function formSolutionboxValidate(WC_Challenge $chall)
{
$form = formSolutionboxForm($chall);
if (false !== ($error = $form->validate(Module_WeChall::instance()))) {
return $error;
}
return false;
}
private function templateToken()
{
$user = GWF_Session::getUser();
$token = WC_WarToken::genWarToken($user->getID());
$host = Module_WeChall::instance()->cfgWarboxURL();
$ip = gethostbyname(Common::getHostname($host));
$port = Module_WeChall::instance()->cfgWarboxPort();
$tVars = array('epoch' => $this->getEpochUser(), 'warboxes' => $this->getWarboxes(true), 'token' => $token, 'port' => $port, 'host' => $host, 'netcat_cmd' => sprintf('(echo -e "%s\\n%s"; cat) | nc %s %s', $user->displayUsername(), $token, $ip, $port));
return $this->module->templatePHP('wartoken.php', $tVars);
}
private function getTableTitle($for_userid, $from_userid, $tag, $challcount)
{
$module = Module_WeChall::instance();
$dtag = GWF_HTML::display($tag);
if ($for_userid != 0) {
return $module->lang('tt_challs_for', array($dtag, GWF_User::getByIDOrGuest($for_userid)->displayUsername()));
} else {
if ($from_userid != 0) {
return $module->lang('tt_challs_from', array($challcount, $dtag, GWF_User::getByIDOrGuest($from_userid)->displayUsername()));
} else {
return $module->lang('tt_challs', array($dtag));
}
}
}
private function onRecalcEverything()
{
require_once GWF_CORE_PATH . 'module/WeChall/WC_RegAt.php';
$wc = Module_WeChall::instance();
$wc->includeClass('WC_Warflag');
$wc->includeClass('WC_Warflags');
foreach (WC_Warbox::getAllBoxes() as $box) {
$box instanceof WC_Warbox;
$box->recalcPlayersAndScore();
$box->recalcChallcounts();
}
WC_Site::recalcAllSites();
WC_RegAt::calcTotalscores();
return $this->templateAdmin();
}
<?php
if (WC_HTML::$HEADER === false) {
return;
}
$module = Module_WeChall::instance();
$logo_url = $module->cfgLogoURL();
$style = '
min-height: 140px;
max-height: 140px;
display: block;
float: left;
';
echo '<header id="wc_head">' . PHP_EOL . '<a href="' . $logo_url . '" style="' . $style . '" title="WeChall"><img src="/favicon.png" style="' . $style . '" alt="HACKITO, ERGO SUM!" /></a>' . PHP_EOL . '<div id="wc_head_stats">' . PHP_EOL . WC_HTML::displayHeaderLogin($module) . PHP_EOL . WC_HTML::displayHeaderOnline($module) . PHP_EOL . '</div>' . PHP_EOL . '</header>' . PHP_EOL . '<div class="cb"></div>' . PHP_EOL;
<?php
$is_admin = GWF_User::isAdminS();
$wc = Module_WeChall::instance();
echo $tVars['page_menu'];
if ($tVars['page'] === 1) {
echo $wc->showBirthdayNews();
echo $wc->showChallengeNews();
echo $wc->showSiteMasterNews();
echo $wc->showAccountLinkNews();
}
?>
<div class="gwf_newsbox">
<?php
foreach ($tVars['news'] as $newsid => $news) {
$t = $news->getTranslation();
$news instanceof GWF_News;
$newsid = $news->getID();
?>
<div class="gwf_newsbox_item">
<div class="gwf_newsbox_head">
<span class="gwf_newsbox_title"><?php
echo $news->displayTitle();
?>
</span>
<span class="gwf_newsbox_date"><?php
echo $news->displayDate();
?>
</span>
<span class="gwf_newsbox_author"><?php
public function showChallengeNews()
{
# Logged in?
if (false === ($user = GWF_Session::getUser())) {
return '';
}
$userid = $user->getID();
$sites = GWF_TABLE_PREFIX . 'wc_site';
$regat = GWF_TABLE_PREFIX . 'wc_regat';
$query = "SELECT site_name, regat_challcount, site_challcount, site_url FROM {$regat} JOIN {$sites} ON site_id=regat_sid WHERE regat_challcount != site_challcount AND regat_uid={$userid}";
$db = gdo_db();
if (false === ($result = $db->queryRead($query))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if ($db->numRows($result) === 0) {
$db->free($result);
return '';
}
$href = '/index.php?mo=WeChall&me=ChallNewsRead';
$title = $this->lang('cnews_title');
$text = $this->lang('cnews_body', array($href)) . PHP_EOL . PHP_EOL;
while (false !== ($row = $db->fetchRow($result))) {
$mark = intval($row[1]);
$total = intval($row[2]);
$anchor = sprintf('[url=%s]%s[/url]', htmlspecialchars($row[3]), htmlspecialchars($row[0]));
$text .= $this->lang('cnews_item', array($total - $mark, $anchor, $total)) . PHP_EOL;
}
$db->free($result);
if (false === ($thm = Module_WeChall::instance()->cfgWeChallUser())) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$english = GWF_Language::getEnglish();
$news = GWF_News::newNews(GWF_Time::getDate(GWF_Date::LEN_SECOND), 0, $thm->getID(), $english->getID(), $title, $text, true);
return Module_News::displayItem($news);
}
private function onEdit(WC_Challenge $chall)
{
$form = $this->getForm($chall);
if (false !== ($error = $form->validate($this->module))) {
return $error;
}
$msgs = '';
$wc = WC_Site::getWeChall();
# Solution
$is_case_i = isset($_POST['case_i']);
if ('' !== ($solution = Common::getPostString('solution', ''))) {
if (false === $chall->saveVar('chall_solution', $chall->hashSolution($solution, $is_case_i))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
}
# CASE_I
$case_i = WC_Challenge::CHALL_CASE_I;
if ($chall->isOptionEnabled($case_i) !== $is_case_i) {
if (false === $chall->saveOption($case_i, $is_case_i)) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
}
# Save score
$new_score = $form->getVar('score');
$old_score = $chall->getVar('chall_score');
if ($new_score !== $old_score) {
if (!WC_Challenge::isValidScore($new_score)) {
$msgs .= $this->module->error('err_chall_score', array($new_score, WC_Challenge::MIN_SCORE, WC_Challenge::MAX_SCORE));
}
if (false === $chall->saveVar('chall_score', $new_score)) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === $wc->saveVar('site_maxscore', WC_Challenge::getMaxScore())) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$wc->recalcSite();
}
# URL+Title (dangerous)
if (false === $chall->saveVars(array('chall_url' => $form->getVar('url'), 'chall_title' => $form->getVar('title')))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
# Creator:
if (false === $chall->updateCreators($form->getVar('creators'))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
# Tags:
if (false === $chall->saveVar('chall_tags', trim($form->getVar('tags'), ' ,'))) {
$msgs .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
Module_WeChall::instance()->cacheChallTags();
# Done
return $msgs . $this->module->message('msg_chall_edited');
}
public static function accountButtons()
{
return Module_WeChall::instance()->templatePHP('wcaccountbuttons.php');
}
<?php
$wechall = Module_WeChall::instance();
$wechall->includeClass('WC_RegAt');
$wechall->includeClass('WC_SiteFavorites');
$wechall->includeClass('WC_SiteDescr');
require_once GWF_WWW_PATH . 'tpl/wc4/module/Profile/_profile_funcs.php';
$u = $tVars['user'];
$u instanceof GWF_User;
$p = $tVars['profile'];
$p instanceof GWF_Profile;
$user = GWF_User::getStaticOrGuest();
$by = Common::getGet('by', 'regat_solved');
$dir = Common::getGet('dir', 'DESC');
$orderby = GDO::table('WC_Regat')->getMultiOrderby($by, $dir);
$is_admin = $user->isAdmin();
$data = $u->getUserData();
$priv = isset($data['WC_PRIV_HIST']) && !$is_admin;
# Head
$buttons = '';
if ($tVars['jquery']) {
$onclick = "wcjsHideJQueryAll(); return false;";
$buttons .= GWF_Button::delete('#', WC_HTML::lang('btn_close'), '', $onclick);
$buttons .= GWF_Button::link($u->getProfileHREF(), WC_HTML::lang('btn_view_profile'));
}
echo '<h1>' . $buttons . $tLang->lang('pt_profile', array($u->displayUsername())) . '</h1>';
# Permission
if ($p->isHidden($user)) {
echo '<h2>' . $tLang->lang('err_hidden') . '</h2>';
return;
}
public function onAdd(WC_Challenge $chall)
{
$module = Module_WeChall::instance();
$form = $this->getForm($chall);
if (false !== ($error = $form->validate($module))) {
return $error;
}
$pattern = $form->getVar('pattern');
$path = $form->getVar('filename');
// if (!preg_match('/^[\x00-\x7f]+$/D', $pattern))
// {
// return GWF_HTML::error('Smile Pattern', array($chall->lang('err_ascii')));
// }
if (!preg_match('/^[\\x00-\\x7f]+$/D', $path)) {
return GWF_HTML::error('Smile Path', array($chall->lang('err_ascii')));
}
# Show a sample output for the new smiley :)
if (!LIVIN_Smile::testSmiley($chall, $pattern, $path)) {
return GWF_HTML::error('Smile', array($chall->lang('err_test')));
}
# If it looks valid we even add it globally :)
if (!LIVIN_Smile::looksHarmless($path)) {
return GWF_HTML::error('Smile', array($chall->lang('err_xss')));
}
if (!LIVIN_Smile::imageExists($path)) {
return GWF_HTML::error('Smile', array($chall->lang('err_path')));
}
# Like this :)
LIVIN_Smile::onAddSmiley($pattern, $path);
return GWF_HTML::message('Smile', array($chall->lang('msg_rule_added')));
}
{
public function validate_text($m, $v)
{
return false;
}
}
$validator = new NootherForm();
$form = the_form($chall, $validator);
# Your sourcecode
if (isset($_GET['source'])) {
$code = file_get_contents('challenge/noother/preg_evasion/index.php');
echo GWF_Message::display('[code lang=php title=preg_evasion]' . $code . '[/code]');
}
# Your trigger
if (isset($_POST['hackit']) && isset($_POST['text']) && is_string($_POST['text'])) {
if (false !== ($error = $form->validate(Module_WeChall::instance()))) {
echo $error;
} else {
# Let's examine your POST
$text = $_POST['text'];
# Not Evil?
if (the_preg_match($chall, $text)) {
#But Evil?
if (the_strpos($chall, $text)) {
# Try to get here!
$chall->onChallengeSolved(GWF_Session::getUserID());
}
}
}
}
# Your mission
private function onEdit(WC_Warbox $box)
{
$form = $this->formEdit($box);
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templateEdit($box);
}
$options = 0;
$options |= isset($_POST['warbox']) ? WC_Warbox::WARBOX : 0;
$options |= isset($_POST['multi']) ? WC_Warbox::MULTI_SOLVE : 0;
if (!$box->saveVars(array('wb_name' => $form->getVar('name'), 'wb_port' => $form->getVar('port'), 'wb_host' => $form->getVar('host'), 'wb_user' => $form->getVar('user'), 'wb_pass' => $form->getVar('pass'), 'wb_status' => $form->getVar('status'), 'wb_weburl' => $form->getVar('url'), 'wb_ip' => gethostbyname($form->getVar('host')), 'wb_whitelist' => $form->getVar('wlist'), 'wb_blacklist' => $form->getVar('blist'), 'wb_launched_at' => $form->getVar('launch'), 'wb_updated_at' => GWF_Time::getDate(14), 'wb_options' => $options))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateEdit($box);
}
Module_WeChall::instance()->flushWarboxConfig();
return $this->module->message('msg_warbox_edited') . $this->templateOverview();
}
<?php
$l = $tVars['join'];
echo GWF_Button::wrapStart();
echo GWF_Button::generic($l->lang('btn_join'), GWF_WEB_ROOT . 'join_us');
echo GWF_Button::generic($l->lang('btn_join_war'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=warbox', 'generic', '', true);
echo GWF_Button::generic($l->lang('btn_join_opt'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=optional');
echo GWF_Button::generic($l->lang('btn_api'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=wechall_api');
echo GWF_Button::wrapEnd();
$url = Module_WeChall::instance()->cfgWarboxURL();
$port = Module_WeChall::instance()->cfgWarboxPort();
echo GWF_Box::box($l->lang('war_1b', array($url, $port)), $l->lang('war_1t'));
echo GWF_Box::box($l->lang('war_4b', array($url, $port)), $l->lang('war_4t'));
$box = "";
$box .= $l->lang('war_2b') . "\n<br/>\n";
foreach ($l->lang('war_2b_os') as $os => $code) {
$box .= $os . "<br/>\n";
$box .= $code . "\n";
}
$box .= "<br/>\n";
echo GWF_Box::box($box, $l->lang('war_2t'));
echo GWF_Box::box($l->lang('war_3b', array($url, $port)), $l->lang('war_3t'));
echo GWF_Button::wrapStart();
echo GWF_Button::generic($l->lang('btn_join'), GWF_WEB_ROOT . 'join_us');
echo GWF_Button::generic($l->lang('btn_join_war'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=warbox', 'generic', '', true);
echo GWF_Button::generic($l->lang('btn_join_opt'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=optional');
echo GWF_Button::generic($l->lang('btn_api'), GWF_WEB_ROOT . 'index.php?mo=WeChall&me=JoinUs§ion=wechall_api');
echo GWF_Button::wrapEnd();
/**
* Recalc the score for this site.
* @return boolean
*/
private function recalcScore()
{
if ($this->isLinear()) {
$wc = Module_WeChall::instance();
$wc->includeClass('WC_Warbox');
$wc->includeClass('WC_Warflag');
$basescore = WC_Warflag::getTotalscoreForSite($this);
if ($this->isNoV1()) {
// WC_RegAt::calcTotalscores()
}
} else {
$basescore = $this->getBasescore();
$average = $this->getAverage();
$challcnt = $this->getChallcount();
$spc = $this->getVar('site_spc');
$basescore += $spc * $challcnt;
$basescore += $basescore - $average * $basescore;
$basescore = intval(round($basescore));
}
if ($basescore !== $this->getVar('site_score')) {
require_once 'WC_HistorySite.php';
if (false === WC_HistorySite::insertEntry($this->getID(), $this->getScore(), $this->getUsercount(), $this->getChallcount())) {
echo GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
return false;
}
return $this->saveVar('site_score', $basescore);
}
return true;
}
