123456789'); $botname = '[' . $botname . ']'; if (false === ($user = GWF_User::getByName($botname))) { if (false === ($user = self::insert_bot($botname))) { return false; } } $uid = $user->getID(); $count = count($ips); echo "Installing Bot {$botname} (UID:{$uid}) with {$count} IPs...<br/>"; $ranged = array(); foreach ($ips as $i => $ip) { if (self::is_ip_range($ip)) { $ranged[] = self::get_ip_range($ip); unset($ips[$i]); } else { $ip6 = GWF_IP6::getIP(GWF_IP6::HEX_128, $ip); // var_dump($ip6); $ips[$i] = GWF_Numeric::baseConvert($ip6, 16, 10); } } // var_dump($ranged); echo '<br/>'; $ranged = self::merge_ranges($ranged); // var_dump($ranged); echo '<br/>'; sort($ips); foreach ($ips as $ip) { self::merge_into_ranges($ranged, $ip); } $ranged = self::merge_ranges($ranged); echo "Total Ranges: " . count($ranged) . ".<br/>"; GWF_Numeric::setInputCharset('0123456789'); GWF_Numeric::setOutputCharset('0123456789abcdef'); foreach ($ranged as $range) { list($min, $max) = $range; // echo "Insert range $min-$max<br/>"; if (false === GWF_Webspider::insertSpider($uid, self::convertToHex($min), self::convertToHex($max))) { echo GWF_HTML::err('ERR_DATABASE', __FILE__, __LINE__); } } // var_dump($ranged); }
$password = Common::getPostString('injection'); $success = blightVuln($password); $attemp = blightAttemp() + 1; if ($success) { echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('msg_logged_in', array($attemp))); } else { echo GWF_HTML::error(GWF_PAGE_TITLE, $chall->lang('err_login', array($attemp))); } blightSetAttempt($attemp); } $url1 = 'index.php?show=source'; $url2 = 'index.php?highlight=christmas'; $url3 = 'index.php?reset=me'; $egg = 'On the run to the great gig.'; $egg = '<span style="color: #eee;">' . $egg . '</span>'; if (false !== ($dloser = GWF_User::getByName('dloser'))) { $dloser = $dloser->displayProfileLink(); } else { $dloser = 'dloser'; } $text = $chall->lang('info', array(BLIGHT2_ATTEMPS, BLIGHT2_CONSEC, $url1, $url2, $url3, $egg, $dloser)); htmlTitleBox($chall->lang('title'), $text); if (Common::getGetString('highlight') === 'christmas') { echo GWF_Message::display('[php title=vuln.php]' . file_get_contents('challenge/blind_lighter/vuln.php') . '[/php]'); } ?> <div class="box box_c"> <form method="post" action="index.php"> <div><?php echo $chall->lang('th_injection'); ?>
$solutions = (require 'solution.php'); chdir('../../'); require_once 'challenge/html_head.php'; define('GWF_PAGE_TITLE', 'Interesting'); $title = GWF_PAGE_TITLE; html_head('Install: ' . $title); if (!GWF_User::isAdminS()) { return htmlSendToLogin('Better be admin !'); } $solution = implode('', array_keys($solutions)); $score = 2; $url = 'challenge/interesting/index.php'; $creators = 'Gizmore'; $tags = 'Fun,Exploit'; if (false === ($bunny = GWF_User::getByName('Easterbunny'))) { die('Easterbunny not found!'); } $bunny_id = $bunny->getID(); require_once GWF_CORE_PATH . 'module/Profile/GWF_ProfilePOI.php'; $table = GDO::table('GWF_ProfilePOI'); if (!$table->deleteWhere('pp_uid=' . $bunny_id)) { die('DBERR1'); } foreach ($solutions as $word => $latlon) { if (!$table->insertAssoc(array('pp_id' => '0', 'pp_uid' => $bunny_id, 'pp_lat' => $latlon[0], 'pp_lon' => $latlon[1], 'pp_descr' => $word))) { die('DB ERROR!!!!'); } } WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true); require_once 'challenge/html_foot.php';
private static function fixWeChallUser(Module_WeChall $module) { if (false === ($user = GWF_User::getByName('WeChall'))) { $user = new GWF_User(array('user_name' => 'WeChall', 'user_email' => '*****@*****.**', 'user_password' => GWF_Password::hashPasswordS('wechallbot'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_lastactivity' => time(), 'user_options' => GWF_User::BOT)); if (false === $user->insert()) { echo GWF_HTML::error('WeChall Install', 'Can not find user WeChall'); $uid = 0; } else { $uid = $user->getID(); } } else { $uid = $user->getID(); } if (false === $module->saveModuleVar('wc_uid', $uid)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return ''; }
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 4, 'challenge/identity/index.php', false); } $chall->showHeader(); $score_needed = 500; $title = $chall->lang('title'); if (false !== ($user = GWF_Session::getUser())) { if ($user->getLevel() >= $score_needed) { if (isset($_POST['answer'])) { $pre = $_POST['answer']; identity_filter($chall); $chall->onCheckSolution(); $_POST['answer'] = $pre; } $gizmore = GWF_User::getByName('gizmore'); $profile = $gizmore->displayProfileLink(); echo GWF_Box::box($chall->lang('info', array($profile)), $title); require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; echo formSolutionbox($chall); } else { $score = $user->getLevel(); echo GWF_HTML::error($title, $chall->lang('err_score', array($score, $score_needed))); } } else { echo GWF_HTML::error($title, $chall->lang('err_login')); } echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php'; ?>
public function validate_username(Module_Register $module, $arg) { if (false !== GWF_User::getByName($arg)) { return $this->module->lang('err_name_taken'); } if (!GWF_Validator::isValidUsername($arg)) { return $this->module->lang('err_name_invalid'); } return false; }
private function create2() { if (false === ($this->rec = GWF_User::getByName(Common::getGet('to')))) { return GWF_HTML::err('ERR_UNKNOWN_USER') . $this->module->requestMethodB('Overview'); } return $this->templateSend(); }
<?php chdir('../../'); define('GWF_PAGE_TITLE', 'Pimitive Encryption'); require_once 'challenge/html_head.php'; require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 4, 'challenge/pimitive_encryption/index.php'); } $chall->showHeader(); $href_zip = 'pimitive.zip'; if (false === ($jander = GWF_User::getByName('Jander'))) { $jander = '<b>Jander</b>'; } else { $jander = $jander->displayProfileLink(); } $chall->onCheckSolution(); echo GWF_Box::box($chall->lang('info', array($jander, $href_zip)), $chall->lang('title')); echo formSolutionbox($chall); # Your footer echo $chall->copyrightFooter(); require_once 'challenge/html_foot.php';
$onclick = "wcjsHideJQuery('#wc_profile_slide'); wcjs_last_site = undefined; return false;"; echo GWF_Button::delete('#', $tLang->lang('btn_close'), '', $onclick); echo GWF_Button::forward($site->getURL(), $site->getSitename()); echo '</div></div>' . PHP_EOL; echo '<div class="gwf_buttons_outer"><div class="gwf_buttons">' . PHP_EOL; echo WC_HTML::button('btn_site_details', $site->hrefDetail()); if (count($boxes) > 0) { echo WC_HTML::button('btn_warboxes', $site->hrefWarboxes()); } echo WC_HTML::button('btn_ranking', $site->hrefRanking(true)); echo WC_HTML::button('btn_site_history', $site->hrefHistory()); echo '</div></div>' . PHP_EOL; ?> <?php if (false === ($user = GWF_User::getByName(Common::getGet('username', '')))) { } if ($user !== false) { $userid = $user->getID(); if (false !== ($regat = WC_RegAt::getRegatRow($userid, $siteid))) { $max = $site->getOnsiteScore(); echo GWF_Box::box($tLang->lang('site_detail_uinfo', array($user->displayUsername(), $regat->getOnsiteScore(), $max, $site->displayName(), round($regat->getPercent($max), 2), WC_RegAt::calcExactSiteRank($user, $siteid), $site->calcScore($regat)))); } } ?> <div class="ib"><?php echo GWF_Box::box(GWF_Message::display($tVars['descr'])); ?> </div>
private function onUnIgnore($username) { if (false === ($method = $this->module->getMethod('Ignore'))) { return GWF_HTML::err('ERR_METHOD_MISSING', array('Ignore', 'PM')); } if (false === ($user = GWF_User::getByName($username))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } #$method instanceof PM_Ignore; return $method->onIgnore('do_not', $user->getID()); }
public function validate_creators(Module_WeChall $m, $arg) { $creators = explode(',', $arg); $back = ''; foreach ($creators as $c) { if ($c === '') { continue; } if (false === GWF_User::getByName($c)) { $back .= ', ' . GWF_HTML::display($c); } } return $back === '' ? false : $m->lang('err_chall_creator', array(substr($back, 2))); }
require_once 'hg_wc3.php'; require_once 'hg_wc4.php'; require_once 'passwords.php'; chdir('../../'); define('GWF_PAGE_TITLE', 'WC Hashing Game'); require_once 'challenge/html_head.php'; require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php'; if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, '/challenge/hashgame/index.php', false); } $chall->showHeader(); if ('' !== ($answer = Common::getPostString('answer'))) { hashgame_check_answer($chall, $answer, $list1, $list2); } if (false !== ($z = GWF_User::getByName('Z'))) { $credits = $z->displayProfileLink(); } else { $credits = 'Z'; } echo GWF_Box::box($chall->lang('info', array('index.php?list=wc3', 'index.php?algo=wc3', 'index.php?list=wc4', 'index.php?algo=wc4', $credits)), $chall->lang('title')); if (Common::getGetString('algo') === 'wc3') { $code = sprintf('[PHP title=hg_wc3.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc3.php')); echo GWF_Box::box(GWF_Message::display($code)); } elseif (Common::getGetString('algo') === 'wc4') { $code = sprintf('[PHP title=hg_wc4.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc4.php')); echo GWF_Box::box(GWF_Message::display($code)); } if (Common::getGetString('list') === 'wc3') { $content = ''; $content .= GWF_Table::start();
public function targetExists($target) { if ($target === '') { return true; } if (Common::startsWith($target, self::$GUEST_PREFIX)) { return $this->isNameTaken($target); } return GWF_User::getByName($target) !== false; }