function decryptData($crypttext, $key, $txt = '') { $crypttext = base64_decode($crypttext); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $test1 = ''; $test2 = 'x'; $clen = strlen($crypttext); if ($clen > $iv_size) { $iv = substr($crypttext, $clen - $iv_size, $iv_size); $crypttext = substr($crypttext, 0, $clen - $iv_size); $key = myhash($key . "123456789012345678901234567890"); // . myhash($key); $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key), 0, 32), $crypttext, MCRYPT_MODE_CBC, $iv); $pos = strrpos($decrypttext, "#"); $iscompressed = false; if (substr($decrypttext, $pos - 1, 1) == '@') { $iscompressed = true; } $ll = strlen(myshorthash("x")); $test2 = substr($decrypttext, $pos - 1 - $ll, $ll); $decrypttext = substr($decrypttext, 0, $pos - 1 - $ll); $test1 = myshorthash($decrypttext); } if ($test1 != $test2) { if ($txt == '') { MSGError("Decryption error -- contact an admin now (" . getFunctionName() . ")"); } // LogError("Decryption error -- contact an admin, possibly password wrong (" . getFunctionName() .",$txt)"); return ""; } if ($iscompressed) { return unzipstr($decrypttext); } return $decrypttext; }
function zipstr($str) { if (!function_exists('gzcompress')) { MSGError("Compression error -- zlib not installed (" . getFunctionName() . ")"); LogError("Compression error -- zlib not installed (" . getFunctionName() . ")"); } return gzcompress($str . '#' . myshorthash($str)); }
header("Content-Disposition: attachment; filename=" . basename($dir . '.zip')); ob_end_flush(); echo $str; exit; } else { @unlink($tfile); ob_end_flush(); MSGError('Could not write to temporary directory'); } } ForceLoad('problem.php'); } if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") { if (strpos(trim($_POST["problemname"]), ' ') !== false) { $_POST["confirmation"] = ''; MSGError('Problem short name cannot have spaces'); } else { if ($_POST["confirmation"] == "confirm") { if ($_FILES["probleminput"]["name"] != "") { $type = myhtmlspecialchars($_FILES["probleminput"]["type"]); $size = myhtmlspecialchars($_FILES["probleminput"]["size"]); $name = myhtmlspecialchars($_FILES["probleminput"]["name"]); $temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]); if (!is_uploaded_file($temp)) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } } else { $name = ""; } $param = array();
} } if (isset($_POST["open"]) && $_POST["open"] == "Open selected runs for rejudging") { DBGiveUpRunAutojudging($_SESSION["usertable"]["contestnumber"], $run[$i]["site"], $run[$i]["number"]); if (DBChiefRunGiveUp($run[$i]["number"], $run[$i]["site"], $_SESSION["usertable"]["contestnumber"])) { $nreopen++; } } } } if ($nrenew > 0) { MSGError($nrenew . " runs renewed for autojudging."); ForceLoad($runphp); } if ($nreopen > 0) { MSGError($nreopen . " runs reopened."); ForceLoad($runphp); } } for ($i = 0; $i < count($run); $i++) { if ($run[$i]["answer1"] != 0 && $run[$i]["answer2"] != 0 && $run[$i]["status"] != "judged") { if ($runphp == "runchief.php") { echo " <tr bgcolor=\"ff0000\">\n"; } else { echo "<tr>\n"; } echo " <td nowrap bgcolor=\"ff0000\">"; } else { echo " <tr><td nowrap>"; } echo "<input type=\"checkbox\" name=\"cbox_" . $run[$i]["number"] . "_" . $run[$i]["site"] . "\" />";
$number = myhtmlspecialchars($_POST["number"]); // $notuser = myhtmlspecialchars($_POST["notifyuser"]); // $updscore = myhtmlspecialchars($_POST["updatescore"]); DBUpdateRun($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $sitenumber, $number, $answer); //, $notuser, $updscore); } ForceLoad("run.php"); } if (!isset($_GET["runnumber"]) || !isset($_GET["runsitenumber"]) || !is_numeric($_GET["runnumber"]) || !is_numeric($_GET["runsitenumber"])) { IntrusionNotify("tried to open the judge/runedit.php with wrong parameters."); ForceLoad("run.php"); } $runsitenumber = myhtmlspecialchars($_GET["runsitenumber"]); $runnumber = myhtmlspecialchars($_GET["runnumber"]); if (($a = DBGetRunToAnswer($runnumber, $runsitenumber, $_SESSION["usertable"]["contestnumber"])) === false) { MSGError("Another judge got it first."); ForceLoad("run.php"); } $b = DBGetProblemData($_SESSION["usertable"]["contestnumber"], $a["problemnumber"]); ?> <br><br><center><b>Use the following fields to judge the run: </b></center> <form name="form1" method="post" action="runedit.php"> <input type=hidden name="confirmation" value="noconfirm" /> <center> <table border="1"> <tr> <td width="27%" align=right><b>Site:</b></td> <td width="83%"> <input type=hidden name="sitenumber" value="<?php echo $a["sitenumber"];
function DBNewUser($param, $c = null) { if (isset($param['contestnumber']) && !isset($param['contest'])) { $param['contest'] = $param['contestnumber']; } if (isset($param['sitenumber']) && !isset($param['site'])) { $param['site'] = $param['sitenumber']; } if (isset($param['usernumber']) && !isset($param['user'])) { $param['user'] = $param['usernumber']; } if (isset($param['number']) && !isset($param['user'])) { $param['user'] = $param['number']; } $ac = array('contest', 'site', 'user'); $ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra'); $typei['contest'] = 1; $typei['updatetime'] = 1; $typei['site'] = 1; $typei['user'] = 1; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewUser param error: {$key} not found"); return false; } if (isset($typei[$key]) && !is_numeric($param[$key])) { MSGError("DBNewUser param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $username = "******" . $user; $updatetime = -1; $pass = null; $usericpcid = ''; $userfull = ''; $userdesc = ''; $type = 'team'; $enabled = 'f'; $changepass = '******'; $multilogin = '******'; $permitip = ''; $usersession = null; $usersessionextra = null; $userip = null; $userlastlogin = null; $userlastlogout = null; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($typei[$key]) && !is_numeric($param[$key])) { MSGError("DBNewUser param error: {$key} is not numeric"); return false; } } } $t = time(); if ($updatetime <= 0) { $updatetime = $t; } if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") { $type = "team"; } if ($type == "admin") { $changepass = "******"; } if ($enabled != "f") { $enabled = "t"; } if ($multilogin != "t") { $multilogin = "******"; } if ($changepass != "t") { $changepass = "******"; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewUser(begin)"); } DBExec($c, "lock table usertable", "DBNewUser(lock)"); $r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)"); $n = DBnlines($r); if ($n == 0) { DBExec($c, "rollback work", "DBNewUser(no-site)"); MSGError("DBNewUser param error: site {$site} does not exist"); return false; } if ($pass != myhash("") && $type != "admin" && $changepass != "t") { $pass = '******' . $pass; } $r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)"); $n = DBnlines($r); $ret = 1; if ($n == 0) { $sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}"; $a = DBGetRow($sql, 0, $c); if ($a == null) { $ret = 2; $sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}"; $aa = DBGetRow($sql, 0); if ($aa == null) { DBExec($c, "rollback work"); MSGError("Site {$site} does not exist"); return false; } $sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')"; DBExec($c, $sql, "DBNewUser(insert)"); if ($cw) { DBExec($c, "commit work"); } LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2); } else { if ($updatetime > $a['updatetime']) { $ret = 2; $sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', "; if ($pass != null && $pass != myhash("")) { $sql .= "userpassword='******', "; } if ($usersession != null) { $sql .= "usersession='{$usersession}', "; } if ($usersessionextra != null) { $sql .= "usersessionextra='{$usersessionextra}', "; } if ($userip != null) { $sql .= "userip='{$userip}', "; } if ($userlastlogin != null) { $sql .= "userlastlogin='******', "; } if ($userlastlogout != null) { $sql .= "userlastlogout='{$userlastlogout}', "; } $sql .= "userenabled='{$enabled}', usermultilogin='******'"; $sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}"; $r = DBExec($c, $sql, "DBNewUser(update)"); if ($cw) { DBExec($c, "commit work"); } LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2); } } } else { DBExec($c, "rollback work"); LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1); MSGError("Update problem for user {$user}, site {$site} (maybe username already in use)."); return false; } return $ret; }
//INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR //PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER //OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR //CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR //PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING //OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. /////////////////////////////////////////////////////////////////////////////////////////// // created 14/June/2011 by cassio@ime.usp.br require 'header.php'; if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { ForceLoad("../index.php"); } if (($st = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"])) == null) { ForceLoad("../index.php"); } $fn = tempnam("/tmp", "bkp-"); $fout = fopen($fn, "wb"); echo $_POST; echo $_POST['data']; fwrite($fout, base64_decode($_POST['data'])); fclose($fout); $size = filesize($fn); $name = $_POST['name']; if ($size > $ct["contestmaxfilesize"] || strlen($name) > 100 || strlen($name) < 1) { LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . ":{$name}: with {$size} bytes.", 1); MSGError("File size exceeds the limit allowed or invalid name."); } else { DBNewBkp($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $name, $fn, $size); } @unlink($fn); ForceLoad("../index.php");
break; } if (isset($param['unlockkey']) && $param['unlockkey'] != '') { $pass = decryptData(substr($key, 15), $param['unlockkey'], 'includekeys'); if (substr($pass, 0, 5) != '#####') { MSGError('Invalid key in the file -- not importing any keys'); $dd = 0; break; } } $ar[$val] = $key; $dd++; } if ($dd > 0) { $param['keys'] = implode(',', $ar); MSGError(count($ar) . ' keys are being imported from the file'); DBClearProblemTmp($_SESSION["usertable"]["contestnumber"]); } } $param['atualizasites'] = $at; } DBUpdateContest($param); if (strlen($param['unlockkey']) > 1) { DBClearProblemTmp($_SESSION["usertable"]["contestnumber"]); DBGetFullProblemData($_SESSION["usertable"]["contestnumber"], true); } } ForceLoad("contest.php"); } ?> <br>
$param['site'] = $_SESSION["usertable"]["usersitenumber"]; $param['user'] = $_SESSION["usertable"]["usernumber"]; $param['desc'] = "Staff assistance"; DBNewTask($param); } ForceLoad("task.php"); } if (isset($_FILES["filename"]) && isset($_POST["Submit"]) && $_FILES["filename"]["name"] != "") { if ($_POST["confirmation"] == "confirm") { $type = myhtmlspecialchars($_FILES["filename"]["type"]); $size = myhtmlspecialchars($_FILES["filename"]["size"]); $name = myhtmlspecialchars($_FILES["filename"]["name"]); $temp = myhtmlspecialchars($_FILES["filename"]["tmp_name"]); if ($size > $ct["contestmaxfilesize"]) { LOGLevel("User {$_SESSION["usertable"]["username"]} tried to print file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); MSGError("File size exceeds the limit allowed."); ForceLoad("task.php"); } if (!is_uploaded_file($temp)) { IntrusionNotify("Printing file upload problem"); ForceLoad("../index.php"); } $param['contest'] = $_SESSION["usertable"]["contestnumber"]; $param['site'] = $_SESSION["usertable"]["usersitenumber"]; $param['user'] = $_SESSION["usertable"]["usernumber"]; $param['desc'] = "File to print"; $param['filename'] = $name; $param['filepath'] = $temp; DBNewTask($param); } ForceLoad("task.php");
function DBNewProblem($contestnumber, $param, $c = null) { if (isset($param["action"]) && $param["action"] == "delete") { return DBDeleteProblem($contestnumber, $param); } $ac = array('number', 'name'); $type['number'] = 1; $type['updatetime'] = 1; $ac1 = array('colorname', 'fake', 'color', 'updatetime', 'fullname', 'basename', 'inputfilename', 'inputfilepath'); $colorname = ''; $color = ''; $fake = 'f'; foreach ($ac as $key) { if (!isset($param[$key])) { MSGError("DBNewProblem param error: {$key} is not set"); return false; } if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewProblem param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $basename = ''; $inputfilename = ''; $inputfilepath = ''; $fullname = ''; $updatetime = -1; foreach ($ac1 as $key) { if (isset($param[$key])) { if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewProblem param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } } $t = time(); if ($updatetime <= 0) { $updatetime = $t; } $inputhash = ''; $sql2 = "select * from problemtable where contestnumber={$contestnumber} and problemnumber={$number} for update"; // "select * from problemtable where contestnumber=$contestnumber and problemnumber=$number " . // "and probleminputfilename='$inputfilename'"; $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewProblem(transaction)"); } $r = DBExec($c, $sql2, "DBNewProblem(get problem for update)"); $n = DBnlines($r); $ret = 1; $oldfullname = ''; $deservesupdatetime = false; if ($n == 0) { DBExec($c, "insert into problemtable (contestnumber, problemnumber, problemname, problemcolor) values " . "({$contestnumber}, {$number}, '{$name}','-1')", "DBNewProblem(insert problem)"); $deservesupdatetime = true; $s = "created"; } else { $lr = DBRow($r, 0); $t = $lr['updatetime']; $oldfullname = $lr['problemfullname']; $s = "updated"; $inputhash = $lr['probleminputfilehash']; } if ($s == "created" || $updatetime > $t) { if (substr($inputfilepath, 0, 7) != "base64:") { if ($inputfilepath != "") { $hash = myshorthash(file_get_contents($inputfilepath)); if ($hash != $inputhash) { $oldoid = ''; if (isset($lr)) { $oldoid = $lr['probleminputfile']; } if (($oid1 = DB_lo_import($c, $inputfilepath)) === false) { DBExec($c, "rollback work", "DBNewProblem(rollback-input)"); LOGError("Unable to create a large object for file {$inputfilename}."); MSGError("problem importing file to database. See log for details!"); exit; } if ($oldoid != '') { DB_lo_unlink($c, $oldoid); } $inputhash = DBcrc($contestnumber, $oid1, $c); } else { $oid1 = $lr['probleminputfile']; } } } else { $inputfilepath = base64_decode(substr($inputfilepath, 7)); $hash = myshorthash($inputfilepath); if ($hash != $inputhash) { $oldoid = ''; if (isset($lr)) { $oldoid = $lr['probleminputfile']; } if (($oid1 = DB_lo_import_text($c, $inputfilepath)) == null) { DBExec($c, "rollback work", "DBNewProblem(rollback-i-import)"); LOGError("Unable to import the large object for file {$inputfilename}."); MSGError("problem importing file to database. See log for details!"); exit; } if ($oldoid != '') { DB_lo_unlink($c, $oldoid); } $inputhash = DBcrc($contestnumber, $oid1, $c); } else { $oid1 = $lr['probleminputfile']; } } if ($name != "") { DBExec($c, "update problemtable set problemname='{$name}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update name)"); } if ($fullname != "" || strpos($oldfullname, '(DEL)') !== false) { $deservesupdatetime = true; DBExec($c, "update problemtable set problemfullname='{$fullname}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update fullname)"); } if ($basename != "") { $deservesupdatetime = true; DBExec($c, "update problemtable set problembasefilename='{$basename}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update basename)"); } if ($colorname != "") { DBExec($c, "update problemtable set problemcolorname='{$colorname}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update colorname)"); } if ($color != "") { DBExec($c, "update problemtable set problemcolor='{$color}' where contestnumber={$contestnumber} " . "and problemnumber={$number}", "DBNewProblem(update color)"); } if ($inputfilename != "") { $deservesupdatetime = true; DBExec($c, "update problemtable set probleminputfilename='{$inputfilename}' where " . "contestnumber={$contestnumber} and problemnumber={$number} ", "DBNewProblem(update inputfilename)"); } if ($inputfilepath != "") { $deservesupdatetime = true; DBExec($c, "update problemtable set probleminputfile={$oid1},probleminputfilehash='{$inputhash}' where contestnumber={$contestnumber} and " . "problemnumber={$number} ", "DBNewProblem(update inputfile)"); } if ($fake == "t") { $deservesupdatetime = true; DBExec($c, "update problemtable set fake='{$fake}' where contestnumber={$contestnumber} and " . "problemnumber={$number}", "DBNewProblem(update fake)"); } if ($deservesupdatetime) { $ds = DIRECTORY_SEPARATOR; if ($ds == "") { $ds = "/"; } @unlink($_SESSION["locr"] . $ds . "private" . $ds . "problemtmp" . $ds . "contest" . $contestnumber . "-problem" . $number . '.name'); DBExec($c, "update problemtable set updatetime=" . $updatetime . " where contestnumber={$contestnumber} and problemnumber={$number}", "DBNewProblem(time)"); } if ($cw) { DBExec($c, "commit work", "DBNewProblem(commit)"); } LOGLevel("Problem {$number} (inputfile={$inputfilename}) {$s} (user="******"usertable"]["usernumber"] . ",site=" . $_SESSION["usertable"]["usersitenumber"] . ",contest={$contestnumber})", 2); $ret = 2; } else { if ($cw) { DBExec($c, "commit work", "DBNewProblem(commit)"); } } return $ret; }
function DBNewBkp($contest, $site, $user, $filename, $filepath, $size) { $c = DBConnect(); DBExec($c, "begin work", "DBNewBkp(transaction)"); DBExec($c, "lock table bkptable"); $sql = "select count(*) as n from " . "bkptable where sitenumber={$site} and contestnumber={$contest} and usernumber={$user} and bkpstatus='active'"; $r = DBExec($c, $sql, "DBNewBkp(get bkp of user)"); if (DBnlines($r) != 1) { DBExec($c, "rollback work", "DBNewBkp(rollback-toomanyerror)"); LOGError("Error in bkp table. SQL=(" . $sql . ")"); MSGError("Error in bkp table."); exit; } $a = DBRow($r, 0); if ($a['n'] > 100) { DBExec($c, "rollback work", "DBNewBkp(rollback-toomany)"); LOGError("Too many bkps from user={$user}, site={$site}, contest={$contest}.", 2); MSGError("Too many bkp files. Try remove some of them before uploading another."); return false; } $sql = "select max(bkpnumber) as nextbkp from " . "bkptable where sitenumber={$site} and contestnumber={$contest}"; $r = DBExec($c, $sql, "DBNewBkp(get bkp for update)"); if (DBnlines($r) != 1) { DBExec($c, "rollback work", "DBNewBkp(rollback-max)"); LOGError("Error in bkp table. SQL=(" . $sql . ")"); MSGError("Error in bkp table."); exit; } $a = DBRow($r, 0); $t = time(); $n = $a["nextbkp"] + 1; if (($oid = DB_lo_import($c, $filepath)) === false) { DBExec($c, "rollback work", "DBNewBkp(rollback-import)"); LOGError("Unable to create a large object for file {$filepath}."); MSGError("problem importing bkp to database. Contact an admin now!"); exit; } DBExec($c, "INSERT INTO bkptable (contestnumber, sitenumber, bkpnumber, usernumber, bkpdate, bkpfilename, bkpdata, bkpstatus, bkpsize) " . "VALUES ({$contest}, {$site}, {$n}, {$user}, {$t}, '{$filename}', {$oid}, 'active', {$size})", "DBNewBkp(insert bkp)"); DBExec($c, "commit work", "DBNewBkp(commit)"); LOGLevel("User {$user} submitted a bkp (#{$n}) on site #{$site} " . "(filename={$filename}, contest={$contest}).", 2); /* // isso gera problemas de portabilidade e de seguranca (quando outros usuarios tambem tem shell // no servidor e podem construir paginas web. Eles podem usar essas paginas para acessar esses arquivos, // pois os mesmos ficaram com dono apache/www-data/etc) umask(0077); @mkdir("/tmp/boca"); if (!move_uploaded_file ($filepath, "/tmp/boca/contest${contest}.site${site}.run${n}.user${user}.problem${problem}.time${t}.${filename}")) LOGLevel("Run not saved as file (run=$n,site=$site,contest=$contest", 1); */ }
@unlink($dir . '.zip'); @unlink($tfile); header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-transfer-encoding: binary\n"); header("Content-type: application/force-download"); header("Content-Disposition: attachment; filename=" . basename($dir . '.zip')); ob_end_flush(); echo $str; exit; } else { @unlink($tfile); ob_end_flush(); MSGError('Could not write to temporary directory'); } } ForceLoad('problem.php'); } if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") { if ($_POST["confirmation"] == "confirm") { if ($_FILES["probleminput"]["name"] != "") { $type = myhtmlspecialchars($_FILES["probleminput"]["type"]); $size = myhtmlspecialchars($_FILES["probleminput"]["size"]); $name = myhtmlspecialchars($_FILES["probleminput"]["name"]); $temp = myhtmlspecialchars($_FILES["probleminput"]["tmp_name"]); if (!is_uploaded_file($temp)) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); }
function DBNewAnswer($contest, $param, $c = null) { if (isset($param["action"]) && $param["action"] == "delete") { return DBDeleteAnswer($contestnumber, $param, $c); } $ac = array('number', 'name', 'yes'); $type['number'] = 1; foreach ($ac as $key) { if (!isset($param[$key])) { MSGError("DBNewAnswer param error: {$key} is not set"); return false; } ${$key} = sanitizeText($param[$key]); if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewAnswer param error: {$key} is not numeric"); return false; } } $t = time(); $updatetime = $t; if (isset($param['updatetime']) && is_numeric($param["updatetime"])) { $updatetime = $param["updatetime"]; } if ($yes != "t") { $y = "f"; } else { $y = "t"; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewAnswer(transaction)"); } $r = DBExec($c, "select * from answertable as a where a.contestnumber={$contest} and a.answernumber={$number} for update", "DBNewAnswer(get answer)"); $n = DBnlines($r); $ret = 1; if ($n == 0) { $ret = 2; DBExec($c, "insert into answertable (contestnumber, answernumber, runanswer, yes, updatetime) values " . "({$contest}, {$number}, '{$name}', '{$y}', {$t})", "DBNewAnswer(insert answer)"); if ($cw) { DBExec($c, "commit work", "DBNewAnswer(commit)"); } LOGLevel("Answer {$number} inserted (contest={$contest},user="******"usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")", 2); } else { $lr = DBRow($r, 0); if ($updatetime > $lr['updatetime']) { $ret = 2; DBExec($c, "update answertable set runanswer='{$name}', yes='{$y}', updatetime=" . $updatetime . " where " . "contestnumber={$contest} and answernumber={$number} and fake='f'", "DBNewAnswer(update answer)"); if ($cw) { DBExec($c, "commit work", "DBNewAnswer(commit)"); } LOGLevel("Answer {$number} updated (contest={$contest},user="******"usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")", 2); } else { if ($cw) { DBExec($c, "commit work", "DBNewAnswer(commit)"); } } } return $ret; }
} cleardir($webcastdir); @mkdir($webcastdir); if (is_writable($webcastdir)) { file_put_contents($webcastdir . $ds . 'runs', $runfile); file_put_contents($webcastdir . $ds . 'contest', $contestfile); file_put_contents($webcastdir . $ds . 'version', $versionfile); file_put_contents($webcastdir . $ds . 'time', $timefile); if (@create_zip($webcastparentdir, array('webcast'), $webcastdir . ".tmp") != 1) { LOGError("Cannot create score webcast.tmp file"); MSGError("Cannot create score webcast.tmp file"); } else { $cf = globalconf(); file_put_contents($webcastdir . ".tmp", encryptData(file_get_contents($webcastdir . ".tmp"), $cf["key"], false)); @rename($webcastdir . ".tmp", $webcastdir . '.zip'); } echo "<br><br><br><center>"; echo "<a href=\"{$locr}/filedownload.php?" . filedownload(-1, $webcastdir . '.zip') . "\">CLICK TO DOWNLOAD</a>"; echo "</center>"; } else { LOGError('Error creating the folder for the ZIP file: ' . $webcastdir); MSGError('Error creating the folder for the ZIP file: ' . $webcastdir); ForceLoad("../index.php"); } echo "<br><br><br>\n"; echo "<br><br><br>\n"; echo "<br><br><br>\n"; echo "<br><br><br>\n"; echo "<br><br><br>\n"; echo "<br><br><br>\n"; include "{$locr}/footnote.php";
function IntrusionNotify($where) { $msg = "Security Violation: {$where}"; if (isset($_SESSION["usertable"]["username"])) { $msg .= " (" . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . ")"; } unset($_SESSION["usertable"]); LOGLevel($msg, 1); MSGError("Violation ({$where}). Admin warned."); }
$param['duration'] = $_POST["duration"] * 60; $param['lastmileanswer'] = $_POST["lastmileanswer"] * 60; $param['lastmilescore'] = $_POST["lastmilescore"] * 60; $param['penalty'] = $_POST["penalty"] * 60; $param['maxfilesize'] = $_POST["maxfilesize"] * 1000; $param['active'] = $ac; $param['mainsite'] = $_POST["mainsite"]; $param['localsite'] = $_POST["localsite"]; $param['mainsiteurl'] = $_POST["mainsiteurl"]; DBUpdateContest($param); if ($ac == 1 && $_POST["contest"] != $_SESSION["usertable"]["contestnumber"]) { $cf = globalconf(); if ($cf["basepass"] == "") { MSGError("You must log in the new contest. The standard admin password is empty (if not changed yet)."); } else { MSGError("You must log in the new contest. The standard admin password is " . $cf["basepass"] . " (if not changed yet)."); } ForceLoad("../index.php"); } } ForceLoad("contest.php?contest=" . $_POST["contest"]); } ?> <br> <form name="form1" enctype="multipart/form-data" method="post" action="contest.php"> <input type=hidden name="confirmation" value="noconfirm" /> <script language="javascript"> function conf() { if (confirm("Confirm?")) { document.form1.confirmation.value='confirm';
function DBNewLanguage($contestnumber, $param, $c = null) { if (isset($param["action"]) && $param["action"] == "delete") { return DBDeleteLanguage($contestnumber, $param, $c); } $ac = array('number', 'name'); $ac1 = array('updatetime', 'extension'); $type['number'] = 1; $type['updatetime'] = 1; $extension = ''; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewLanguage param error: {$key} not found"); return false; } if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewLanguage param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $updatetime = -1; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewLanguage param error: {$key} is not numeric"); return false; } } } $t = time(); if ($updatetime <= 0) { $updatetime = $t; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewLanguage(transaction)"); } $sql2 = "select * from langtable where contestnumber={$contestnumber} and langnumber={$number}"; $r = DBExec($c, $sql2 . " for update", "DBNewLanguage(get lang)"); $n = DBnlines($r); $ret = 1; if ($n == 0) { DBExec($c, "insert into langtable (contestnumber,langnumber, langname,langextension) values " . "({$contestnumber}, {$number}, '{$name}','{$extension}')", "DBNewLanguage(insert lang)"); $s = "created"; } else { $lr = DBRow($r, 0); $t = $lr['updatetime']; if ($updatetime > $t) { if ($name != "") { DBExec($c, "update langtable set langname='{$name}', updatetime={$updatetime} where contestnumber={$contestnumber} " . "and langnumber={$number}", "DBNewLanguage(update lang)"); } if ($extension != "") { DBExec($c, "update langtable set langextension='{$extension}', updatetime={$updatetime} where contestnumber={$contestnumber} " . "and langnumber={$number}", "DBNewLanguage(update lang)"); } } $s = "updated"; } if ($cw) { DBExec($c, "commit work", "DBNewLanguage(commit)"); } if ($s == "created" || $updatetime > $t) { LOGLevel("Language {$number} updated (user="******"usertable"]["usernumber"] . ",site=" . $_SESSION["usertable"]["usersitenumber"] . ",contest={$contestnumber})", 2); $ret = 2; } return $ret; }
// This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// // Last modified 05/aug/2012 by cassio@ime.usp.br require 'header.php'; if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { ForceLoad("{$loc}/index.php"); } if (isset($_GET["delete"]) && is_numeric($_GET["delete"])) { $param["number"] = $_GET["delete"]; if (!DBDeleteAnswer($_SESSION["usertable"]["contestnumber"], $param)) { MSGError('Error deleting answer'); LogError('Error deleting answer'); } ForceLoad("answer.php"); } if (isset($_POST["Submit3"]) && isset($_POST["answernumber"]) && is_numeric($_POST["answernumber"]) && isset($_POST["answername"]) && $_POST["answername"] != "" && isset($_POST["answeryes"])) { if ($_POST["confirmation"] == "confirm") { $param["number"] = $_POST["answernumber"]; $param["name"] = $_POST["answername"]; $param["yes"] = $_POST["answeryes"]; DBNewAnswer($_SESSION["usertable"]["contestnumber"], $param); } ForceLoad("answer.php"); } ?> <br>
} } $strtmp .= " <td nowrap>" . $score[$e]["totalcount"] . " (" . $score[$e]["totaltime"] . ")</td>\n"; $strtmp .= " </tr>\n"; $n++; } } $strtmp .= "</table>"; if ($n == 0) { $strtmp .= "<br><center><b><font color=\"#ff0000\">SCOREBOARD IS EMPTY</font></b></center>"; } else { if (!$des) { if ($level > 0) { $strtmp .= "<br><font color=\"#ff0000\">P.S. Problem names are hidden.</font>"; } else { $strtmp .= "<br><font color=\"#ff0000\">P.S. Problem data are hidden.</font>"; } } } $conf = globalconf(); $strtmp = "<!-- " . time() . " --> <?php exit; ?>\n" . encryptData($strtmp, $conf["key"], false); if (file_put_contents($scoretmp, $strtmp, LOCK_EX) === FALSE) { if ($_SESSION["usertable"]["usertype"] == 'admin') { MSGError("Cannot write to the score cache file -- performance might be compromised"); } LOGError("Cannot write to the " . $_SESSION["usertable"]["usertype"] . "-score cache file -- performance might be compromised"); } $conf = globalconf(); $strtmp = decryptData(substr($strtmp, strpos($strtmp, "\n")), $conf["key"]); } echo $strtmp;
if ($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) { if ($param['usernumber'] != 1000 && DBNewUser($param)) { $oklines++; } else { unset($userlist[$param['site'] . '-' . $param['usernumber']]); break; } } } } MSGError($oklines . ' users included/updated successfully'); } else { for ($i = 0; $i < count($ar) && strpos($ar[$i], "[user]") === false; $i++) { } if ($i >= count($ar)) { MSGError('File format not recognized'); } for ($i++; $i < count($ar) && $ar[$i][0] != "["; $i++) { $x = trim($ar[$i]); if (strpos($x, "user") !== false && strpos($x, "user") == 0) { $param = array(); $param['changepass'] = '******'; while (strpos($x, "user") !== false && strpos($x, "user") == 0) { $tmp = explode("=", $x, 2); switch (trim($tmp[0])) { case "usersitenumber": $param['site'] = trim($tmp[1]); break; case "username": $param['username'] = trim($tmp[1]); break;
if ($size > $ct["contestmaxfilesize"]) { LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . "{$name} with {$size} bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); MSGError("File size exceeds the limit allowed."); ForceLoad($runteam); } if (!is_uploaded_file($temp) || strlen($name) > 100) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } } if (strpos($name, ' ') === true || strpos($temp, ' ') === true || strpos($name, '/') === true || strpos($temp, '/') === true || strpos($name, '`') === true || strpos($temp, '`') === true || strpos($name, '\'') === true || strpos($temp, '\'') === true || strpos($name, "\"") === true || strpos($temp, "\"") === true || strpos($name, '$') === true || strpos($temp, '$') === true) { if (isset($_POST['name']) && $_POST['name'] != '') { echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)"; exit; } MSGError("File name cannot contain spaces."); ForceLoad($runteam); } $ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath'); $ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime'); $param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp); if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') { $pastcode = myhtmlspecialchars($_POST["pastcode"]); if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) { $pasthash = myhtmlspecialchars($_POST["pasthash"]); $pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]); $pastval = myhtmlspecialchars($_POST["pastval"]); $pastabs = myhtmlspecialchars($_POST["pastabs"]); if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) { $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval); if ($pastsubmission != $pastvalhash) {
function DBNewTask($param, $c = null) { if (isset($param['contestnumber']) && !isset($param['contest'])) { $param['contest'] = $param['contestnumber']; } if (isset($param['sitenumber']) && !isset($param['site'])) { $param['site'] = $param['sitenumber']; } if (isset($param['usernumber']) && !isset($param['user'])) { $param['user'] = $param['usernumber']; } if (isset($param['number']) && !isset($param['tasknumber'])) { $param['tasknumber'] = $param['number']; } $ac = array('contest', 'site', 'user', 'desc'); $ac1 = array('color', 'colorname', 'updatetime', 'filename', 'filepath', 'sys', 'tasknumber', 'status', 'taskdate', 'taskdatediff', 'taskdatediffans', 'taskstaffnumber', 'taskstaffsite'); $type['contest'] = 1; $type['updatetime'] = 1; $type['site'] = 1; $type['user'] = 1; $type['tasknumber'] = 1; $type['taskdate'] = 1; $type['taskdatediff'] = 1; $type['taskdatediffans'] = 1; $type['taskstaffnumber'] = 1; $type['taskstaffsite'] = 1; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewTask param error: {$key} not found"); return false; } if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewTask param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $taskstaffnumber = -1; $taskstaffsite = -1; $t = time(); $taskdate = $t; $sys = 'f'; $filename = ''; $filepath = ''; $color = ''; $colorname = ''; $tasknumber = -1; $taskdatediffans = 999999999; $updatetime = -1; $status = 'opentask'; $taskdatediff = -1; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewTask param error: {$key} is not numeric"); return false; } } } if ($updatetime <= 0) { $updatetime = $t; } if ($sys != 't') { $sys = 'f'; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewTask(transaction)"); } $insert = true; if ($tasknumber < 0) { $sql = "select sitenexttask as nexttask, sitemaxtask as maxtask from " . "sitetable where sitenumber={$site} and contestnumber={$contest} for update"; $r = DBExec($c, $sql, "DBNewTask(get site for update)"); if (DBnlines($r) != 1) { DBExec($c, "rollback work", "DBNewTask(rollback-site)"); LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")"); MSGError("Unable to find a unique site/contest in the database."); exit; } $a = DBRow($r, 0); $b = DBSiteInfo($contest, $site, $c); $dif = $b["currenttime"]; if ($taskdatediff < 0) { $taskdatediff = $dif; } if ($sys != 't' && DBCountOpenTasks($contest, $site, $user) > $a["maxtask"]) { DBExec($c, "rollback work", "DBNewTask(rollback-maxtask)"); LOGError("Too many open tasks for user={$user}, site={$site}, contest={$contest}"); MSGError("Too many open tasks! Task not included."); exit; } if ($sys != 't' && $dif < 0) { DBExec($c, "rollback work", "DBNewTask(rollback-started)"); LOGError("Tried to submit a task but the contest is not started. SQL=(" . $sql . ")"); MSGError("The contest is not started yet!"); exit; } if ($sys != 't' && !$b["siterunning"]) { DBExec($c, "rollback work", "DBNewTask(rollback-over)"); LOGError("Tried to submit a task but the contest is over. SQL=(" . $sql . ")"); MSGError("The contest is over!"); exit; } $tasknumber = $a["nexttask"] + 1; } else { $sql = "select * from tasktable as t where t.contestnumber={$contest} and " . "t.sitenumber={$site} and t.tasknumber={$tasknumber}"; $r = DBExec($c, $sql . " for update", "DBNewTask(get task for update)"); $n = DBnlines($r); if ($n > 0) { $insert = false; $lr = DBRow($r, 0); $t = $lr['updatetime']; } } DBExec($c, "update sitetable set sitenexttask={$tasknumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenexttask<{$tasknumber}", "DBNewTask(update site)"); $ret = 1; if ($insert) { if ($filename != "" && $filepath != "") { if (substr($filepath, 0, 7) != "base64:") { if (($oid = DB_lo_import($c, $filepath)) === false) { DBExec($c, "rollback work", "DBNewTask(rollback-import)"); LOGError("DBNewTask: Unable to create a large object for file {$filepath}."); MSGError("problem importing file to database. Contact an admin now!"); exit; } } else { $filepath = base64_decode(substr($filepath, 7)); if (($oid = DB_lo_import_text($c, $filepath)) == null) { DBExec($c, "rollback work", "DBNewTask(rollback-import)"); LOGError("DBNewTask: Unable to create a large object for file."); MSGError("problem importing file to database. Contact an admin now!"); exit; } } } else { $oid = "NULL"; } DBExec($c, "INSERT INTO tasktable (contestnumber, sitenumber, tasknumber, usernumber, taskdate, " . "taskdatediff, taskdatediffans, taskfilename, taskdata, taskstatus, taskdesc, tasksystem, " . "color, colorname, updatetime) " . "VALUES ({$contest}, {$site}, {$tasknumber}, {$user}, {$taskdate}, {$taskdatediff}, {$taskdatediffans}, '{$filename}', {$oid}, '{$status}', " . "'{$desc}', '{$sys}', '{$color}', '{$colorname}', {$updatetime})", "DBNewTask(insert task)"); if ($sys == "t") { $u = "System"; } else { $u = "User {$user}"; } if ($cw) { DBExec($c, "commit work", "DBNewTask(commit-insert)"); LOGLevel("{$u} submitted a task (#{$tasknumber}) on site #{$site} " . "(filename={$filename}, contest={$contest}).", 2); } $ret = 2; } else { if ($updatetime > $t) { $ret = 2; $sql = "update tasktable set usernumber={$user}, taskdesc='{$desc}', " . "color='{$color}',colorname='{$colorname}',taskstatus='{$status}',"; if ($taskstaffnumber > 0) { $sql .= "taskstaffnumber={$taskstaffnumber}, "; } if ($taskstaffsite > 0) { $sql .= "taskstaffsite={$taskstaffsite}, "; } $sql .= "taskdatediffans={$taskdatediffans}, updatetime={$updatetime} where " . "contestnumber={$contest} and sitenumber={$site} and tasknumber={$tasknumber}"; DBExec($c, $sql, "DBNewTask(update task)"); } if ($cw) { DBExec($c, "commit work", "DBNewTask(commit-update)"); } } return $ret; }
echo "<script>window.close();</script></html>"; exit; } ob_end_flush(); // echo "</pre>\n"; DB_lo_close($lo); if ($msg != '') { // echo " <a href=\"#\" onClick=\"window.print()\"><h1>".$_GET["msg"]."</h1></a>"; echo "\n\n\n" . $msg . "\n"; echo $msg . "\n"; echo $msg . "\n"; } DBExec($c, "commit work"); DBClose($c); } else { header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); if (($str = file_get_contents($fname)) === false) { header("Content-type: text/html"); echo "<html><head><title>View Page</title>"; MSGError("Unable to open file (" . basename($fname) . ")"); LOGError("Unable to open file (" . basename($fname) . ")"); echo "<script>window.close();</script></html>"; exit; } header("Content-type: text/plain"); echo decryptData($str, $cf["key"]); ob_end_flush(); }
function DBCreateDatabase() { $conf = globalconf(); if ($conf["dblocal"] == "true") { $conn = pg_connect("connect_timeout=10 dbname=template1 user="******"dbsuperuser"] . " password="******"dbsuperpass"]); } else { $conn = pg_connect("connect_timeout=10 host=" . $conf["dbhost"] . " port=" . $conf["dbport"] . " dbname=template1 user="******"dbsuperuser"] . " password="******"dbsuperpass"]); } if (!$conn) { MSGError("Unable to connect to xtemplate1 as " . $conf["dbsuperuser"]); exit; } if (isset($conf["dbencoding"])) { $r = DBExec($conn, "create database {$conf["dbname"]} with encoding = '{$conf["dbencoding"]}'", "DBCreateDatabase(create)"); } else { $r = DBExec($conn, "create database {$conf["dbname"]} with encoding = 'UTF8'", "DBCreateDatabase(create)"); } }
if (!$usertable) { ForceLoad("index.php"); } else { if (($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { ForceLoad("index.php"); } if ($ct["contestlocalsite"] == $ct["contestmainsite"]) { $main = true; } else { $main = false; } if (isset($_GET['action']) && $_GET['action'] == 'scoretransfer') { echo "SCORETRANSFER OK"; } else { if ($main && $_SESSION["usertable"]["usertype"] == 'site') { MSGError('Direct login of this user is not allowed'); unset($_SESSION["usertable"]); ForceLoad("index.php"); exit; } echo "<script language=\"JavaScript\">\n"; echo "document.location='" . $_SESSION["usertable"]["usertype"] . "/index.php';\n"; echo "</script>\n"; } exit; } } } else { echo "<script language=\"JavaScript\">\n"; echo "alert('Unable to load config files. Possible file permission problem in the BOCA directory.');\n"; echo "</script>\n";
function DBNewClar($param, $c = null) { if (isset($param['contestnumber']) && !isset($param['contest'])) { $param['contest'] = $param['contestnumber']; } if (isset($param['sitenumber']) && !isset($param['site'])) { $param['site'] = $param['sitenumber']; } if (isset($param['usernumber']) && !isset($param['user'])) { $param['user'] = $param['usernumber']; } if (isset($param['number']) && !isset($param['clarnumber'])) { $param['clarnumber'] = $param['number']; } $ac = array('contest', 'site', 'user', 'problem', 'question'); $ac1 = array('clarnumber', 'clardate', 'clardatediff', 'clardatediffans', 'claranswer', 'clarstatus', 'clarjudge', 'clarjudgesite', 'updatetime'); $type['contest'] = 1; $type['problem'] = 1; $type['updatetime'] = 1; $type['site'] = 1; $type['user'] = 1; $type['clarnumber'] = 1; $type['clardatediffans'] = 1; $type['clardatediff'] = 1; $type['clardate'] = 1; $type['clarjudge'] = 1; $type['clarjudgesite'] = 1; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewClar param error: {$key} not found"); return false; } if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewClar param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $t = time(); $clarnumber = -1; $updatetime = -1; $clardatediff = -1; $clardate = $t; $claranswer = ''; $clardatediffans = 999999999; $clarjudge = 'NULL'; $clarjudgesite = 'NULL'; $clarstatus = 'openclar'; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewClar param error: {$key} is not numeric"); return false; } } } if ($updatetime < 0) { $updatetime = $t; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewClar(transaction)"); } $insert = true; if ($clarnumber < 0) { $sql = "select sitenextclar as nextclar from sitetable where sitenumber={$site} and contestnumber={$contest} for update"; $r = DBExec($c, $sql, "DBNewClar(get site for update)"); if (DBnlines($r) != 1) { DBExec($c, "rollback work", "DBNewClar(rollback-site)"); LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")"); MSGError("Unable to find a unique site/contest in the database. Contact an admin now!"); exit; } $a = DBRow($r, 0); $n = $a["nextclar"] + 1; $clarnumber = $n; } else { $sql = "select * from clartable as t where t.contestnumber={$contest} and " . "t.clarsitenumber={$site} and t.clarnumber={$clarnumber}"; $r = DBExec($c, $sql . " for update", "DBNewClar(get clar for update)"); $n = DBnlines($r); if ($n > 0) { $insert = false; $lr = DBRow($r, 0); $t = $lr['updatetime']; } $n = $clarnumber; } DBExec($c, "update sitetable set sitenextclar={$clarnumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenextclar<{$clarnumber}", "DBNewClar(update site)"); if ($clardatediff < 0) { $b = DBSiteInfo($contest, $site, $c); $dif = $b["currenttime"]; $clardatediff = $dif; if ($dif < 0) { DBExec($c, "rollback work", "DBNewClar(rollback-started)"); LOGError("Tried to submit a clarification but the contest is not started. SQL=(" . $sql . ")"); MSGError("The contest is not started yet!"); return false; } if (!$b["siterunning"]) { DBExec($c, "rollback work", "DBNewClar(rollback-over)"); LOGError("Tried to submit a clarification but the contest is over. SQL=(" . $sql . ")"); MSGError("The contest is over!"); return false; } } else { $dif = $clardatediff; } $ret = 1; if ($insert) { DBExec($c, "INSERT INTO clartable (contestnumber, clarsitenumber, clarnumber, usernumber, clardate, " . "clardatediff, clardatediffans, clarproblem, clardata, claranswer, clarjudge, clarjudgesite, clarstatus, updatetime) VALUES " . "({$contest}, {$site}, {$n}, {$user}, {$clardate}, {$clardatediff}, {$clardatediffans}, {$problem}, '{$question}', " . "'{$claranswer}', {$clarjudge}, {$clarjudgesite}, '{$clarstatus}', {$updatetime})", "DBNewClar(insert clar)"); if ($cw) { DBExec($c, "commit work", "DBNewClar(commit-insert)"); } LOGLevel("User {$user} submitted a clarification (#{$n}) on site #{$site} " . "(problem={$problem}, contest={$contest}).", 2); $ret = 2; } else { if ($updatetime > $t) { $ret = 2; DBExec($c, "update clartable set clardate={$clardate}, clardatediff={$clardatediff}, " . "clardatediffans={$clardatediffans}, claranswer='{$claranswer}', clarstatus='{$clarstatus}', " . "clarjudge={$clarjudge}, clarjudgesite={$clarjudgesite}, updatetime={$updatetime}, clardata='{$question}', clarproblem={$problem} " . "where clarnumber={$clarnumber} and contestnumber={$contest} and clarsitenumber={$site}", "DBNewClar(update clar)"); } if ($cw) { DBExec($c, "commit work", "DBNewClar(commit-update)"); } } return $ret; /* // isso gera problemas de portabilidade e de seguranca se os demais usuarios tiverem shell no servidor // por outro lado, garante que as coisas estao guardadas em arquivos fora do banco, caso haja outros problemas. umask(0077); @mkdir("/tmp/boca"); $fp = fopen("/tmp/boca/contest${contest}.site${site}.clar${n}.user${user}.problem${problem}.time${t}", "w"); if ($fp) { fwrite($fp, $question); fclose($fp); } else LOGLevel("Clarification not saved as file (clar=$n,site=$site,contest=$contest)", 1); */ }
function DBNewRun($param, $c = null) { if (isset($param['contestnumber']) && !isset($param['contest'])) { $param['contest'] = $param['contestnumber']; } if (isset($param['sitenumber']) && !isset($param['site'])) { $param['site'] = $param['sitenumber']; } if (isset($param['usernumber']) && !isset($param['user'])) { $param['user'] = $param['usernumber']; } if (isset($param['number']) && !isset($param['runnumber'])) { $param['runnumber'] = $param['number']; } if (isset($param['runlangnumber']) && !isset($param['lang'])) { $param['lang'] = $param['runlangnumber']; } if (isset($param['runproblem']) && !isset($param['problem'])) { $param['problem'] = $param['runproblem']; } $ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath'); $ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime'); $type['contest'] = 1; $type['autobegindate'] = 1; $type['autoenddate'] = 1; $type['problem'] = 1; $type['updatetime'] = 1; $type['site'] = 1; $type['user'] = 1; $type['runnumber'] = 1; $type['rundatediffans'] = 1; $type['rundatediff'] = 1; $type['rundate'] = 1; $type['runanswer'] = 1; $type['runjudge'] = 1; $type['runjudgesite'] = 1; $type['runjudge1'] = 1; $type['runjudgesite1'] = 1; $type['runanswer1'] = 1; $type['runjudge2'] = 1; $type['runjudgesite2'] = 1; $type['runanswer2'] = 1; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewRun param error: {$key} not found"); return false; } if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewRun param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $t = time(); $autoip = ''; $autobegindate = 'NULL'; $autoenddate = 'NULL'; $autoanswer = ''; $autostdout = ''; $autostderr = ''; $runjudge = 'NULL'; $runjudgesite = 'NULL'; $runjudge1 = 'NULL'; $runjudgesite1 = 'NULL'; $runanswer1 = 0; $runjudge2 = 'NULL'; $runjudgesite2 = 'NULL'; $runanswer2 = 0; $runnumber = -1; $updatetime = -1; $rundatediff = -1; $rundate = $t; $runanswer = 0; $rundatediffans = 999999999; $runstatus = 'openrun'; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($type[$key]) && !is_numeric($param[$key])) { MSGError("DBNewRun param error: {$key} is not numeric"); return false; } } } if ($updatetime < 0) { $updatetime = $t; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewRun(transaction)"); } $insert = true; $oid1 = ''; $oid2 = ''; $oldold1 = ''; $oldold2 = ''; $sql = "select sitenextrun as nextrun from " . "sitetable where sitenumber={$site} and contestnumber={$contest} for update"; $r = DBExec($c, $sql, "DBNewRun(get site for update)"); if (DBnlines($r) != 1) { DBExec($c, "rollback work", "DBNewRun(rollback-site)"); LOGError("Unable to find a unique site/contest in the database. SQL=(" . $sql . ")"); MSGError("Unable to find a unique site/contest in the database."); return false; } $a = DBRow($r, 0); $n = $a["nextrun"] + 1; if ($runnumber > 0) { $sql = "select * from runtable as t where t.contestnumber={$contest} and " . "t.runsitenumber={$site} and t.runnumber={$runnumber}"; $r = DBExec($c, $sql . " for update", "DBNewRun(get run for update)"); $n = DBnlines($r); if ($n > 0) { $insert = false; $lr = DBRow($r, 0); $t = $lr['updatetime']; if (isset($lr['autostdout'])) { $oid1 = $lr['autostdout']; } if (isset($lr['autostderr'])) { $oid2 = $lr['autostderr']; } } $n = $runnumber; } else { $runnumber = $n; } if ($rundatediff < 0) { $b = DBSiteInfo($contest, $site, $c); $dif = $b["currenttime"]; $rundatediff = $dif; if ($dif < 0) { if (!isset($param['allowneg'])) { DBExec($c, "rollback work", "DBNewRun(rollback-started)"); LOGError("Tried to submit a run but the contest is not started. SQL=(" . $sql . ")"); MSGError("The contest is not started yet!"); return 0; } } if (!$b["siterunning"]) { DBExec($c, "rollback work", "DBNewRun(rollback-over)"); LOGError("Tried to submit a run but the contest is over. SQL=(" . $sql . ")"); MSGError("The contest is over!"); return 0; } } else { $dif = $rundatediff; } if ($updatetime > $t || $insert) { DBExec($c, "update sitetable set sitenextrun={$runnumber}, updatetime=" . $t . " where sitenumber={$site} and contestnumber={$contest} and sitenextrun<{$runnumber}", "DBNewRun(update site)"); // LOGError($autostdout); if (substr($autostdout, 0, 7) == "base64:") { $autostdout = base64_decode(substr($autostdout, 7)); $oldoid1 = $oid1; if (($oid1 = DB_lo_import_text($c, $autostdout)) == null) { DBExec($c, "rollback work", "DBNewRun(rollback-import stdout)"); LOGError("Unable to create a large object for file stdout (run={$runnumber},site={$site},contest={$contest})."); MSGError("problem importing stdout to database. Contact an admin now!"); return false; } } else { if ($autostdout != '') { DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)"); LOGError("Unable to create a large object for file stdout that is not BASE64 (run={$runnumber},site={$site},contest={$contest})."); MSGError("problem importing stdout (not BASE64) to database. Contact an admin now!"); return false; } $oid1 = 'NULL'; } if (substr($autostderr, 0, 7) == "base64:") { // LOGError($autostderr); $autostderr = base64_decode(substr($autostderr, 7)); $oldoid2 = $oid2; if (($oid2 = DB_lo_import_text($c, $autostderr)) == null) { DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)"); LOGError("Unable to create a large object for file stderr (run={$runnumber},site={$site},contest={$contest})."); MSGError("problem importing stderr to database. Contact an admin now!"); return false; } } else { if ($autostderr != '') { DBExec($c, "rollback work", "DBNewRun(rollback-import stderr)"); LOGError("Unable to create a large object for file stderr that is not BASE64 (run={$runnumber},site={$site},contest={$contest})."); MSGError("problem importing stderr (not BASE64) to database. Contact an admin now!"); return false; } $oid2 = 'NULL'; } } $ret = 1; if ($insert) { if (substr($filepath, 0, 7) != "base64:") { if (($oid = DB_lo_import($c, $filepath)) === false) { DBExec($c, "rollback work", "DBNewRun(rollback-import)"); LOGError("DBNewRun: Unable to create a large object for file {$filepath}."); MSGError("problem importing file {$filepath} to database. Contact an admin now!"); return false; } } else { $filepath = base64_decode(substr($filepath, 7)); if (($oid = DB_lo_import_text($c, $filepath)) == null) { DBExec($c, "rollback work", "DBNewRun(rollback-import)"); LOGError("DBNewRun: Unable to create a large object for file."); MSGError("problem importing file to database. Contact an admin now!"); return false; } } DBExec($c, "INSERT INTO runtable (contestnumber, runsitenumber, runnumber, usernumber, rundate, " . "rundatediff, rundatediffans, runproblem, runfilename, rundata, runanswer, runstatus, runlangnumber, " . "runjudge, runjudgesite, runanswer1, runjudge1, runjudgesite1, runanswer2, runjudge2, runjudgesite2, " . "autoip, autobegindate, autoenddate, autoanswer, autostdout, autostderr, updatetime) " . "VALUES ({$contest}, {$site}, {$n}, {$user}, {$rundate}, {$rundatediff}, {$rundatediffans}, {$problem}, '{$filename}', {$oid}, {$runanswer}, " . "'{$runstatus}', {$lang}, {$runjudge}, {$runjudgesite}, {$runanswer1}, {$runjudge1}, {$runjudgesite1}, {$runanswer2}, {$runjudge2}, " . "{$runjudgesite2}, '{$autoip}', {$autobegindate}, {$autoenddate}, '{$autoanswer}', {$oid1}, {$oid2}, {$updatetime})", "DBNewRun(insert run)"); if ($cw) { DBExec($c, "commit work", "DBNewRun(commit)"); LOGLevel("User {$user} submitted a run (#{$n}) on site #{$site} " . "(problem={$problem},filename={$filename},lang={$lang},contest={$contest},date={$t},datedif={$dif},oid={$oid}).", 2); } $ret = 2; } else { if ($updatetime > $t) { $ret = 2; DBExec($c, "update runtable set rundate={$rundate}, rundatediff={$rundatediff}, " . "rundatediffans={$rundatediffans}, runanswer={$runanswer}, runanswer1={$runanswer1}, runanswer2={$runanswer2}, runstatus='{$runstatus}', " . "runjudge1={$runjudge1}, runjudgesite1={$runjudgesite1}, runjudge2={$runjudge2}, runjudgesite2={$runjudgesite2}, " . "runjudge={$runjudge}, runjudgesite={$runjudgesite}, updatetime={$updatetime}, " . "autoip='{$autoip}', autobegindate={$autobegindate}, autoenddate={$autoenddate}, autoanswer='{$autoanswer}', " . "autostdout={$oid1}, autostderr={$oid2} " . "where runnumber={$runnumber} and contestnumber={$contest} and runsitenumber={$site}", "DBNewRun(update run)"); if (is_numeric($oldoid1)) { DB_lo_unlink($c, $oldoid1); } if (is_numeric($oldoid2)) { DB_lo_unlink($c, $oldoid2); } } if ($cw) { DBExec($c, "commit work", "DBNewRun(commit-update)"); } } return $ret; /* // isso gera problemas de portabilidade e de seguranca (quando outros usuarios tambem tem shell // no servidor e podem construir paginas web. Eles podem usar essas paginas para acessar esses arquivos, // pois os mesmos ficaram com dono apache/www-data/etc) umask(0077); @mkdir("/tmp/boca"); if (!move_uploaded_file ($filepath, "/tmp/boca/contest${contest}.site${site}.run${n}.user${user}.problem${problem}.time${t}.${filename}")) LOGLevel("Run not saved as file (run=$n,site=$site,contest=$contest", 1); */ }
function DBLogInContest($name, $pass, $contest, $msg = true) { $b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)"); if ($b == null) { LOGLevel("There is no contest {$contest}.", 0); if ($msg) { MSGError("There is no contest {$contest}, contact an admin."); } return false; } $d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false); if ($d == null) { if ($msg) { MSGError("There is no active site, contact an admin."); } return false; } $a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)"); if ($a == null) { if ($msg) { LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2); MSGError("User does not exist or incorrect password."); } return false; } $a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false); $_SESSION['usertable'] = $a; $p = myhash($a["userpassword"] . session_id()); $_SESSION['usertable']['userpassword'] = $p; if ($a["userpassword"] != "" && $p != $pass) { LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2); if ($msg) { MSGError("Incorrect password."); } unset($_SESSION["usertable"]); return false; } if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2); if ($msg) { MSGError("Logins are not allowed."); } unset($_SESSION["usertable"]); return false; } if ($a["userenabled"] != "t") { LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2); if ($msg) { MSGError("User disabled."); } unset($_SESSION["usertable"]); return false; } $gip = getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1); if ($msg && $a["usertype"] != "admin") { MSGError("You are using two distinct IPs. Admin notified."); } } if ($a["userpermitip"] != "") { $ips = explode(';', $a["userpermitip"]); $gips = explode(';', $gip); if (count($gips) < count($ips)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } for ($ipss = 0; $ipss < count($ips); $ipss++) { $gipi = $gips[$ipss]; $ipi = $ips[$ipss]; if (!match_network($ipi, $gipi)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } } } $c = DBConnect(); $t = time(); if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") { $r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)"); } else { DBExec($c, "begin work"); $sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")"; DBExec($c, $sql); DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)"); if ($name == 'admin') { list($clockstr, $clocktime) = siteclock(); if ($clocktime < -600) { DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)"); } } DBExec($c, "commit work"); } LOGLevel("User {$name} authenticated (" . $gip . ")", 2); return $a; }
if (($st = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"])) != null) { $clar = DBUserClars($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); for ($i = 0; $i < count($clar); $i++) { if ($clar[$i]["anstime"] > $_SESSION["usertable"]["userlastlogin"] - $st["sitestartdate"] && $clar[$i]["anstime"] < $st['siteduration'] && trim($clar[$i]["answer"]) != '' && !isset($_SESSION["popups"]['clar' . $i . '-' . $clar[$i]["anstime"]])) { $_SESSION["popups"]['clar' . $i . '-' . $clar[$i]["anstime"]] = "(Clar for problem " . $clar[$i]["problem"] . " answered)\n"; } } $run = DBUserRuns($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); for ($i = 0; $i < count($run); $i++) { if ($run[$i]["anstime"] > $_SESSION["usertable"]["userlastlogin"] - $st["sitestartdate"] && $run[$i]["anstime"] < $st['sitelastmileanswer'] && $run[$i]["ansfake"] != "t" && !isset($_SESSION["popups"]['run' . $i . '-' . $run[$i]["anstime"]])) { $_SESSION["popups"]['run' . $i . '-' . $run[$i]["anstime"]] = "(Run " . $run[$i]["number"] . " result: " . $run[$i]["answer"] . ')\\n'; } } } $str = ''; if (isset($_SESSION["popups"])) { foreach ($_SESSION["popups"] as $key => $value) { if ($value != '') { $str .= $value; $_SESSION["popups"][$key] = ''; } } if ($str != '') { MSGError('YOU GOT NEWS:\\n' . $str . '\\n'); } } } ?> </div>
function DBScoreSite($contest, $site, $verifylastmile, $hor = -1, $data = null) { if (($blocal = DBSiteInfo($contest, $_SESSION["usertable"]["usersitenumber"])) == null) { exit; } if (($b = DBSiteInfo($contest, $site, null, false)) == null) { $b = $blocal; } if (($ct = DBContestInfo($contest)) == null) { exit; } $t = time(); $ta = $blocal["currenttime"]; if ($hor >= 0) { $ta = $hor; } if ($verifylastmile) { $tf = $b["sitelastmilescore"]; } else { $tf = $b["siteduration"]; } if ($data != null && is_numeric($data)) { if ($data < $ta) { $ta = $data; } $data = null; } $data0 = array(); if ($data == null) { $c = DBConnect(); $resp = array(); $r = DBExec($c, "select * from usertable where contestnumber={$contest} and usersitenumber={$site} and " . "usertype='team' and userlastlogin is not null and userenabled='t'", "DBScoreSite(get users)"); $n = DBnlines($r); for ($i = 0; $i < $n; $i++) { $a = DBRow($r, $i); $resp[$a["usernumber"]]["user"] = $a["usernumber"]; $resp[$a["usernumber"]]["site"] = $a["usersitenumber"]; $resp[$a["usernumber"]]["username"] = $a["username"]; $resp[$a["usernumber"]]["usertype"] = $a["usertype"]; $resp[$a["usernumber"]]["userfullname"] = $a["userfullname"]; $resp[$a["usernumber"]]["totaltime"] = 0; $resp[$a["usernumber"]]["totalcount"] = 0; $resp[$a["usernumber"]]["problem"] = array(); } $r = DBExec($c, "select r.usernumber as user, p.problemname as problemname, r.runproblem as problem, " . "p.problemcolor as color, p.problemcolorname as colorname, " . "r.rundatediff as time, r.rundatediffans as anstime, a.yes as yes, r.runanswer as answer from " . "runtable as r, answertable as a, problemtable as p where r.runanswer=a.answernumber and " . "a.contestnumber={$contest} and p.problemnumber=r.runproblem and p.contestnumber={$contest} and " . "r.contestnumber={$contest} and r.runsitenumber={$site} and (r.runstatus ~ 'judged' or r.runstatus ~ 'judged+') and " . "r.rundatediff>=0 and r.rundatediff<={$tf} and r.rundatediffans<={$ta} " . "order by r.usernumber, r.runproblem, r.rundatediff", "DBScoreSite(get runs)"); $n = DBnlines($r); $a = array(); for ($i = 0; $i < $n; $i++) { $a[$i] = DBRow($r, $i); } $data0['n'] = $n; $data0['resp'] = $resp; $data0['a'] = $a; $data0['site'] = $site; } else { $resp = $data['resp']; $n = $data['n']; $a = $data['a']; } $i = 0; while ($i < $n) { if ($a[$i]["anstime"] > $ta) { $i++; continue; } $user = $a[$i]["user"]; $problem = $a[$i]["problem"]; $time = 0; $k = 0; if (!isset($resp[$user])) { $i++; continue; } $resp[$user]["user"] = $user; $resp[$user]["site"] = $site; $resp[$user]["problem"][$problem]["name"] = $a[$i]["problemname"]; $resp[$user]["problem"][$problem]["color"] = $a[$i]["color"]; $resp[$user]["problem"][$problem]["colorname"] = $a[$i]["colorname"]; $resp[$user]["problem"][$problem]["solved"] = false; $resp[$user]["problem"][$problem]["judging"] = false; $resp[$user]["problem"][$problem]["time"] = 0; $resp[$user]["problem"][$problem]["penalty"] = 0; $resp[$user]["problem"][$problem]["count"] = 0; while ($i < $n && $a[$i]["anstime"] <= $ta && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem && $a[$i]["yes"] != 't') { $time += (int) ($ct["contestpenalty"] / 60); $k++; $i++; } $resp[$user]["problem"][$problem]["count"] = $k; if ($i >= $n) { break; } if ($a[$i]["anstime"] <= $ta && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem && $a[$i]["yes"] == 't') { $timet = (int) ($a[$i]["time"] / 60); if (!isset($resp[$user]["first"]) || $timet < $resp[$user]["first"]) { $resp[$user]["first"] = $timet; } $time += $timet; $resp[$user]["problem"][$problem]["time"] = $timet; $resp[$user]["problem"][$problem]["penalty"] = $time; $resp[$user]["problem"][$problem]["solved"] = true; $resp[$user]["problem"][$problem]["count"]++; $resp[$user]["totaltime"] += $time; $resp[$user]["totalcount"]++; } while ($i < $n && $a[$i]["user"] == $user && $a[$i]["problem"] == $problem) { $i++; } } if ($data == null) { $aa = DBRecentNews($contest, $site, $verifylastmile, $ta); $data0['aa'] = $aa; } else { $aa = $data['aa']; } for ($i = 0; $i < count($aa); $i++) { if ($aa[$i]["fut"] == 't') { $resp[$aa[$i]["usernumber"]]["problem"][$aa[$i]["problemnumber"]]["judging"] = true; } } if (($result = ordena($resp)) === false) { LOGError("Error while sorting scores (contest={$contest}, site={$site})."); MSGError("Error while sorting scores. Contact an admin now!"); } return array($result, $data0); }