<?php $error = ''; if (strvals_exist($_POST, 'name', 'password')) { $result = $db->fetch('SELECT id, pass, is_admin FROM users WHERE name=?', $_POST['name']); if (!$result || !password_verify($_POST['password'], $result->pass)) { $error = 'Wrong username or password!'; } else { log_in($result->id, $_POST['name'], $result->is_admin); $solves = $db->fetchAll('SELECT challenge_id FROM solves WHERE user_id=?', $result->id); foreach ($solves as $solve) { add_solved_challenge($solve->challenge_id); } redirect_to('?p=home'); } } echo render('login.html.php', array('error' => $error));
$chals = $db->fetchAll('SELECT id, title, points FROM challenges WHERE ctf=? ORDER BY points', CTF_NAME); echo render('admin.html.php', array('chals' => $chals, 'csrf' => generate_csrftoken())); } elseif ($_GET['a'] === 'edit' && isset($_GET['id'])) { $chal = $db->fetch('SELECT title, `desc`, flag, points FROM challenges WHERE id=? AND ctf=?', $_GET['id'], CTF_NAME); if (!$chal) { redirect_to('?p=admin'); } if (valid_csrf() && strvals_exist($_POST, 'title', 'desc', 'flag', 'points')) { $db->put('UPDATE challenges SET title=?, `desc`=?, flag=?, points=? WHERE id=?', $_POST['title'], $_POST['desc'], $_POST['flag'], $_POST['points'], $_GET['id']); redirect_to('?p=admin'); } echo render('admin_edit.html.php', array('chal' => $chal, 'csrf' => generate_csrftoken())); } elseif ($_GET['a'] === 'add') { if (valid_csrf() && strvals_exist($_POST, 'title', 'desc', 'flag', 'points')) { $db->put('INSERT INTO challenges (title, `desc`, flag, points, ctf) VALUES (?, ?, ?, ?, ?)', $_POST['title'], $_POST['desc'], $_POST['flag'], $_POST['points'], CTF_NAME); redirect_to('?p=admin'); } echo render('admin_edit.html.php', array('csrf' => generate_csrftoken())); } elseif ($_GET['a'] === 'delete' && isset($_GET['id']) && valid_csrf()) { $db->put('DELETE FROM challenges WHERE id=?', $_GET['id']); $db->put('DELETE FROM solves WHERE challenge_id=?', $_GET['id']); redirect_to('?p=admin'); } elseif ($_GET['a'] === 'delete-solves' && valid_csrf()) { $db->put('DELETE FROM solves WHERE challenge_id IN (SELECT id FROM challenges WHERE ctf=?)', CTF_NAME); redirect_to('?p=admin'); } else { redirect_to('?p=admin');
<?php if (!logged_in()) { redirect_to('?p=login'); } $error = 'Invalid id.'; if (!strvals_exist($_GET, 'id')) { die($error); } $chal = $db->fetch('SELECT id, title, `desc`, flag, points FROM challenges WHERE id=? AND ctf=?', $_GET['id'], CTF_NAME); if (!$chal) { die($error); } $valid_flag = ''; $flag_msg = 'Incorrect flag.'; if (strvals_exist($_POST, 'flag')) { $valid_flag = false; if (validate_flag($_POST['flag'], $chal->flag)) { $valid_flag = true; if (is_solved($chal->id)) { $flag_msg = 'Correct flag but you already solved the challenge.'; } else { $db->put('INSERT INTO solves (user_id, challenge_id) VALUES (?, ?)', $_SESSION['id'], $chal->id); add_solved_challenge($chal->id); $flag_msg = 'Correct flag! +' . $chal->points . ' points!'; } } } echo render('chal.html.php', array('chal' => $chal, 'valid_flag' => $valid_flag, 'flag_msg' => $flag_msg));
<?php require_once __DIR__ . '/../config.php'; require_once __DIR__ . '/util.php'; require_once __DIR__ . '/Database.php'; require_once __DIR__ . '/Template.php'; if (!defined('CTF_NAME')) { die('CTF_NAME must be set.'); } ini_set('short_open_tag', 1); // for templates session_name('SCOREBOARDSESSID'); ini_set('session.cookie_httponly', 1); // security fix: we want challenges to be able to set $_SESSION with extract() // so we change our session save path here if (!is_dir(SESSION_PATH)) { mkdir(SESSION_PATH, 0330); } session_save_path(SESSION_PATH); session_start(); header('Content-Type: text/html; charset=UTF-8'); header('X-XSS-Protection: 1; mode=block'); header('X-Frame-Options: DENY'); $db = new Database($dbhost, $dbname, $dbuser, $dbpass); $page = strvals_exist($_GET, 'p') ? $_GET['p'] : 'home'; $page_path = __DIR__ . '/../pages/' . $page . '.php'; if (!preg_match('/^\\w+$/', $page) || !file_exists($page_path)) { $page = '404'; } include __DIR__ . '/../pages/' . $page . '.php';
<?php if (logged_in()) { redirect_to('?p=home'); } $error = ''; if (strvals_exist($_POST, 'name', 'pass')) { $user = $db->fetch('SELECT id FROM users WHERE name=?', $_POST['name']); if ($user) { $error = 'User already exists.'; } else { $admin = 0; if (strvals_exist($_POST, 'admin-pass')) { if ($_POST['admin-pass'] === ADMIN_PW) { $admin = 1; } else { $error = 'Admin password wrong!'; } } if (empty($error)) { $db->put('INSERT INTO users (name, pass, is_admin) VALUES (?, ?, ?)', $_POST['name'], password_hash($_POST['pass'], PASSWORD_DEFAULT), $admin); log_in($db->lastInsertId(), $_POST['name'], $admin); redirect_to('?p=home'); } } } echo render('register.html.php', array('error' => $error));