$t = util::getGet('t'); $token = $challenge->getToken(); echo "t={$t};token={$token}"; if (true === ($t == $token)) { $challenge->mark(); util::forward(WEBROOT . "/index.php"); } } else { if (isset($_POST['action'])) { $token = util::getPost('token'); $validtoken = $challenge->getToken(); if ($validToken === $token || in_array($token, $otherTokens)) { $output = "valid token"; // token is valid //$row = $result->fetch(); $user = util::getSession('player'); $sql = "INSERT INTO scoreboard SELECT id,'{$token}',now()+0 FROM players WHERE name='{$user}'"; //$sql = "INSERT INTO scoreboard VALUES($user,'$token',now()+1)"; $result = $db->query($sql); } else { $output = "not valid"; } } } } else { $_SESSION['referrer'] = $_SERVER['REQUEST_URI']; header("Location:login.php"); } if ($output != "") { CTF::message($output); }
} } else { switch ($button) { case 'logoff': unset($_SESSION[Challenge::PLAYER]); $output = showLogin(""); $output[] = "You have been logged off"; break; case 'login': extract($_POST); if (($id = CTF::login($name, $password)) != false) { $_SESSION[Challenge::PLAYER] = $name; $output = showLogin("", isset($_SESSION[Challenge::PLAYER])); //$output[] = "You are logged in"; if (isset($_SESSION['referrer'])) { $location = util::getSession('referrer'); unset($_SESSION['referrer']); header("Location:" . $location); } } else { $output = showLogin("Unknown user", isset($_SESSION[Challenge::PLAYER])); } break; case 'doregister': $output = showRegister(''); break; case 'register': if (util::getPost('password1') === false) { $output = showRegister(''); } else { extract($_POST);
function getDictionaryWord() { $array = util::getSession(Challenge::WORD); if (!isset($array[$this->challenge])) { $words = file(DICTIONARY); shuffle($words); $word = $words[0]; $array[$this->challenge] = trim($word); $_SESSION[Challenge::WORD] = $array; } return $array[$this->challenge]; }