function validate_two_factor_auth_code($code)
{
require_once CONFIG_PATH_THIRDPARTY . 'Google2FA/Google2FA.php';
$valid = false;
$secret = db_select_one('two_factor_auth', array('secret'), array('user_id' => $_SESSION['id']));
try {
$valid = Google2FA::verify_key($secret['secret'], $code);
} catch (Exception $e) {
message_error('Could not verify key.');
}
return $valid;
}
function db_count($tbl, $where = '')
{
return db_select_one($tbl, 'COUNT(1)', $where);
}
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$challenge = db_select_one('challenges', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit challenge: ' . $challenge['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge');
form_input_text('Title', $challenge['title']);
form_textarea('Description', $challenge['description']);
form_textarea('Flag', $challenge['flag']);
form_input_checkbox('Automark', $challenge['automark']);
form_input_checkbox('Case insensitive', $challenge['case_insensitive']);
form_input_text('Points', $challenge['points']);
form_input_text('Num attempts allowed', $challenge['num_attempts_allowed']);
form_input_text('Min seconds between submissions', $challenge['min_seconds_between_submissions']);
$opts = db_query_fetch_all('SELECT * FROM categories ORDER BY title');
form_select($opts, 'Category', 'id', $challenge['category'], 'title');
$opts = db_query_fetch_all('
SELECT
ch.id,
ch.title,
ca.title AS category
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
ORDER BY ca.title, ch.title');
array_unshift($opts, array('id' => 0, 'title' => '-- User must solve selected challenge before revealing this one --'));
form_select($opts, 'Relies on', 'id', $challenge['relies_on'], 'title', 'category');
form_input_checkbox('Exposed', $challenge['exposed']);
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$category = db_select_one('categories', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_text('Title', $category['title']);
form_textarea('Description', $category['description']);
form_input_checkbox('Exposed', $category['exposed']);
form_input_text('Available from', date_time($category['available_from']));
form_input_text('Available until', date_time($category['available_until']));
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete category: ' . $category['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_category');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! This will delete all challenges under this category, as well as all submissions, files, and hints related those challenges!');
form_button_submit('Delete category', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit user type');
$user_type = db_select_one('user_types', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_text('Title', $user_type['title']);
form_textarea('Description', $user_type['description']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete user type');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user_type');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
message_inline_red('Warning! Any users of this type will be without a type.
You must manually give them a type in the DB. If no types will exist after this action, you must set their type to 0.');
form_button_submit('Delete user type', 'danger');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$user = db_select_one('users', array('team_name', 'email', 'enabled', 'competing', 'country_id'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit user: '******'team_name']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_text('Email', $user['email']);
form_input_text('Team name', $user['team_name']);
$opts = db_query_fetch_all('SELECT * FROM countries ORDER BY country_name ASC');
form_select($opts, 'Country', 'id', $user['country_id'], 'country_name');
form_input_checkbox('Enabled', $user['enabled']);
form_input_checkbox('Competing', $user['competing']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Reset password');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Reset confirmation');
form_hidden('action', 'reset_password');
form_hidden('id', $_GET['id']);
form_button_submit('Reset password', 'warning');
form_end();
section_subhead('Delete user');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_user');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('IP log');
menu_management();
// show a users IP log
if (isset($_GET['id']) && valid_id($_GET['id'])) {
$user = db_select_one('users', array('team_name'), array('id' => $_GET['id']));
section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false);
user_ip_log($_GET['id']);
} else {
if (isset($_GET['ip']) && valid_ip($_GET['ip'])) {
section_head('Teams using IP ' . $_GET['ip']);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Team name</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_query_fetch_all('
SELECT
INET_NTOA(ipl.ip) AS ip,
ipl.added,
<?php
/**
* componet: job
* liet ke cac job cua user
*/
//kiem tra userlogin chua
session_start();
if (!isset($_SESSION["username"])) {
header('Location:' . BASE_URL . 'index.php');
exit;
}
//Liet ke tat cac cac cong viec cua user
//Ket noi co so du lieu
require_once LIB_PATH . '/database.php';
db_connect();
//dau tien lay id cua nguoi dung
$username = $_SESSION["username"];
$userIDQuery = "SELECT uid FROM user WHERE uaccount = '{$username}'";
$uid = db_select_one($userIDQuery);
//Liet ke cong viec
$job_query = "SELECT * FROM job WHERE juser = {$uid} and jprioty = 3";
$jobs = db_select($job_query);
//load template
$pageTitle = "qhxh.todo | manager your idea";
require PUBLIC_PATH . '/tjob.php';
<?php
require '../../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_id($_POST['id']);
validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
if ($_POST['action'] == 'delete') {
db_delete('submissions', array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_incorrect') {
db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_correct') {
$submission = db_select_one('submissions', array('user_id', 'challenge', 'correct'), array('id' => $_POST['id']));
$num_correct_submissions = db_count_num('submissions', array('user_id' => $submission['user_id'], 'challenge' => $submission['challenge'], 'correct' => 1));
if ($num_correct_submissions > 0) {
message_error('This user already has a correct submission for this challenge');
}
db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
}
}
}
}
/**
* isPeakTime()
*/
public static function isPeakTime($f_iResource, $f_szDate, $f_szTime)
{
$iUtcStartTime = common::mktime($f_szDate);
$iToday = (int) date('w', $iUtcStartTime);
if ($iSpecialSet = db_select_one('special_opening_hours_sets', 'id', 'resource_id = ' . (int) $f_iResource . " AND ('" . $f_szDate . "' BETWEEN start_date AND end_date) ORDER BY id DESC")) {
return 0 < db_count('resource_opening_hours t, peak_times_in_special_opening_hours_sets p', 't.id = p.resource_opening_hours_id AND p.special_opening_hours_set_id = ' . (int) $iSpecialSet . ' AND t.open_' . $iToday . " <= '" . $f_szTime . "' AND t.closed_" . $iToday . " > '" . $f_szTime . "' AND t.open_" . $iToday . ' != t.closed_' . $iToday);
}
return 0 < db_count('resource_opening_hours t, peak_hours_in_resources p', 't.id = p.resource_opening_hours_id AND p.resource_id = ' . (int) $f_iResource . ' AND t.open_' . $iToday . " <= '" . $f_szTime . "' AND t.closed_" . $iToday . " > '" . $f_szTime . "' AND t.open_" . $iToday . ' != t.closed_' . $iToday);
}
<?php
require '../../include/mellivora.inc.php';
prefer_ssl();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['action'] == 'register') {
if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
validate_captcha();
}
validate_email($_POST['email']);
$interest = db_select_one('interest', array('id'), array('email' => $_POST['email']));
if ($interest['id']) {
message_error('You have already registered your interest!');
}
$id = db_insert('interest', array('added' => time(), 'name' => $_POST['name'], 'email' => $_POST['email'], 'secret' => generate_random_string(40)));
if ($id) {
message_generic('Success', 'The email ' . htmlspecialchars($_POST['email']) . ' has been registered. We look forward to seeing you in our next competition!');
} else {
message_error('Could not register interest. You must not be interested enough!');
}
}
}
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
if (!isset($_GET['show'])) {
message_error(lang_get('please_request_page'));
}
$menu_data = db_select_one('dynamic_menu', array('internal_page'), array('permalink' => $_GET['show']));
if (!is_valid_id($menu_data['internal_page'])) {
message_error(lang_get('not_a_valid_link'));
}
$content = db_select_one('dynamic_pages', array('id', 'title', 'body', 'visibility', 'min_user_class'), array('id' => $menu_data['internal_page']));
if ($content['visibility'] == 'private') {
enforce_authentication($content['min_user_class']);
}
head($content['title']);
if (cache_start($content['id'], CONFIG_CACHE_TIME_DYNAMIC, CONST_CACHE_DYNAMIC_PAGES_GROUP)) {
section_head($content['title']);
require CONST_PATH_THIRDPARTY . 'nbbc/nbbc.php';
$bbc = new BBCode();
$bbc->SetEnableSmileys(false);
echo $bbc->parse($content['body']);
cache_end($content['id'], CONST_CACHE_DYNAMIC_PAGES_GROUP);
}
foot();
echo '<tr class="bt">';
echo '<td><a href=?id=' . $arrTopic['id'] . '>' . (trim($arrTopic['title']) ? htmlspecialchars($arrTopic['title']) : '---') . '</a></td>';
echo '<td align="center"><b>' . $arrTopic['rulername'] . '</b><!-- of <b>' . $arrTopic['planetname'] . '</b>--></td>';
echo '<td class="right">' . strtolower(date("d-M-Y \\a\\t H:i", $arrTopic['utc_time'])) . '</td>';
echo '<th class="right">' . $arrTopic['num_replies'] . '</th>';
if ((int) $g_arrUser['moc_planet_id'] === PLANET_ID) {
echo '<td align=right><a href="?delete_id=' . $arrTopic['id'] . '">del</a></td>';
}
echo '</tr>';
}
echo '</table>';
}
echo "<br>\n<br>\n\n";
$disabled_ornot = '';
if (isset($_GET['id']) && !empty($t) && (int) $GAMEPREFS['galaxy_forum_wait_for_turn']) {
if (PLANET_ID === (int) db_select_one('politics', 'creator_planet_id', 'galaxy_id = ' . (int) $g_arrUser['galaxy_id'] . ' AND (id = ' . (int) $_GET['id'] . ' OR parent_thread_id = ' . (int) $_GET['id'] . ') ORDER BY id DESC')) {
$disabled_ornot = ' disabled="1"';
}
}
?>
<form method="post" action="">
<table border="0" cellpadding="4" cellspacing="0" width="600" align="center">
<tr>
<th class="bb"><?php
echo !empty($t) ? 'REPLY' : 'NEW POST';
?>
</th>
</tr>
<?php
echo !empty($t) ? '<input type="hidden" name="parent_thread_id" value="' . (int) $_GET['id'] . '" />' : '<tr class="bt"><td class="c">Title:</td></tr><tr><td class="c"><input' . $disabled_ornot . ' type="text" name="title" style="width:450px;" /></td></tr>';
?>
<?php
require '../../include/ctf.inc.php';
prefer_ssl();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['action'] == 'register') {
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
validate_captcha();
}
validate_email($_POST['email']);
$recruit = db_select_one('recruit', array('id'), array('email' => $_POST['email']));
if ($recruit['id']) {
message_generic('Thank you', 'Your email was already registered!');
}
$id = db_insert('recruit', array('added' => time(), 'user_id' => $_SESSION['id'], 'name' => $_POST['name'], 'email' => $_POST['email'], 'city' => $_POST['city'], 'country' => $_POST['country']));
if ($id) {
message_generic('Success', 'The email ' . htmlspecialchars($_POST['email']) . ' has been registered. Thanks!');
} else {
message_error('Could not register interest. You must not be interested enough!');
}
}
}
<?php
require '../../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
enforce_instance_auth();
if ($_GET['action'] == 'view') {
$instanceInformation = db_select_one('instances', array('id', 'instanceURI', 'name', 'authoratativeAccountID', 'registrationToken'), array('id' => $_GET['id']));
$_SESSION['IID'] = $instanceInformation['id'];
$_SESSION['IName'] = $instanceInformation['name'];
$_SESSION['IAID'] = $instanceInformation['authoratativeAccountID'];
redirect(CONFIG_SITE_ADMIN_RELPATH . 'index.php');
}
if ($_GET['action'] == 'reset') {
$instanceInformation = db_select_one('instances', array('id', 'instanceURI', 'name', 'authoratativeAccountID', 'registrationToken'), array('id' => '0'));
$_SESSION['IID'] = $instanceInformation['id'];
$_SESSION['IName'] = $instanceInformation['name'];
$_SESSION['IAID'] = $instanceInformation['authoratativeAccountID'];
redirect(CONFIG_SITE_ADMIN_RELPATH . 'index.php');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_id($_POST['id']);
validate_xsrf_token($_POST['xsrf_token']);
if ($_POST['action'] == 'delete') {
db_delete('categories', array('instanceID' => $_POST['id']));
db_delete('challenges', array('instanceID' => $_POST['id']));
db_delete('news', array('instanceID' => $_POST['id']));
db_delete('submissions', array('instanceID' => $_POST['id']));
db_delete('purchases', array('instanceID' => $_POST['id']));
db_delete('hints', array('instanceID' => $_POST['id']));
db_delete('instances', array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_instance.php');
', $challenge['description'], '
</div> <!-- / challenge-description -->';
}
if ($_GET['BAlert'] == "1") {
echo '<script>window.onload = function(){bootbox.alert("You do not enough points to perform that transaction.");}</script>';
}
// only show the hints and flag submission form if we're not already correct and if the challenge hasn't expired
if (!$challenge['correct_submission_added'] && $time < $challenge['available_until']) {
// write out hints
if (cache_start('hints_challenge_' . $challenge['id'], CONFIG_CACHE_TIME_HINTS)) {
$hints = db_select_all('hints', array('*'), array('visible' => 1, 'challenge' => $challenge['id']));
foreach ($hints as $hint) {
if ($hint['value'] == 0) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
} else {
$hint1 = db_select_one('purchases', array('*'), array('hid' => $hint['id'], 'uid' => $_SESSION['id']));
if ($hint1['value'] > 0) {
message_inline_yellow('<strong>Hint!</strong> ' . $bbc->parse($hint['body']), false);
} else {
echo '<p><a href="actions/hints.php?action=purchase&id=' . $hint['id'] . '" class="btn btn-xs btn-info">Purchase hint</a><strong> [This hint is available for purchase at ' . $hint['value'] . ' points.]</strong></p>';
}
}
}
cache_end('hints_challenge_' . $challenge['id']);
}
if ($remaining_submissions) {
if ($challenge['num_submissions'] && !$challenge['automark'] && $challenge['marked']) {
message_inline_blue('Your submission is awaiting manual marking.');
}
// write out files
if (cache_start('files_' . $challenge['id'], CONFIG_CACHE_TIME_FILES)) {
function register_account($email, $password, $team_name, $country, $type = null, $phoneNo, $age, $eduI, $eduLevel, $fullName, $instanceID)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error('Registration is currently closed.');
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error('Please fill in all the details correctly.');
}
if (isset($type) && !is_valid_id($type)) {
message_error('That does not look like a valid team type.');
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('Your team name was too long or too short.');
}
validate_email($email);
if (!allowed_email($email)) {
message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.');
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
message_error('Please select a valid country.');
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error('An account with this team name or email already exists.');
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country, 'DOB' => $age, 'mobileNo' => $phoneNo, 'eduInstitution' => $eduI, 'eduLevel' => $eduLevel, 'fullName' => $fullName, 'instanceID' => $instanceID));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic('Signup successful', 'Thank you for registering!
Your chosen email is: ' . htmlspecialchars($email) . '.
Make sure to check your spam folder as emails from us may be placed into it.
Please stay tuned for updates!');
} else {
return true;
}
}
// no rows were inserted
return false;
}
<?php
require '../../include/mellivora.inc.php';
enforce_authentication();
if ($_GET['action'] == "purchase") {
$hint = db_select_one('hints', array('*'), array('id' => $_GET['id']));
$scores = db_query_fetch_one('
SELECT
u.id AS user_id,
u.team_name,
u.instanceid,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.id = \'' . $_SESSION["id"] . '\'
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC');
$hintpurchase = db_query_fetch_one('SELECT SUM(value) as total FROM purchases WHERE uid =' . $_SESSION['id']);
$userbal = $scores['score'] - $hintpurchase['score'];
if ($hint['value'] <= $userbal) {
$id = db_insert('purchases', array('type' => '1', 'value' => $hint['value'], 'uid' => $_SESSION["id"], 'hid' => $hint['id'], 'instanceID' => $_SESSION['IID']));
redirect('challenges');
} else {
redirect('challenges?BAlert=1');
}
require '../../include/ctf.inc.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// get auth data
if (isset($_POST['auth_key']) && is_valid_id($_POST['id'])) {
$auth = db_select_one('reset_password', array('id', 'user_id', 'auth_key'), array('auth_key' => $_POST['auth_key'], 'user_id' => $_POST['id']));
if (!$auth['user_id']) {
message_error('No reset data found');
}
}
// stage 1, part 2
if ($_POST['action'] == 'reset_password') {
if (CONFIG_RECAPTCHA_ENABLE_PUBLIC) {
validate_captcha();
}
$user = db_select_one('users', array('id', 'team_name', 'email'), array('email' => $_POST[md5(CONFIG_SITE_NAME . 'EMAIL')]));
if ($user['id']) {
$auth_key = hash('sha256', generate_random_string(128));
db_insert('reset_password', array('added' => time(), 'user_id' => $user['id'], 'ip' => get_ip(true), 'auth_key' => $auth_key));
$email_subject = 'Password recovery for team ' . htmlspecialchars($user['team_name']);
// body
$email_body = htmlspecialchars($user['team_name']) . ', please follow the link below to reset your password:'******'reset_password?action=choose_password&auth_key=' . $auth_key . '&id=' . $user['id'] . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME;
// send details to user
send_email(array($user['email']), $email_subject, $email_body);
}
message_generic('Success', 'If the email you provided was found in the database, an email has now been sent to it with further instructions!');
} else {
if ($_POST['action'] == 'choose_password' && is_valid_id($auth['user_id'])) {
$new_password = $_POST[md5(CONFIG_SITE_NAME . 'PWD')];
if (empty($new_password)) {
message_error('You can\'t have an empty password');
function db_count_num($table, array $where = null, $whereGlue = 'AND')
{
$count = db_select_one($table, array('COUNT(*) AS num'), $where, false, $whereGlue, false);
return $count['num'];
}
if (empty($_POST['flag'])) {
message_error('Did you really mean to submit an empty flag?');
}
$submissions = db_select_all('submissions', array('correct', 'added'), array('user_id' => $_SESSION['id'], 'challenge' => $_POST['challenge']));
// make sure user isn't "accidentally" submitting a correct flag twice
$latest_submission_attempt = 0;
$num_attempts = 0;
foreach ($submissions as $submission) {
$latest_submission_attempt = max($submission['added'], $latest_submission_attempt);
if ($submission['correct']) {
message_error('You may only submit a correct flag once.');
}
$num_attempts++;
}
// get challenge information
$challenge = db_select_one('challenges', array('flag', 'category', 'case_insensitive', 'automark', 'available_from', 'available_until', 'num_attempts_allowed', 'min_seconds_between_submissions'), array('id' => $_POST['challenge']));
$seconds_since_submission = $time - $latest_submission_attempt;
if ($seconds_since_submission < $challenge['min_seconds_between_submissions']) {
message_generic('Sorry', 'You may not submit another solution for this challenge for another ' . seconds_to_pretty_time($challenge['min_seconds_between_submissions'] - $seconds_since_submission));
}
if ($challenge['num_attempts_allowed'] && $num_attempts >= $challenge['num_attempts_allowed']) {
message_generic('Sorry', 'You\'ve already tried ' . $challenge['num_attempts_allowed'] . ' times. Sorry!');
}
if ($challenge['available_from'] && $time < $challenge['available_from']) {
message_generic('Sorry', 'This challenge hasn\'t started yet.');
}
if ($challenge['available_until'] && $time > $challenge['available_until']) {
message_generic('Sorry', 'This challenge has expired.');
}
$correct = false;
// automark the submission
function register_account($email, $password, $team_name, $country, $type = null)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error(lang_get('registration_closed'));
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error(lang_get('please_fill_details_correctly'));
}
if (isset($type) && !is_valid_id($type)) {
message_error(lang_get('invalid_team_type'));
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('team_name_too_long_or_short');
}
validate_email($email);
if (!allowed_email($email)) {
message_error(lang_get('email_not_whitelisted'));
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !is_valid_id($country) || $country > $num_countries['num']) {
message_error(lang_get('please_supply_country_code'));
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error(lang_get('user_already_exists'));
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// signup email
$email_subject = lang_get('signup_email_subject', array('site_name' => CONFIG_SITE_NAME));
// body
$email_body = lang_get('signup_email_success', array('team_name' => htmlspecialchars($team_name), 'site_name' => CONFIG_SITE_NAME, 'signup_email_availability' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? lang_get('signup_email_account_availability_message_login_now') : lang_get('signup_email_account_availability_message_login_later'), 'signup_email_password' => CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP ? lang_get('your_password_is') . ': ' . $password : lang_get('your_password_was_set')));
// send details to user
send_email(array($email), $email_subject, $email_body);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic(lang_get('signup_successful'), lang_get('signup_successful_text', array('email' => htmlspecialchars($email))));
} else {
return true;
}
}
// no rows were inserted
return false;
}
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
head('Site management');
menu_management();
section_subhead('Edit dynamic menu item');
$menu_item = db_select_one('dynamic_menu', array('*'), array('id' => $_GET['id']));
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_text('Title', $menu_item['title']);
form_input_text('Permalink', $menu_item['permalink']);
dynamic_visibility_select($menu_item['visibility']);
$pages = db_select_all('dynamic_pages', array('id', 'title'));
array_unshift($pages, array('id' => 0, 'title' => '--- No internal link ---'));
form_select($pages, 'Internal page', 'id', $menu_item['internal_page'], 'title');
user_class_select($menu_item['min_user_class']);
form_input_text('URL', $menu_item['url']);
form_input_text('Priority', $menu_item['priority']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete menu item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_menu_item');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete menu item', 'danger');
form_end();
foot();
}
if (empty($_POST['job-end'])) {
$addError['end'] = 'Job Start date must be filled';
$addOk = FALSE;
} else {
$jobEnd = $_POST['job-end'];
}
//Lay du lieu tu select va radio
$jobPrioty = $_POST['job-prioty'];
$jobStatus = $_POST['job-status'];
require_once LIB_PATH . '/database.php';
db_connect();
if ($addOk == TRUE) {
//Lay id user
$username = $_SESSION["username"];
$uid = db_select_one("SELECT uid FROM user WHERE uaccount = '{$username}'");
$listRecords = array('jtitle', 'jinfo', 'jstart', 'jend', 'jprioty', 'jstatus', 'juser');
$listValues = array($jobTitle, $jobInfo, $jobStart, $jobEnd, $jobPrioty, $jobStatus, $uid);
if (db_insert('job', $listRecords, $listValues)) {
$addError['message'] = "Insert successfull";
} else {
$addError['message'] = 'insert fail';
}
}
db_close();
}
//load template
$pageTitle = 'Add more job for life';
if (file_exists(PUBLIC_PATH . '/taddjob.php')) {
include PUBLIC_PATH . '/taddjob.php';
} else {
<?php
require '../include/mellivora.inc.php';
login_session_refresh();
if (strlen(array_get($_GET, 'code')) != 2) {
message_error(lang_get('please_supply_country_code'));
}
$country = db_select_one('countries', array('id', 'country_name', 'country_code'), array('country_code' => $_GET['code']));
if (!$country) {
message_error(lang_get('please_supply_country_code'));
}
head($country['country_name']);
if (cache_start(CONST_CACHE_NAME_COUNTRY . $_GET['code'], CONFIG_CACHE_TIME_COUNTRIES)) {
section_head(htmlspecialchars($country['country_name']) . country_flag_link($country['country_name'], $country['country_code'], true), '', false);
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
u.competing,
co.id AS country_id,
co.country_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE u.competing = 1 AND co.id = :country_id
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC', array('country_id' => $country['id']));
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$news = db_select_one('news', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit news item: ' . $news['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_text('Title', $news['title']);
form_textarea('Body', $news['body']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_bbcode_manual();
form_end();
section_subhead('Delete news item');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_news');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete news item', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validate_id($_GET['id']);
$rule = db_select_one('restrict_email', array('rule', 'enabled', 'white', 'priority'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit signup rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_text('Rule', $rule['rule']);
form_input_text('Priority', $rule['priority']);
form_input_checkbox('Whitelist', $rule['white']);
form_input_checkbox('Enabled', $rule['enabled']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_end();
section_subhead('Delete rule');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_restrict_email');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete rule', 'danger');
form_end();
foot();
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$page = db_select_one('dynamic_pages', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit dynamic page: ' . $page['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_page');
form_input_text('Title', $page['title']);
form_textarea('Body', $page['body']);
dynamic_visibility_select($page['visibility']);
user_class_select($page['min_user_class']);
form_hidden('action', 'edit');
form_hidden('id', $_GET['id']);
form_button_submit('Save changes');
form_bbcode_manual();
form_end();
section_subhead('Delete');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_dynamic_page');
form_input_checkbox('Delete confirmation');
form_hidden('action', 'delete');
form_hidden('id', $_GET['id']);
form_button_submit('Delete', 'danger');
form_end();
foot();
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
$rule = db_select_one('instances', array('*'), array('id' => $_SESSION['IID']));
head('Site management');
menu_management();
section_subhead('Edit Instance Settings');
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_settings');
echo '<div class="form-group">
<label class="col-sm-2 control-label" for="rule">Registration Token</label>
<div class="col-sm-10">
<input id="rule" readonly name="rule" class="form-control" placeholder="Registration Token" value="', $rule['registrationToken'] != 0 ? $rule['registrationToken'] : 'Registration Tokens are not enabled.', '" type="text">
</div>
</div>';
form_hidden('action', 'edit');
echo $rule['registrationToken'] == 0 ? form_button_submit('Enable Registration Token') : form_button_submit('Disable Registration Token');
form_end();
foot();
<?php
require '../include/mellivora.inc.php';
$user = db_select_one('users', array('id', 'enabled'), array('download_key' => $_GET['team_key']));
if (!is_valid_id($user['id'])) {
log_exception(new Exception('Invalid team key used for download'));
message_error(lang_get('invalid_team_key'));
}
if (!$user['enabled']) {
message_error(lang_get('user_not_enabled'));
}
$file = db_query_fetch_one('
SELECT
f.id,
f.title,
f.size,
f.md5,
c.available_from
FROM files AS f
LEFT JOIN challenges AS c ON c.id = f.challenge
WHERE f.download_key = :download_key', array('download_key' => $_GET['file_key']));
if (!is_valid_id($file['id'])) {
log_exception(new Exception('Invalid file key used for download'));
message_error(lang_get('no_file_found'));
}
if (time() < $file['available_from'] && !user_is_staff()) {
message_error(lang_get('file_not_available'));
}
download_file($file);
