예제 #1
0
 public static function testStrongPassword($s_Password)
 {
     // Setting max passwd length to 72 to avoid DoS attacks
     Validators::isStringOfMinLength($s_Password, "password", 8);
     Validators::isStringOfMaxLength($s_Password, "password", 72);
     return true;
 }
 /**
  * Validate problem Details API
  *
  * @param Request $r
  * @throws ApiException
  * @throws InvalidDatabaseOperationException
  * @throws NotFoundException
  * @throws ForbiddenAccessException
  */
 private static function validateDetails(Request $r)
 {
     Validators::isStringNonEmpty($r['contest_alias'], 'contest_alias', false);
     Validators::isStringNonEmpty($r['problem_alias'], 'problem_alias');
     // Lang is optional. Default is user's preferred.
     if (!is_null($r['lang'])) {
         Validators::isStringOfMaxLength($r['lang'], 'lang', 2);
     } else {
         $r['lang'] = UserController::getPreferredLanguage($r);
     }
     try {
         $r['problem'] = ProblemsDAO::getByAlias($r['problem_alias']);
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     if (is_null($r['problem'])) {
         throw new NotFoundException('problemNotFound');
     }
     if (isset($r['statement_type']) && !in_array($r['statement_type'], array('html', 'markdown'))) {
         throw new NotFoundException('invalidStatementType');
     }
     // If we request a problem inside a contest
     if (!is_null($r['contest_alias'])) {
         // Is the combination contest_id and problem_id valid?
         try {
             $r['contest'] = ContestsDAO::getByAlias($r['contest_alias']);
             if (is_null($r['contest'])) {
                 throw new NotFoundException('contestNotFound');
             }
             if (is_null(ContestProblemsDAO::getByPK($r['contest']->getContestId(), $r['problem']->getProblemId()))) {
                 throw new NotFoundException('problemNotFoundInContest');
             }
         } catch (ApiException $apiException) {
             throw $apiException;
         } catch (Exception $e) {
             throw new InvalidDatabaseOperationException($e);
         }
         // If the contest is private, verify that our user is invited
         $contest_admin = Authorization::IsContestAdmin($r['current_user_id'], $r['contest']);
         if ($r['contest']->public != '1') {
             if (is_null(ContestsUsersDAO::getByPK($r['current_user_id'], $r['contest']->contest_id)) && !$contest_admin) {
                 throw new ForbiddenAccessException();
             }
         }
         // If the contest has not started, user should not see it, unless
         // it is admin
         if (!ContestsDAO::hasStarted($r['contest']) && !$contest_admin) {
             throw new ForbiddenAccessException('contestNotStarted');
         }
     } else {
         if (!Authorization::CanEditProblem($r['current_user_id'], $r['problem'])) {
             // If the problem is requested outside a contest, we need to
             // check that it is not private
             if ($r['problem']->public != '1') {
                 throw new ForbiddenAccessException('problemIsPrivate');
             }
         }
     }
 }
예제 #3
0
 /**
  * Validate problem Details API
  * 
  * @param Request $r
  * @throws ApiException
  * @throws InvalidDatabaseOperationException
  * @throws NotFoundException
  * @throws ForbiddenAccessException
  */
 private static function validateDetails(Request $r)
 {
     Validators::isStringNonEmpty($r["contest_alias"], "contest_alias", false);
     Validators::isStringNonEmpty($r["problem_alias"], "problem_alias");
     // Lang is optional. Default is user's preferred.
     if (!is_null($r["lang"])) {
         Validators::isStringOfMaxLength($r["lang"], "lang", 2);
     } else {
         $r['lang'] = UserController::getPreferredLanguage($r);
     }
     try {
         $r["problem"] = ProblemsDAO::getByAlias($r["problem_alias"]);
     } catch (Exception $e) {
         throw new InvalidDatabaseOperationException($e);
     }
     if (is_null($r["problem"])) {
         throw new NotFoundException("problemNotFound");
     }
     if (isset($r["statement_type"]) && !in_array($r["statement_type"], array("html", "markdown"))) {
         throw new NotFoundException("invalidStatementType");
     }
     // If we request a problem inside a contest
     if (!is_null($r["contest_alias"])) {
         // Is the combination contest_id and problem_id valid?
         try {
             $r["contest"] = ContestsDAO::getByAlias($r["contest_alias"]);
             if (is_null($r["contest"])) {
                 throw new NotFoundException("contestNotFound");
             }
             if (is_null(ContestProblemsDAO::getByPK($r["contest"]->getContestId(), $r["problem"]->getProblemId()))) {
                 throw new NotFoundException("problemNotFoundInContest");
             }
         } catch (ApiException $apiException) {
             throw $apiException;
         } catch (Exception $e) {
             throw new InvalidDatabaseOperationException($e);
         }
         // If the contest is private, verify that our user is invited
         if ($r["contest"]->getPublic() === 0) {
             if (is_null(ContestsUsersDAO::getByPK($r["current_user_id"], $r["contest"]->getContestId())) && !Authorization::IsContestAdmin($r["current_user_id"], $r["contest"])) {
                 throw new ForbiddenAccessException();
             }
         }
         // If the contest has not started, user should not see it, unless it is admin
         if (!ContestsDAO::hasStarted($r["contest"]) && !Authorization::IsContestAdmin($r["current_user_id"], $r["contest"])) {
             throw new ForbiddenAccessException("contestNotStarted");
         }
     } else {
         if (!Authorization::CanEditProblem($r["current_user_id"], $r["problem"])) {
             // If the problem is requested outside a contest, we need to check that it is not private
             if ($r["problem"]->getPublic() == "0") {
                 throw new ForbiddenAccessException("problemIsPrivate");
             }
         }
     }
 }