private static function validateCSRF($context, GWF_Form $form, $validator) { if (GWF_Form::CSRF_OFF === ($level = $form->getCSRFLevel())) { } else { if (false === ($token = GWF_CSRF::validateToken()) || $token !== $form->getCSRFToken()) { return GWF_HTML::lang('ERR_CSRF'); } } return false; }
} # And display the header $chall->showHeader(); # Show mission box (translated) echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t')); # Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input. if (phpself_checkit()) { $chall->onChallengeSolved(GWF_Session::getUserID()); } # Show this file as highlighted sourcecode, if desired if ('christmas' === Common::getGetString('highlight')) { $msg = file_get_contents('challenge/yourself_php/index.php'); $msg = '[' . 'code=php title=index.php]' . $msg . '[' . '/code]'; echo GWF_Box::box(GWF_Message::display($msg)); } # __This is the challenge: if (isset($_POST['username'])) { echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username')))); } echo '<div class="box box_c">' . PHP_EOL; echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']) . PHP_EOL; echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')) . PHP_EOL; echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>') . PHP_EOL; echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>') . PHP_EOL; echo sprintf('</form>') . PHP_EOL; echo '</div>' . PHP_EOL; # __End of challenge # Print Challenge Footer echo $chall->copyrightFooter(); # Print end of website require_once 'challenge/html_foot.php';
<?php $user = $tVars['user']; $user instanceof GWF_User; echo $tVars['form_add']; ?> <form action="<?php echo $tVars['form_action']; ?> " method="post"> <?php echo GWF_CSRF::hiddenForm(''); foreach ($tVars['groups'] as $name => $group) { $group instanceof GWF_UserGroup; $founderid = $group->getVar('group_founder'); echo '<div>'; if ($founderid === $user->getID()) { echo sprintf('<input type="submit" name="remgroup[%s]" disabled="disabled" value="%s" />', $group->getVar('group_id'), $group->display('group_name')); } else { echo sprintf('<input type="submit" name="remgroup[%s]" value="%s"/>', $group->getVar('group_id'), $group->display('group_name')); } echo '</div>' . PHP_EOL; } ?> </form>
<?php $headers = array(array('<input type="checkbox" onclick="gwfMassToggler(this, \'.gwf_mass_toggle input\');" />'), array($tLang->lang('th_user_country'), 'country_name'), array($tLang->lang('th_user_name'), 'user_name'), array($tLang->lang('th_user_level'), 'user_level'), array($tLang->lang('th_date_added'), 'pw_date')); echo '<div class="fl">'; echo $tVars['form_settings']->templateX($tVars['module']->lang('ft_settings')); echo '</div>' . PHP_EOL; echo '<div class="fl">'; echo $tVars['form_add']->templateX($tLang->lang('ft_add_whitelist')); echo '</div>' . PHP_EOL; echo '<div class="fl">'; echo $tVars['form_clear']->templateX($tLang->lang('ft_clear_pois')); echo '</div>' . PHP_EOL; echo '<div class="cb"></div>' . PHP_EOL; echo $tVars['page_menu']; echo '<form method="post" action="' . htmlspecialchars($tVars['form_action']) . '">' . PHP_EOL; echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('poi_whitelisting')); echo GWF_Table::start('gwf_mass_toggle'); echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']); $table = $tVars['table']; $result = $table->select('user_id, user_countryid, country_name, user_name, user_level, pw_date', $tVars['where'], "{$tVars['by']} {$tVars['dir']}", array('userb', 'country'), $tVars['ipp'], $tVars['from']); while (false !== ($row = $table->fetch($result, GDO::ARRAY_N))) { echo GWF_Table::rowStart(); echo GWF_Table::column('<input type="checkbox" name="user[' . $row[0] . ']" />'); echo GWF_Table::column(GWF_Country::displayFlagS2($row[1], $row[2])); echo GWF_Table::column(sprintf('<a href="%2$sprofile/%1$s">%1$s</a>', htmlspecialchars($row[3]), GWF_WEB_ROOT)); echo GWF_Table::column($row[4], 'gwf_num'); echo GWF_Table::column(GWF_Time::displayDate($row[5]), 'gwf_date'); echo GWF_Table::rowEnd(); } echo GWF_Table::end(); echo GWF_Button::wrapStart();
public static function displayHeaderLoginBROKEN(Module_WeChall $module) { if (GWF_User::isLoggedIn() || !GWF_Session::haveCookies()) { return ''; } if (false === ($mod_login = GWF_Module::loadModuleDB('Login', false, true))) { return ''; } $formhash = GWF_Password::getToken('_username_password_bind_ip_login'); return '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . '<div>' . GWF_CSRF::hiddenForm($formhash) . '</div>' . '<div>' . $mod_login->lang('th_username') . ' <input type="text" name="username" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_password') . ' <input type="password" name="password" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_bind_ip') . ' <input type="checkbox" name="bind_ip" checked="checked" />' . '<input type="submit" name="login" value="' . $mod_login->lang('btn_login') . '" />' . '</div>' . '</form>'; }
function zreloadShowShell($shellid, $narrator, $level, $onfocus = true) { global $prompt, $title; $sn = 'zreload_shell_' . $shellid; if (!GWF_Session::exists($sn)) { GWF_Session::set($sn, array()); } ?> <div class="chall_rel_shell_wrap box"> <div class="chall_rel_shell_title"><?php echo sprintf('%s (Level %d)', $title, $level); ?> </div> <div class="chall_rel_shell"> <div id="chall_rel_nar_<?php echo $shellid; ?> "><?php echo $narrator; ?> </div> <div class="chall_rel_shell_out"> <div><?php echo zreloadPrintShell($shellid); ?> </div> </div> <hr/> <form action="zshellz.php" method="post"> <?php echo GWF_CSRF::hiddenForm(''); ?> <div><input type="hidden" name="level" value="<?php echo $level; ?> " /></div> <div><input type="hidden" name="shellid" value="<?php echo $shellid; ?> " /></div> <div style="color: white;"> <?php echo $prompt; ?> <input class="chall_rel_shell_input" id="zshell<?php echo $shellid; ?> " type="text" name="input" value="" /> <input type="submit" name="cmd" value="Enter" /> </div> </form> </div> </div> <!--<pre><?php #echo zreloadGetDebug(); ?> </pre>--> <?php if ($onfocus) { ?> <script type="text/javascript"> var input = document.getElementById('zshell<?php echo $shellid; ?> '); input.focus(); </script> <?php } }
<?php $headers = array(array($tLang->lang('th_pmf_name'), 'pmf_name', 'ASC'), array($tLang->lang('th_pmf_count'), 'pmf_count', 'DESC'), array()); echo GWF_Form::start($tVars['folder_action']); echo GWF_CSRF::hiddenForm('PM_REM_FOLDER'); echo GWF_Table::start(); echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']); foreach ($tVars['folders'] as $row) { $foldername = $row->display('pmf_name'); $folderid = $row->getVar('pmf_id'); $href = $row->getOverviewHREF(); echo GWF_Table::rowStart(); echo GWF_Table::column(sprintf('<a href="%s">%s</a>', $href, $foldername), 'ri'); echo GWF_Table::column(sprintf('<a href="%s">%s</a>', $href, $row->getVar('pmf_count')), 'gwf_num'); echo GWF_Table::column(GWF_Form::checkbox("folder[{$folderid}]", false)); echo GWF_Table::rowEnd(); } echo GWF_Table::rowStart(); echo GWF_Table::column(GWF_Form::submit('delete_folder', $tLang->lang('btn_delete')), 'ri', 3); echo GWF_Table::rowEnd(); echo GWF_Table::end(); echo GWF_Form::end(); ?>
<?php echo $tVars['module']->getUserGroupButtons(); $user = GWF_User::getStaticOrGuest(); $tVars['module'] instanceof Module_Usergroups; $btn_part = $tLang->lang('btn_part'); $btn_join = $tLang->lang('btn_join'); $headers = array(array($tLang->lang('th_group_name'), 'group_name'), array($tLang->lang('th_group_memberc'), 'group_memberc'), array($tLang->lang('th_group_founder'), 'user_name'), array($btn_part)); echo $tVars['page_menu']; $user instanceof GWF_User; echo '<form method="post" action="' . htmlspecialchars($tVars['form_action']) . '">' . PHP_EOL; echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('partgrp')); echo GWF_Table::start(); echo GWF_Table::displayHeaders1($headers, $tVars['sort_url']); foreach ($tVars['groups'] as $group) { $group instanceof GWF_Group; $groupname = $group->getVar('group_name'); $founder = $group->getFounder(); $in_grp = $user->isInGroupName($groupname); if ($in_grp) { $ugopt = $user->getUserGroupOptions($group->getID()); #getGroupByName($groupname)->getInt('group_options'); // $ugopt = $user->getUserGroupOptions($groupname); } else { $ugopt = 0; } if (($ugopt & (GWF_UserGroup::LEADER | GWF_UserGroup::CO_LEADER)) > 0) { $edit = GWF_Button::edit(GWF_WEB_ROOT . 'edit_usergroup/' . $group->getID() . '/' . $group->urlencodeSEO('group_name')); } else { $edit = ''; }
<?php GWF_Website::addJavascript(GWF_WEB_ROOT . 'js/module/Shoutbox/gwf_shoutbox.js'); ?> <div> <form action="<?php echo $tVars['form_action']; ?> " method="post"> <?php echo GWF_CSRF::hiddenForm('SHOUTBOX'); ?> <?php if ($tVars['captcha']) { ?> <div><?php echo $tVars['captcha']; ?> <input type="text" name="captcha" id="captcha" size="5" value="" /></div> <?php } ?> <div> <input type="text" name="message" size="32" id="gwf_shoutmsg" /> <input type="submit" name="shout" value="<?php echo $tLang->lang('btn_shout'); ?> " onclick="gwfShout(); return false;" /> </div> </form> </div>