public function execute()
{
if (false === ($user = GWF_User::getByName(Common::getGetString('username')))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
if (false !== ($error = $this->module->isExcludedFromAPI($user, false))) {
return $error;
}
$this->module->includeClass('WC_RegAt');
$format = Common::getGetString('format', self::FORMAT);
$bg = Common::getGetString('bg', self::BGCOLOR);
$fg = Common::getGetString('fg', self::FGCOLOR);
$size = Common::clamp(Common::getGetInt('s', self::SIZE), 6, 30);
$spacingx = Common::clamp(Common::getGetInt('sx', 1), 0, 30);
$spacingy = Common::clamp(Common::getGetInt('sy', 1), 0, 30);
$marginx = Common::clamp(Common::getGetInt('mx', 1), 0, 30);
$marginy = Common::clamp(Common::getGetInt('my', 1), 0, 30);
$divider = Common::getGetString('div', ' ');
$font = Common::getGetString('font', self::FONT);
$_GET['font'] = $font;
if (!preg_match('/^[a-z_0-9]+$/iD', $font) || !Common::isFile(GWF_EXTRA_PATH . 'font/' . $font . '.ttf')) {
return "Font not found. Available fonts: " . $this->listFonts();
}
die($this->displayBanner($user, $format, $bg, $fg, $size, $spacingx, $spacingy, $marginx, $marginy, $divider));
}
public function execute()
{
if (false === ($user = GWF_User::getByName(Common::getGet('username')))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
return $this->templateHistory($user);
}
private function templateSingleU($username)
{
if (false === ($user = GWF_User::getByName($username))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
return $this->templateSingle($user->getCountryID(), $user);
}
private function onRequest()
{
$form = $this->getForm();
if (false !== ($errors = $form->validate($this->module))) {
return $errors . $this->form();
}
$email = Common::getPost('email', '');
$user1 = GWF_User::getByName(Common::getPost('username'));
$user2 = GWF_Validator::isValidEmail($email) ? GWF_User::getByEmail($email) : false;
# nothing found
if ($user1 === false && $user2 === false) {
return $this->module->error('err_not_found') . $this->form();
}
# Two different users
if ($user1 !== false && $user2 !== false && $user1->getID() !== $user2->getID()) {
return $this->module->error('err_not_same_user') . $this->form();
}
# pick the user and send him mail
if ($user1 !== false && $user2 !== false) {
$user = $user1;
} elseif ($user1 !== false) {
$user = $user1;
} elseif ($user2 !== false) {
$user = $user2;
}
return $this->sendMail($user);
}
private function templateRankingU($username)
{
if (false === ($user = GWF_User::getByName($username))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
return $this->templateRanking($user);
}
public function validate_username(Module_WeChall $m, $arg)
{
if (false === ($this->user = GWF_User::getByName($arg))) {
return GWF_HTML::lang('ERR_UNKNOWN_USER');
}
return false;
}
public function validate_username(Module_Ban $m, $arg)
{
if (false === ($this->user = GWF_User::getByName($arg))) {
$_POST['username'] = '';
return GWF_HTML::lang('ERR_UNKNOWN_USER');
}
return false;
}
private function onCrossLogin($username)
{
if (false === ($user = GWF_User::getByName($username))) {
if (false === ($user = $this->onCrossRegister($username))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
}
return $this->onCrossLoginB($user);
}
private function outputLink($username, $email)
{
if (false === ($user = GWF_User::getByName($username))) {
die('0');
}
if ($user->getValidMail() !== $email) {
die('0');
}
die('1');
}
public function validate_user_name(Module_Profile $m, $arg)
{
if (!($this->user_to_add = GWF_User::getByName($arg))) {
return GWF_HTML::lang('ERR_UNKNOWN_USER');
}
if ($this->user_to_add->getID() == GWF_Session::getUserID()) {
return $m->lang('err_self_whitelist');
}
return false;
}
function warscore_function($socket, $pid)
{
# Init GWF
$gwf = new GWF3(getcwd(), array('website_init' => false, 'autoload_modules' => false, 'load_module' => false, 'start_debug' => true, 'get_user' => false, 'log_request' => false, 'no_session' => true, 'store_last_url' => false, 'ignore_user_abort' => false));
gdo_db();
GWF_Debug::setDieOnError(false);
GWF_HTML::init();
if (false === ($wechall = GWF_Module::loadModuleDB('WeChall', true, true, true))) {
warscore_error($socket, 'Cannot load WeChall!');
}
$wechall->includeClass('WC_Warbox');
$wechall->includeClass('WC_WarToken');
$wechall->includeClass('WC_Warflag');
$wechall->includeClass('WC_Warflags');
$wechall->includeClass('sites/warbox/WCSite_WARBOX');
if (false === ($input = socket_read($socket, 2048))) {
warscore_error($socket, 'Read Error 1!');
}
warscore_debug("GOT INPUT: {$input}");
if (false === ($username = Common::substrUntil($input, "\n", false))) {
warscore_error($socket, 'No username sent!');
}
if (false === ($user = GWF_User::getByName($username))) {
warscore_error($socket, 'Unknown user!');
}
warscore_debug("GOT USER: {$username}");
if ('' === ($token = Common::substrFrom($input, "\n", ''))) {
warscore_error($socket, 'No token sent!');
}
$token = trim(Common::substrUntil($token, "\n", $token));
if (!WC_WarToken::isValidWarToken($user, $token)) {
warscore_error($socket, 'Invalid Token!');
}
if (!socket_getpeername($socket, $client_ip, $client_port)) {
warscore_error($socket, 'Socket Error 2!');
}
echo "{$client_ip}\n";
$boxes = WC_Warbox::getByIP($client_ip);
if (count($boxes) === 0) {
warscore_error($socket, 'Unknown Warbox!');
}
warscore_debug("GOT N BOXES: " . count($boxes));
$curr_port = 0;
foreach ($boxes as $box) {
$box instanceof WC_Warbox;
if ($curr_port !== $box->getVar('wb_port')) {
$curr_port = $box->getVar('wb_port');
warscore_identd($socket, $box, $user, $client_ip, $client_port);
}
}
socket_write($socket, 'Bailing out! You should not see me.');
socket_close($socket);
die(0);
}
public function onLoginAs()
{
$form = $this->getForm();
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templateLoginAs();
}
if (false === ($user = GWF_User::getByName($form->getVar('username')))) {
return GWF_HTML::lang('ERR_UNKNOWN_USER');
}
GWF_Session::onLogin($user);
return $this->module->message('msg_login_as', array($user->displayUsername()));
}
public function execute()
{
if (false === ($user = GWF_User::getByName(Common::getGet('username')))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
if ('' === ($email = $user->getValidMail()) || !$user->isOptionEnabled(GWF_User::ALLOW_EMAIL)) {
return $this->module->error('err_no_mail');
}
if (false !== Common::getPost('send')) {
return $this->send($user);
}
return $this->template($user);
}
public function validate_username(Module_Admin $module, $arg)
{
$_POST['username'] = $arg = trim($arg);
if ($this->user->getVar('user_name') === $arg) {
return false;
}
if (GWF_User::getByName($arg) !== false) {
return $this->module->lang('err_username_taken');
}
if (!GWF_Validator::isValidUsername($arg)) {
return $this->module->lang('err_username');
}
return false;
}
public function execute()
{
if (false === ($user = GWF_User::getByName(Common::getGet('username')))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
if ($user->isDeleted()) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
$uname = $user->displayUsername();
GWF_Website::setPageTitle($this->module->lang('pt_profile', array($uname, $uname)));
GWF_Website::setMetaTags($this->module->lang('mt_profile', array($uname, $uname)));
GWF_Website::setMetaDescr($this->module->lang('md_profile', array($uname, $uname)));
return $this->profile($user);
}
public function execute()
{
$_GET['ajax'] = 1;
GWF_Website::plaintext();
if (false === Common::getGet('no_session')) {
die('The mandatory parameter \'no_session\' is not set. Try \'&no_session=1\'.');
}
if (false === ($username = Common::getGet('username'))) {
die('The mandatory parameter \'username\' is not set. Try \'&username=nickname\'.');
}
if (false === ($user = GWF_User::getByName($username))) {
die(GWF_HTML::lang('ERR_UNKNOWN_USER'));
}
die($this->showUser($user, Common::getGet('apikey')));
}
private function sanitize()
{
if (false === Common::getGet('no_session')) {
return 'The mandatory parameter \'no_session\' is not set. Try \'&no_session=1\'.';
}
# Validate Date
if (false !== ($date = Common::getGet('datestamp'))) {
if (GWF_Time::isValidDate($date, false, GWF_Date::LEN_SECOND)) {
$this->time = GWF_Time::getTimestamp($date);
}
}
# Validate username
if (false !== ($username = Common::getGet('username'))) {
if (false === ($this->user = GWF_User::getByName($username))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
if (false !== ($error = $this->module->isExcludedFromAPI($this->user, Common::getGet('password')))) {
return $error;
}
}
# Validate sitename
if (false !== ($sitename = Common::getGet('sitename'))) {
if (false === ($this->site = WC_Site::getByName($sitename)) && false === ($this->site = WC_Site::getByClassName($sitename))) {
return $this->module->error('err_site');
}
}
# Validate Limit
if (in_array(Common::getGet('masterkey'), self::$masterKeys)) {
$max_limit = PHP_INT_MAX;
} elseif ($this->user === false && $this->site === false) {
$max_limit = self::MAX_LIMIT_ALL;
} else {
$max_limit = self::MAX_LIMIT_SINGLE;
}
$this->limit = Common::clamp(Common::getGet('limit', self::DEFAULT_LIMIT), 1, $max_limit);
// if (!isset($no_block))
// {
// require_once 'core/module/WeChall/WC_API_Block.php';
// if (WC_API_Block::isBlocked())
// {
// return $this->module->error('err_api_block');
// }
// }
return false;
}
private static function install_spider($botname, $ips)
{
GWF_Numeric::setInputCharset('0123456789abcdef');
GWF_Numeric::setOutputCharset('0123456789');
$botname = '[' . $botname . ']';
if (false === ($user = GWF_User::getByName($botname))) {
if (false === ($user = self::insert_bot($botname))) {
return false;
}
}
$uid = $user->getID();
$count = count($ips);
echo "Installing Bot {$botname} (UID:{$uid}) with {$count} IPs...<br/>";
$ranged = array();
foreach ($ips as $i => $ip) {
if (self::is_ip_range($ip)) {
$ranged[] = self::get_ip_range($ip);
unset($ips[$i]);
} else {
$ip6 = GWF_IP6::getIP(GWF_IP6::HEX_128, $ip);
// var_dump($ip6);
$ips[$i] = GWF_Numeric::baseConvert($ip6, 16, 10);
}
}
// var_dump($ranged); echo '<br/>';
$ranged = self::merge_ranges($ranged);
// var_dump($ranged); echo '<br/>';
sort($ips);
foreach ($ips as $ip) {
self::merge_into_ranges($ranged, $ip);
}
$ranged = self::merge_ranges($ranged);
echo "Total Ranges: " . count($ranged) . ".<br/>";
GWF_Numeric::setInputCharset('0123456789');
GWF_Numeric::setOutputCharset('0123456789abcdef');
foreach ($ranged as $range) {
list($min, $max) = $range;
// echo "Insert range $min-$max<br/>";
if (false === GWF_Webspider::insertSpider($uid, self::convertToHex($min), self::convertToHex($max))) {
echo GWF_HTML::err('ERR_DATABASE', __FILE__, __LINE__);
}
}
// var_dump($ranged);
}
$password = Common::getPostString('injection');
$success = blightVuln($password);
$attemp = blightAttemp() + 1;
if ($success) {
echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('msg_logged_in', array($attemp)));
} else {
echo GWF_HTML::error(GWF_PAGE_TITLE, $chall->lang('err_login', array($attemp)));
}
blightSetAttempt($attemp);
}
$url1 = 'index.php?show=source';
$url2 = 'index.php?highlight=christmas';
$url3 = 'index.php?reset=me';
$egg = 'On the run to the great gig.';
$egg = '<span style="color: #eee;">' . $egg . '</span>';
if (false !== ($dloser = GWF_User::getByName('dloser'))) {
$dloser = $dloser->displayProfileLink();
} else {
$dloser = 'dloser';
}
$text = $chall->lang('info', array(BLIGHT2_ATTEMPS, BLIGHT2_CONSEC, $url1, $url2, $url3, $egg, $dloser));
htmlTitleBox($chall->lang('title'), $text);
if (Common::getGetString('highlight') === 'christmas') {
echo GWF_Message::display('[php title=vuln.php]' . file_get_contents('challenge/blind_lighter/vuln.php') . '[/php]');
}
?>
<div class="box box_c">
<form method="post" action="index.php">
<div><?php
echo $chall->lang('th_injection');
?>
$solutions = (require 'solution.php');
chdir('../../');
require_once 'challenge/html_head.php';
define('GWF_PAGE_TITLE', 'Interesting');
$title = GWF_PAGE_TITLE;
html_head('Install: ' . $title);
if (!GWF_User::isAdminS()) {
return htmlSendToLogin('Better be admin !');
}
$solution = implode('', array_keys($solutions));
$score = 2;
$url = 'challenge/interesting/index.php';
$creators = 'Gizmore';
$tags = 'Fun,Exploit';
if (false === ($bunny = GWF_User::getByName('Easterbunny'))) {
die('Easterbunny not found!');
}
$bunny_id = $bunny->getID();
require_once GWF_CORE_PATH . 'module/Profile/GWF_ProfilePOI.php';
$table = GDO::table('GWF_ProfilePOI');
if (!$table->deleteWhere('pp_uid=' . $bunny_id)) {
die('DBERR1');
}
foreach ($solutions as $word => $latlon) {
if (!$table->insertAssoc(array('pp_id' => '0', 'pp_uid' => $bunny_id, 'pp_lat' => $latlon[0], 'pp_lon' => $latlon[1], 'pp_descr' => $word))) {
die('DB ERROR!!!!');
}
}
WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true);
require_once 'challenge/html_foot.php';
private static function fixWeChallUser(Module_WeChall $module)
{
if (false === ($user = GWF_User::getByName('WeChall'))) {
$user = new GWF_User(array('user_name' => 'WeChall', 'user_email' => '*****@*****.**', 'user_password' => GWF_Password::hashPasswordS('wechallbot'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_lastactivity' => time(), 'user_options' => GWF_User::BOT));
if (false === $user->insert()) {
echo GWF_HTML::error('WeChall Install', 'Can not find user WeChall');
$uid = 0;
} else {
$uid = $user->getID();
}
} else {
$uid = $user->getID();
}
if (false === $module->saveModuleVar('wc_uid', $uid)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return '';
}
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 4, 'challenge/identity/index.php', false);
}
$chall->showHeader();
$score_needed = 500;
$title = $chall->lang('title');
if (false !== ($user = GWF_Session::getUser())) {
if ($user->getLevel() >= $score_needed) {
if (isset($_POST['answer'])) {
$pre = $_POST['answer'];
identity_filter($chall);
$chall->onCheckSolution();
$_POST['answer'] = $pre;
}
$gizmore = GWF_User::getByName('gizmore');
$profile = $gizmore->displayProfileLink();
echo GWF_Box::box($chall->lang('info', array($profile)), $title);
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
echo formSolutionbox($chall);
} else {
$score = $user->getLevel();
echo GWF_HTML::error($title, $chall->lang('err_score', array($score, $score_needed)));
}
} else {
echo GWF_HTML::error($title, $chall->lang('err_login'));
}
echo $chall->copyrightFooter();
require_once 'challenge/html_foot.php';
?>
public function validate_username(Module_Register $module, $arg)
{
if (false !== GWF_User::getByName($arg)) {
return $this->module->lang('err_name_taken');
}
if (!GWF_Validator::isValidUsername($arg)) {
return $this->module->lang('err_name_invalid');
}
return false;
}
private function create2()
{
if (false === ($this->rec = GWF_User::getByName(Common::getGet('to')))) {
return GWF_HTML::err('ERR_UNKNOWN_USER') . $this->module->requestMethodB('Overview');
}
return $this->templateSend();
}
<?php
chdir('../../');
define('GWF_PAGE_TITLE', 'Pimitive Encryption');
require_once 'challenge/html_head.php';
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 4, 'challenge/pimitive_encryption/index.php');
}
$chall->showHeader();
$href_zip = 'pimitive.zip';
if (false === ($jander = GWF_User::getByName('Jander'))) {
$jander = '<b>Jander</b>';
} else {
$jander = $jander->displayProfileLink();
}
$chall->onCheckSolution();
echo GWF_Box::box($chall->lang('info', array($jander, $href_zip)), $chall->lang('title'));
echo formSolutionbox($chall);
# Your footer
echo $chall->copyrightFooter();
require_once 'challenge/html_foot.php';
$onclick = "wcjsHideJQuery('#wc_profile_slide'); wcjs_last_site = undefined; return false;";
echo GWF_Button::delete('#', $tLang->lang('btn_close'), '', $onclick);
echo GWF_Button::forward($site->getURL(), $site->getSitename());
echo '</div></div>' . PHP_EOL;
echo '<div class="gwf_buttons_outer"><div class="gwf_buttons">' . PHP_EOL;
echo WC_HTML::button('btn_site_details', $site->hrefDetail());
if (count($boxes) > 0) {
echo WC_HTML::button('btn_warboxes', $site->hrefWarboxes());
}
echo WC_HTML::button('btn_ranking', $site->hrefRanking(true));
echo WC_HTML::button('btn_site_history', $site->hrefHistory());
echo '</div></div>' . PHP_EOL;
?>
<?php
if (false === ($user = GWF_User::getByName(Common::getGet('username', '')))) {
}
if ($user !== false) {
$userid = $user->getID();
if (false !== ($regat = WC_RegAt::getRegatRow($userid, $siteid))) {
$max = $site->getOnsiteScore();
echo GWF_Box::box($tLang->lang('site_detail_uinfo', array($user->displayUsername(), $regat->getOnsiteScore(), $max, $site->displayName(), round($regat->getPercent($max), 2), WC_RegAt::calcExactSiteRank($user, $siteid), $site->calcScore($regat))));
}
}
?>
<div class="ib"><?php
echo GWF_Box::box(GWF_Message::display($tVars['descr']));
?>
</div>
private function onUnIgnore($username)
{
if (false === ($method = $this->module->getMethod('Ignore'))) {
return GWF_HTML::err('ERR_METHOD_MISSING', array('Ignore', 'PM'));
}
if (false === ($user = GWF_User::getByName($username))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
#$method instanceof PM_Ignore;
return $method->onIgnore('do_not', $user->getID());
}
public function validate_creators(Module_WeChall $m, $arg)
{
$creators = explode(',', $arg);
$back = '';
foreach ($creators as $c) {
if ($c === '') {
continue;
}
if (false === GWF_User::getByName($c)) {
$back .= ', ' . GWF_HTML::display($c);
}
}
return $back === '' ? false : $m->lang('err_chall_creator', array(substr($back, 2)));
}
require_once 'hg_wc3.php';
require_once 'hg_wc4.php';
require_once 'passwords.php';
chdir('../../');
define('GWF_PAGE_TITLE', 'WC Hashing Game');
require_once 'challenge/html_head.php';
require_once GWF_CORE_PATH . 'module/WeChall/solutionbox.php';
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
$chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, '/challenge/hashgame/index.php', false);
}
$chall->showHeader();
if ('' !== ($answer = Common::getPostString('answer'))) {
hashgame_check_answer($chall, $answer, $list1, $list2);
}
if (false !== ($z = GWF_User::getByName('Z'))) {
$credits = $z->displayProfileLink();
} else {
$credits = 'Z';
}
echo GWF_Box::box($chall->lang('info', array('index.php?list=wc3', 'index.php?algo=wc3', 'index.php?list=wc4', 'index.php?algo=wc4', $credits)), $chall->lang('title'));
if (Common::getGetString('algo') === 'wc3') {
$code = sprintf('[PHP title=hg_wc3.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc3.php'));
echo GWF_Box::box(GWF_Message::display($code));
} elseif (Common::getGetString('algo') === 'wc4') {
$code = sprintf('[PHP title=hg_wc4.php]%s[/PHP]', file_get_contents('challenge/hashgame/hg_wc4.php'));
echo GWF_Box::box(GWF_Message::display($code));
}
if (Common::getGetString('list') === 'wc3') {
$content = '';
$content .= GWF_Table::start();
public function targetExists($target)
{
if ($target === '') {
return true;
}
if (Common::startsWith($target, self::$GUEST_PREFIX)) {
return $this->isNameTaken($target);
}
return GWF_User::getByName($target) !== false;
}
