function json_scoreboard()
{
// generate a json scoreboard
// this function is so hacky..
// could probably do with a rewrite
$user_types = db_select_all('user_types', array('id', 'title AS category'));
if (empty($user_types)) {
$user_types = array(array('id' => 0, 'category' => 'all'));
}
for ($i = 0; $i < count($user_types); $i++) {
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
u.competing,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.competing = 1 AND u.user_type = :user_type
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC', array('user_type' => $user_types[$i]['id']));
unset($user_types[$i]['id']);
for ($j = 0; $j < count($scores); $j++) {
$user_types[$i]['teams'][htmlspecialchars($scores[$j]['team_name'])] = array('position' => $j + 1, 'score' => isset($scores[$j]['score']) ? $scores[$j]['score'] : 0, 'country' => $scores[$j]['country_code']);
}
}
echo json_encode($user_types);
}
public function read()
{
$sql = "record_id = '" . $this->id . "'";
// AND user_id = '".$this->uid()."'";
if (!empty($this->smpte)) {
$sql .= " AND cuepoint = '" . $this->smpte . "'";
}
$sql .= " ORDER BY record_id ASC";
$notes = db_select_all(TBL_PREFIX . TBL_HYPERNOTES, "*", $sql);
foreach ($notes as $note) {
$this->data[] = array("uid" => $note['user_id'], "pos" => $note['cuepoint'], "txt" => $note['hypernote']);
}
}
function allowed_email($email)
{
$allowedEmail = true;
$rules = db_select_all('restrict_email', array('rule', 'white'), array('enabled' => 1), 'priority ASC');
foreach ($rules as $rule) {
if (preg_match('/' . $rule['rule'] . '/', $email)) {
if ($rule['white']) {
$allowedEmail = true;
} else {
$allowedEmail = false;
}
}
}
return $allowedEmail;
}
protected function query()
{
$records = db_select_all(TBL_PREFIX . TBL_RECORDS, "id,cache_id,sess_date,DATE_FORMAT(sess_date,'%W %D %M %Y (%H:%i:%s)') as udate,sess_time", "client_id = '" . $this->cid . "' ORDER BY id ASC");
$this->num = count($records);
$count = 0;
$prevRecord = null;
foreach ($records as $record) {
// split browsing sessions by access date
if ($prevRecord && strtotime($record['sess_date']) - strtotime($prevRecord['sess_date']) > 1200) {
$count++;
}
// this $cache query is really needed only on the 'analyze' module
$cache = db_select(TBL_PREFIX . TBL_CACHE, "url", "id = '" . $record['cache_id'] . "'");
// to track the REAL clickpath we need both the id AND the trail group of each record
$this->data[] = array("id" => $record['id'], "date" => $record['udate'], "time" => $record['sess_time'], "url" => $cache['url'], "trail" => $count);
// update
$prevRecord = $record;
}
}
" class="vspace">JavaScript API <small class="del">deprecated!</small></h2>
<?php
check_notified_request(TBL_JSOPT);
?>
<p>
If you wish to use the JavaScript (JS) visualization API, you can customize it here.
These options are stored on your MySQL database. <em>Leave fields blank for default values</em>.
</p>
<p>This API will be not supported in a future, and maybe it will be removed definitely in next smt2 releases.</p>
<br />
<form action="savesettings.php" method="post">
<?php
$jsoption = db_select_all(TBL_PREFIX . TBL_JSOPT, "*", "1");
echo display_options($jsoption);
?>
<fieldset>
<input type="hidden" name="submit" value="<?php
echo TBL_JSOPT;
?>
" />
<input type="submit" class="button round" value="Set JS replay options" />
</fieldset>
</form>
-->
<?php
include INC_DIR . 'footer.php';
function country_select()
{
$countries = db_select_all('countries', array('id', 'country_name'), null, 'country_name ASC');
echo '<select name="country" class="form-control" required="required">
<option disabled selected>-- Please select a country --</option>';
foreach ($countries as $country) {
echo '<option value="', htmlspecialchars($country['id']), '">', htmlspecialchars($country['country_name']), '</option>';
}
echo '</select>';
}
<?php
// server settings are required - relative path to smt2 root dir
require '../../../config.php';
// protect extension from being browsed by anyone
require SYS_DIR . 'logincheck.php';
// now you have access to all CMS API
include INC_DIR . 'header.php';
// retrieve extensions
$MODULES = ext_available();
// get all roles
$ROLES = db_select_all(TBL_PREFIX . TBL_ROLES, "*", "1");
// query DB once
$ROOT = is_root();
// helper function
function table_row($role, $new = false)
{
global $MODULES, $ROOT;
$self = $role['id'] == $_SESSION['role_id'];
// wrap table row in a form, so each user can be edited separately
$row = '<form action="saveroles.php" method="post">';
$row .= '<tr>';
$row .= ' <td>';
$row .= !$new ? '<strong>' . $role['name'] . '</strong>' : '<input type="text" class="text center" id="newrole" name="name" value="type role name" size="15" maxlength="100" />';
$row .= ' </td>';
$allowed = explode(",", $role['ext_allowed']);
// check available extensions
foreach ($MODULES as $module) {
// disable admin roles (they have wide access)
$disabled = $self || $role['id'] == 1 && !$new ? ' disabled="disabled"' : null;
// look for registered users' roles
form_button_submit('Upload file');
echo 'Max file size: ', bytes_to_pretty_size(max_file_upload_size());
form_end();
section_subhead('Hints');
echo '
<table id="hints" class="table table-striped table-hover">
<thead>
<tr>
<th>Added</th>
<th>Hint</th>
<th>Manage</th>
</tr>
</thead>
<tbody>
';
$hints = db_select_all('hints', array('id', 'added', 'body'), array('challenge' => $_GET['id']));
foreach ($hints as $hint) {
echo '
<tr>
<td>', date_time($hint['added']), '</td>
<td>', htmlspecialchars($hint['body']), '</td>
<td><a href="edit_hint.php?id=', htmlspecialchars(short_description($hint['id'], 100)), '" class="btn btn-xs btn-primary">Edit</a></td>
</tr>
';
}
echo '
</tbody>
</table>
<a href="new_hint.php?id=', htmlspecialchars($_GET['id']), '" class="btn btn-sm btn-warning">Add a new hint</a>
';
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Dynamic pages');
menu_management();
section_head('Dynamic pages', button_link('New page', 'new_dynamic_page'), false);
$pages = db_select_all('dynamic_pages', array('id', 'title', 'visibility', 'min_user_class'), null, 'title ASC');
echo '
<table id="dynamic_pages" class="table table-striped table-hover">
<thead>
<tr>
<th>Title</th>
<th>visibility</th>
<th>Min user class</th>
<th>Manage</th>
</tr>
</thead>
<tbody>
';
foreach ($pages as $item) {
echo '
<tr>
<td>', htmlspecialchars($item['title']), '</td>
<td>', visibility_enum_to_name($item['visibility']), '</td>
<td>', user_class_name($item['min_user_class']), '</td>
<td><a href="' . CONFIG_SITE_ADMIN_URL . 'edit_dynamic_page?id=', $item['id'], '" class="btn btn-xs btn-primary">Edit</a></td>
</tr>
';
}
echo '
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('Site management');
menu_management();
if (array_get($_GET, 'bcc') == 'all') {
$users = db_select_all('users', array('email'));
$bcc = '';
foreach ($users as $user) {
$bcc .= $user['email'] . ",\n";
}
$bcc = trim($bcc);
}
section_subhead('New email');
message_inline_blue('Separate receiver emails with a comma and optional whitespace. You can use BBCode. If you do, you must send as HTML email.');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/new_email');
if (isset($bcc)) {
form_input_text('To', CONFIG_EMAIL_FROM_EMAIL);
form_input_text('CC');
form_textarea('BCC', $bcc);
} else {
form_input_text('To', isset($_GET['to']) ? $_GET['to'] : '');
form_input_text('CC');
form_input_text('BCC');
}
form_input_text('Subject');
form_textarea('Body');
form_input_checkbox('HTML email');
form_hidden('action', 'new');
message_inline_yellow('Important email? Remember to Ctrl+C before attempting to send!');
<?php
require '../../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_id($_POST['id']);
validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
if ($_POST['action'] == 'edit') {
db_update('categories', array('title' => $_POST['title'], 'description' => $_POST['description'], 'exposed' => $_POST['exposed'], 'available_from' => strtotime($_POST['available_from']), 'available_until' => strtotime($_POST['available_until'])), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'edit_category.php?id=' . $_POST['id'] . '&generic_success=1');
} else {
if ($_POST['action'] == 'delete') {
if (!$_POST['delete_confirmation']) {
message_error('Please confirm delete');
}
db_delete('categories', array('id' => $_POST['id']));
$challenges = db_select_all('challenges', array('id'), array('category' => $_POST['id']));
foreach ($challenges as $challenge) {
delete_challenge_cascading($challenge['id']);
}
redirect(CONFIG_SITE_ADMIN_RELPATH . '?generic_success=1');
}
}
}
error_reporting(E_ALL);
debug('Start timestamp is ' . $startTime, 40, __FILE__, __LINE__);
debug('Configuration:' . print_r($iniConfig, TRUE), 40, __FILE__, __LINE__);
$maxRunTime = 55;
$cleanUntil = date('Y-m-d', mktime(0, 0, 0, substr($today, 5, 2), substr($today, 8, 2) - getConfigValue($link, 'keepHistoryDays'), substr($today, 0, 4)));
debug('Cleaning up until ' . $cleanUntil, 40, __FILE__, __LINE__);
// array containing tables to be cleaned
$cleanTable = array('sites', 'traffic', 'trafficSummaries', 'users');
reset($cleanTable);
while (list($key, $tableName) = each($cleanTable)) {
debug('Cleaning-up ' . $tableName . '...', 40, __FILE__, __LINE__);
$query = 'DELETE FROM ' . $tableName . " WHERE date<'" . $cleanUntil . "'";
db_delete($link, $query);
}
$query = 'SHOW TABLES';
$tables = db_select_all($link, $query);
reset($tables);
while (list($key, $tableName) = each($tables)) {
$timestampNow = time();
debug('Now timestamp is: ' . $timestampNow . '. Script start was at: ' . $startTime, 40, __FILE__, __LINE__);
debug('Checking if run time exceeded ' . $maxRunTime . ' seconds...', 40, __FILE__, __LINE__);
if ($timestampNow - $startTime > $maxRunTime) {
debug('YES', 40);
debug('Exceeded run time', 30, __FILE__, __LINE__);
my_exit($link, 0);
}
debug('NO', 40);
$query = "OPTIMIZE TABLE {$tableName['0']}";
debug('Optimizing ' . $tableName[0] . '...', 30, __FILE__, __LINE__);
db_query($link, $query);
debug('Optimization finished.', 30, __FILE__, __LINE__);
$where = "id='" . $_GET['id'] . "'";
} else {
if (isset($_GET['pid'])) {
$where = "id='" . $_GET['pid'] . "'";
} else {
if (isset($_GET['cid'])) {
$where = "id='" . $_GET['cid'] . "'";
} else {
$where = "1";
}
}
}
}
}
// default: download all logs
$records = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", $where . " ORDER BY sess_date, client_id");
if (!$records) {
die("No logs found matching your criteria!");
}
$format = isset($_POST['format']) ? $_POST['format'] : "csv";
switch ($format) {
case 'txt':
case 'xml':
die("Sorry, TXT and XML formats are not yet implemented.");
break;
case 'csv':
default:
$delimiter = ";";
break;
case 'tsv':
$delimiter = "\t";
<div id="global">
<h1><strong>smt2</strong> uninstaller</h1>
<?php
if ($isInstalled) {
// is root logged?
if (!is_root()) {
die_msg($_loginMsg["NOT_ALLOWED"]);
}
if (isset($_REQUEST['submit']) && isset($_REQUEST['really_sure']) && isset($_REQUEST['safety_input'])) {
$msgs = array();
die('deleted');
if (isset($_REQUEST['droptables'])) {
// delete cache logs first
$logs = db_select_all(TBL_PREFIX . TBL_CACHE, "file", 1);
foreach ($logs as $log) {
if (is_file(CACHE_DIR . $log)) {
unlink(CACHE_DIR . $log);
}
}
// then delete (smt) tables
foreach ($_lookupTables as $table) {
db_query("DROP TABLE " . TBL_PREFIX . $table);
}
// notify
$msgs[] = 'Tables were dropped.';
$msgs[] = 'Cache logs were deleted.';
}
?>
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
head('Scoreboard');
if (cache_start('scores', CONFIG_CACHE_TIME_SCORES)) {
$now = time();
echo '
<div class="row">
<div class="col-lg-6">';
$user_types = db_select_all('user_types', array('id', 'title'));
// no user types
if (empty($user_types)) {
section_head('Scoreboard', '<a href="' . CONFIG_SITE_URL . 'json?view=scoreboard">
<img src="' . CONFIG_SITE_URL . 'img/json.png" title="View json" alt="json" class="discreet-inline small-icon" />
</a>', false);
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
u.competing,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.competing = 1
echo '<th>action</th>';
}
?>
</tr>
</thead>
<?php
// build query
$sql = "id ='" . array_shift($diff) . "'";
if (count($diff) > 0) {
foreach ($diff as $value) {
$sql .= " OR id='" . $value . "'";
}
}
// select orphan logs
$cache = db_select_all(TBL_PREFIX . TBL_CACHE, "*", $sql);
$rows = "";
foreach ($cache as $log) {
$rows .= '<tr>' . PHP_EOL;
$rows .= '<td class="pl pr"><a href="' . $log['url'] . '" rel="external" title="' . $log['title'] . '">' . trim_text($log['title']) . '</a></td>' . PHP_EOL;
$rows .= '<td class="pl pr">' . $log['saved'] . '</td>' . PHP_EOL;
if ($ROOT) {
$rows .= '<td class="pl pr"><a class="del" href="delete.php?pid=' . $log['id'] . '">delete</a></td>' . PHP_EOL;
}
$rows .= '</tr>' . PHP_EOL;
}
?>
<tbody>
<?php
echo $rows;
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
} else {
echo '<p><a href="actions/hints.php?action=purchase&id=' . $hint['id'] . '" class="btn btn-xs btn-info">Purchase hint</a><strong> [This hint is available for purchase at ' . $hint['value'] . ' points.]</strong></p>';
}
}
}
cache_end('hints_challenge_' . $challenge['id']);
}
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
// write out files
if (cache_start('files_' . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
$files = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['id']));
$filesDuplicate = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['cloneOf']));
if (count($files) || count($filesDuplicate)) {
print_attachments($files);
print_attachments($filesDuplicate);
}
cache_end('files_' . $challenge['id']);
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" />
<input type="hidden" name="action" value="submit_flag" />';
form_xsrf_token();
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
display_captcha();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_USER, true);
$time = time();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
validate_captcha();
}
if ($_POST['action'] == 'submit_flag') {
validate_id($_POST['challenge']);
if (empty($_POST['flag'])) {
message_error('Did you really mean to submit an empty flag?');
}
$submissions = db_select_all('submissions', array('correct', 'added'), array('user_id' => $_SESSION['id'], 'challenge' => $_POST['challenge']));
// make sure user isn't "accidentally" submitting a correct flag twice
$latest_submission_attempt = 0;
$num_attempts = 0;
foreach ($submissions as $submission) {
$latest_submission_attempt = max($submission['added'], $latest_submission_attempt);
if ($submission['correct']) {
message_error('You may only submit a correct flag once.');
}
$num_attempts++;
}
// get challenge information
$challenge = db_select_one('challenges', array('flag', 'category', 'case_insensitive', 'automark', 'available_from', 'available_until', 'num_attempts_allowed', 'min_seconds_between_submissions'), array('id' => $_POST['challenge']));
$seconds_since_submission = $time - $latest_submission_attempt;
if ($seconds_since_submission < $challenge['min_seconds_between_submissions']) {
message_generic('Sorry', 'You may not submit another solution for this challenge for another ' . seconds_to_pretty_time($challenge['min_seconds_between_submissions'] - $seconds_since_submission));
function user_ip_log($user_id)
{
validate_id($user_id);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>IP</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_select_all('ip_log', array('INET_NTOA(ip) AS ip', 'added', 'last_used', 'times_used'), array('user_id' => $_GET['id']));
foreach ($entries as $entry) {
echo '
<tr>
<td><a href="list_ip_log.php?ip=', htmlspecialchars($entry['ip']), '">', htmlspecialchars($entry['ip']), '</a></td>
<td>', CONFIG_GET_IP_HOST_BY_ADDRESS ? gethostbyaddr($entry['ip']) : '<i>Lookup disabled in config</i>', '</td>
<td>', date_time($entry['added']), '</td>
<td>', date_time($entry['last_used']), '</td>
<td>', number_format($entry['times_used']), '</td>
</tr>
';
}
echo '
</tbody>
</table>
';
}
<div class="challenge-description">
', $bbc->parse($challenge['description']), '
</div> <!-- / challenge-description -->';
}
// write out hints
if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
}
cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']);
}
// write out files
$files = cache_array_get(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES);
if (!is_array($files)) {
$files = db_select_all('files', array('id', 'title', 'size', 'md5', 'download_key'), array('challenge' => $challenge['id']));
cache_array_save($files, CONST_CACHE_NAME_FILES . $challenge['id']);
}
if (count($files)) {
print_attachments($files);
}
// only show the hints and flag submission form if we're not already correct and if the challenge hasn't expired
if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) {
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<p>Choose a domain to analyze</p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<?php
$s = '<select id="domain" name="domain_id" class="mr">';
$s .= '<option value="">---</option>';
// FIXME: couple domain IDs to user roles
// This would allow to limit which domains can be inspected, e.g. "id < 3 ORDER BY id DESC"
$rows = db_select_all(TBL_PREFIX . TBL_DOMAINS, "id, domain", "1 ORDER BY id DESC");
// GROUP BY domain?
foreach ($rows as $row) {
$select = isset($_SESSION['domain_id']) && $row['id'] == $_SESSION['domain_id'] ? 'selected="selected"' : null;
$s .= '<option ' . $select . ' value="' . $row['id'] . '">' . $row['domain'] . '</option>';
}
$s .= '</select>';
echo $s;
?>
<input type="submit" class="button round" value="Classify" />
</form>
// domain id
$sql .= '`domain` VARCHAR(255) NOT NULL, ';
// domain name
$sql .= 'PRIMARY KEY (`id`) ';
$sql .= ') DEFAULT CHARSET utf8';
db_query($sql);
$UPGRADED = true;
}
// check if domains should be updated
$res = db_query("SHOW COLUMNS FROM " . TBL_PREFIX . TBL_RECORDS . " LIKE 'domain_id'");
if (!mysql_num_rows($res)) {
// create new column
$sql = "ALTER TABLE `" . TBL_PREFIX . TBL_RECORDS . "` ADD `domain_id` SMALLINT unsigned NOT NULL AFTER `cache_id`";
db_query($sql);
// and update old DB records with the new values
$pages = db_select_all(TBL_PREFIX . TBL_CACHE, "id,url", "1");
foreach ($pages as $page) {
$domain = url_get_domain($page['url']);
$d = db_select(TBL_PREFIX . TBL_DOMAINS, "id", "domain='" . $domain . "'");
if (!$d) {
$did = db_insert(TBL_PREFIX . TBL_DOMAINS, "domain", "'" . $domain . "'");
} else {
$did = $d['id'];
}
db_update(TBL_PREFIX . TBL_RECORDS, "domain_id='" . $did . "'", "cache_id='" . $page['id'] . "'");
}
$UPGRADED = true;
}
// define helper function
function update_cms($table, $fields, $values, $condition)
{
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit dynamic menu item');
$menu_item = db_select_one('dynamic_menu', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_text('Title', $menu_item['title']);
form_input_text('Permalink', $menu_item['permalink']);
dynamic_visibility_select($menu_item['visibility']);
$pages = db_select_all('dynamic_pages', array('id', 'title'));
array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---'));
form_select($pages, 'Internal page', 'id', $menu_item['internal_page'], 'title');
user_class_select($menu_item['min_user_class']);
form_input_text('URL', $menu_item['url']);
form_input_text('Priority', $menu_item['priority']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete menu item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete menu item', 'danger');
form_end();
foot();
exit;
}
prefer_ssl();
head('Register');
if (CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
echo '
<h2>Register your team</h2>
<p>
', lang_get('account_signup_information', array('password_information' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('email_password_on_signup') : '')), '
</p>
<form method="post" id="registerForm" class="form-signin" action="actions/register">
<input name="team_name" type="text" class="form-control" placeholder="Team name" minlength="', CONFIG_MIN_TEAM_NAME_LENGTH, '" maxlength="', CONFIG_MAX_TEAM_NAME_LENGTH, '" required />
<input name="', md5(CONFIG_SITE_NAME . 'USR'), '" type="email" class="form-control" placeholder="Email address" required />
', !CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? '<input name="' . md5(CONFIG_SITE_NAME . 'PWD') . '" type="password" class="form-control" placeholder="Password" required />' : '';
if (cache_start(CONST_CACHE_NAME_REGISTER, CONFIG_CACHE_TIME_REGISTER)) {
$user_types = db_select_all('user_types', array('id', 'title', 'description'));
if (!empty($user_types)) {
echo '<select name="type" class="form-control">
<option disabled selected>-- Please select team type --</option>';
foreach ($user_types as $user_type) {
echo '<option value="', htmlspecialchars($user_type['id']), '">', htmlspecialchars($user_type['title'] . ' - ' . $user_type['description']), '</option>';
}
echo '</select>';
}
country_select();
cache_end(CONST_CACHE_NAME_REGISTER);
}
if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
display_captcha();
}
echo '
function select_fps()
{
$s = '<label for="fps">FPS</label> ';
$s .= '<select id="fps" name="fps" class="mr">';
$s .= '<option value="">---</option>';
$rows = db_select_all(TBL_PREFIX . TBL_RECORDS, "DISTINCT fps", "1");
foreach ($rows as $row) {
$select = isset($_SESSION['fps']) && $row['fps'] == $_SESSION['fps'] ? 'selected="selected"' : null;
$s .= '<option ' . $select . ' value="' . $row['fps'] . '">' . $row['fps'] . '</option>';
}
$s .= '</select>';
return $s;
}
function delete_challenge_cascading($id)
{
if (!is_valid_id($id)) {
message_error('Invalid ID.');
}
try {
db_begin_transaction();
db_delete('challenges', array('id' => $id));
db_delete('submissions', array('challenge' => $id));
db_delete('hints', array('challenge' => $id));
$files = db_select_all('files', array('id'), array('challenge' => $id));
foreach ($files as $file) {
delete_file($file['id']);
}
db_end_transaction();
} catch (PDOException $e) {
db_rollback_transaction();
log_exception($e);
}
}
<?php
$rows = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", "domain_id='" . $_POST['domain_id'] . "' ORDER BY id DESC");
if (count($rows) > 0) {
$users = array();
$pages = array();
$dict_user = array();
$dict_page = array();
foreach ($rows as $row) {
// extract mouse features
$mf = new MouseFeat(array('x' => $row['coords_x'], 'y' => $row['coords_y'], 'c' => $row['clicks'], 'f' => $row['fps'], 'w' => $row['vp_width'], 'h' => $row['vp_height']));
// and use (some of) those features to cluster user behaviors (more features lead to slower computation!)
$users[] = array($mf->time, $mf->numClicks, $mf->activity, $mf->distance['x'], $mf->scrollReach['y']);
// those behaviors may belong to different pages
$cache = db_select(TBL_PREFIX . TBL_CACHE, "url", "id = '" . $row['cache_id'] . "'");
$url = $cache['url'];
// check whether URLs should be merged (just remove query string)
if (db_option(TBL_PREFIX . TBL_CMS, "mergeCacheUrl")) {
$urlparts = explode("?", $url);
$url = $urlparts[0];
}
if (isset($pages[$url])) {
$pages[$url] += 1;
} else {
$pages[$url] = 1;
}
$dict_user[] = $row['id'];
$dict_page[] = $url;
}
$n = count($pages);
$k = ceil(sqrt($n / 2));
$coordsY = $log['coords_y'];
$hovered = $log['hovered'];
$clicked = $log['clicked'];
$replaytime = count(explode(",", $clicks)) / $fps;
// $log['sess_time'] is approximate
$hn = new Hypernote($_GET['id'], $_SESSION['login']);
$hypernotes = $hn->getData(false);
// build JavaScript object
$JSON[] = '{' . '"id": ' . $_GET['id'] . ', ' . '"xcoords": [' . $coordsX . '], ' . '"ycoords": [' . $coordsY . '], ' . '"clicks": [' . $clicks . '], ' . '"timestamp": "' . $timestamp . '", ' . '"hypernotes": ' . json_encode($hypernotes) . ', ' . '"wprev": ' . $log['vp_width'] . ', ' . '"hprev": ' . $log['vp_height'] . ', ' . '"time": ' . $replaytime . '' . '}';
} else {
if (!empty($_GET['pid'])) {
// get page identifier
$pgid = (int) $_GET['pid'];
// merge logs?
$qadd = db_option(TBL_PREFIX . TBL_CMS, "mergeCacheUrl") ? get_cache_common_url($pgid) : null;
$logs = db_select_all(TBL_PREFIX . TBL_RECORDS, "*", "cache_id = '" . $pgid . "'" . $qadd);
// layout type is common to grouped logs
$cache = db_select(TBL_PREFIX . TBL_CACHE, "layout", "id = '" . $pgid . "'");
$layoutType = $cache['layout'];
$sampleSize = db_option(TBL_PREFIX . TBL_CMS, "maxSampleSize");
if ($sampleSize > 0) {
$keys = array_rand($logs, $sampleSize);
}
// group metrics
$hovered = "";
$clicked = "";
foreach ($logs as $i => $log) {
if (isset($keys) && !in_array($i, $keys)) {
continue;
}
$vpw = (int) $log['vp_width'];
menu_management();
check_server_configuration();
$categories = db_query_fetch_all('SELECT * FROM categories ORDER BY title');
if (empty($categories)) {
message_generic('Welcome', 'Your CTF is looking a bit empty! Start by adding a category using the menu above.');
}
section_subhead('CTF Overview', '<a href="' . CONFIG_SITE_ADMIN_URL . 'visualise">Visualise challenge availability</a>', false);
foreach ($categories as $category) {
echo '
<h4>
', htmlspecialchars($category['title']), '
<a href="edit_category.php?id=', htmlspecialchars($category['id']), '" class="btn btn-xs btn-primary">Edit category</a>
<a href="new_challenge.php?category=', htmlspecialchars($category['id']), '" class="btn btn-xs btn-primary">Add challenge</a>
</h4>
';
$challenges = db_select_all('challenges', array('id', 'title', 'description', 'exposed', 'available_from', 'available_until', 'points'), array('category' => $category['id']), 'points ASC');
if (empty($challenges)) {
message_inline_blue('This category is empty! Use the link above to add a challenge.');
} else {
echo '
<table class="table table-striped table-hover">
<thead>
<tr>
<th>Title</th>
<th>Description</th>
<th class="center">Points</th>
<th class="center">Visibility</th>
<th class="center">Manage</th>
</tr>
</thead>
<tbody>
if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) {
// write out hints
if (cache_start(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('body'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
}
cache_end(CONST_CACHE_NAME_CHALLENGE_HINTS . $challenge['id']);
}
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
// write out files
if (cache_start(CONST_CACHE_NAME_FILES . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
$files = db_select_all('files', array('id', 'title', 'size'), array('challenge' => $challenge['id']));
if (count($files)) {
print_attachments($files);
}
cache_end(CONST_CACHE_NAME_FILES . $challenge['id']);
}
echo '
<div class="challenge-submit">
<form method="post" class="form-flag" action="actions/challenges">
<textarea name="flag" type="text" class="flag-input form-control" placeholder="Please enter flag for challenge: ', htmlspecialchars($challenge['title']), '"></textarea>
<input type="hidden" name="challenge" value="', htmlspecialchars($challenge['id']), '" />
<input type="hidden" name="action" value="submit_flag" />';
form_xsrf_token();
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
display_captcha();
}
