Пример #1
0
function DBNewUser($param, $c = null)
{
    if (isset($param['contestnumber']) && !isset($param['contest'])) {
        $param['contest'] = $param['contestnumber'];
    }
    if (isset($param['sitenumber']) && !isset($param['site'])) {
        $param['site'] = $param['sitenumber'];
    }
    if (isset($param['usernumber']) && !isset($param['user'])) {
        $param['user'] = $param['usernumber'];
    }
    if (isset($param['number']) && !isset($param['user'])) {
        $param['user'] = $param['number'];
    }
    $ac = array('contest', 'site', 'user');
    $ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra');
    $typei['contest'] = 1;
    $typei['updatetime'] = 1;
    $typei['site'] = 1;
    $typei['user'] = 1;
    foreach ($ac as $key) {
        if (!isset($param[$key]) || $param[$key] == "") {
            MSGError("DBNewUser param error: {$key} not found");
            return false;
        }
        if (isset($typei[$key]) && !is_numeric($param[$key])) {
            MSGError("DBNewUser param error: {$key} is not numeric");
            return false;
        }
        ${$key} = sanitizeText($param[$key]);
    }
    $username = "******" . $user;
    $updatetime = -1;
    $pass = null;
    $usericpcid = '';
    $userfull = '';
    $userdesc = '';
    $type = 'team';
    $enabled = 'f';
    $changepass = '******';
    $multilogin = '******';
    $permitip = '';
    $usersession = null;
    $usersessionextra = null;
    $userip = null;
    $userlastlogin = null;
    $userlastlogout = null;
    foreach ($ac1 as $key) {
        if (isset($param[$key])) {
            ${$key} = sanitizeText($param[$key]);
            if (isset($typei[$key]) && !is_numeric($param[$key])) {
                MSGError("DBNewUser param error: {$key} is not numeric");
                return false;
            }
        }
    }
    $t = time();
    if ($updatetime <= 0) {
        $updatetime = $t;
    }
    if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") {
        $type = "team";
    }
    if ($type == "admin") {
        $changepass = "******";
    }
    if ($enabled != "f") {
        $enabled = "t";
    }
    if ($multilogin != "t") {
        $multilogin = "******";
    }
    if ($changepass != "t") {
        $changepass = "******";
    }
    $cw = false;
    if ($c == null) {
        $cw = true;
        $c = DBConnect();
        DBExec($c, "begin work", "DBNewUser(begin)");
    }
    DBExec($c, "lock table usertable", "DBNewUser(lock)");
    $r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)");
    $n = DBnlines($r);
    if ($n == 0) {
        DBExec($c, "rollback work", "DBNewUser(no-site)");
        MSGError("DBNewUser param error: site {$site} does not exist");
        return false;
    }
    if ($pass != myhash("") && $type != "admin" && $changepass != "t") {
        $pass = '******' . $pass;
    }
    $r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)");
    $n = DBnlines($r);
    $ret = 1;
    if ($n == 0) {
        $sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}";
        $a = DBGetRow($sql, 0, $c);
        if ($a == null) {
            $ret = 2;
            $sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}";
            $aa = DBGetRow($sql, 0);
            if ($aa == null) {
                DBExec($c, "rollback work");
                MSGError("Site {$site} does not exist");
                return false;
            }
            $sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')";
            DBExec($c, $sql, "DBNewUser(insert)");
            if ($cw) {
                DBExec($c, "commit work");
            }
            LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2);
        } else {
            if ($updatetime > $a['updatetime']) {
                $ret = 2;
                $sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', ";
                if ($pass != null && $pass != myhash("")) {
                    $sql .= "userpassword='******', ";
                }
                if ($usersession != null) {
                    $sql .= "usersession='{$usersession}', ";
                }
                if ($usersessionextra != null) {
                    $sql .= "usersessionextra='{$usersessionextra}', ";
                }
                if ($userip != null) {
                    $sql .= "userip='{$userip}', ";
                }
                if ($userlastlogin != null) {
                    $sql .= "userlastlogin='******', ";
                }
                if ($userlastlogout != null) {
                    $sql .= "userlastlogout='{$userlastlogout}', ";
                }
                $sql .= "userenabled='{$enabled}', usermultilogin='******'";
                $sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
                $r = DBExec($c, $sql, "DBNewUser(update)");
                if ($cw) {
                    DBExec($c, "commit work");
                }
                LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2);
            }
        }
    } else {
        DBExec($c, "rollback work");
        LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1);
        MSGError("Update problem for user {$user}, site {$site} (maybe username already in use).");
        return false;
    }
    return $ret;
}
Пример #2
0
function DBUpdateRunC($contest, $usersite, $usernumber, $runsite, $runnumber, $answer, $chief, $c = null)
{
    $bw = 0;
    if ($c == null) {
        $bw = 1;
        $c = DBConnect();
        DBExec($c, "begin work", "DBUpdateRunC(transaction)");
    }
    $a = DBGetRow("select * from answertable where answernumber={$answer} and contestnumber={$contest}", 0, $c, "DBUpdateRunC(get answer)");
    if ($a == null) {
        DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
        MSGError("Problem with the answer table. Contact an admin now!");
        LogLevel("Unable to judge a run because the answer was not found (run={$runnumber}, site={$runsite}, " . "contest={$contest}, answer={$answer}).", 0);
        return false;
    }
    if ($a["fake"] == 't') {
        DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
        MSGError("You must choose a valid answer.");
        LogLevel("Unable to judge a run because of the fake answer (run={$runnumber}, site={$runsite}, " . "contest={$contest}, answer={$answer}).", 0);
        return false;
    }
    $yes = $a["yes"];
    $b = DBSiteInfo($contest, $runsite, $c);
    if ($b == null) {
        exit;
    }
    $sql = "select * from runtable as r where r.contestnumber={$contest} and " . "r.runsitenumber={$runsite} and r.runnumber={$runnumber}";
    if ($chief != 1) {
        $sql .= " and (r.runstatus='judging' or r.runstatus='judged+') and " . "((r.runjudge1={$usernumber} and r.runjudgesite1={$usersite}) or " . " (r.runjudge2={$usernumber} and r.runjudgesite2={$usersite}))";
        $tx = "Judge";
    } else {
        $tx = "Chief";
    }
    $r = DBExec($c, $sql . " for update", "DBUpdateRunC(get run for update)");
    $n = DBnlines($r);
    if ($n != 1) {
        if ($bw == 1) {
            DBExec($c, "rollback work", "DBUpdateRunC(rollback)");
            LogLevel("Unable to judge a run (maybe it was already judged or catched by a chief) " . "(run={$runnumber}, site={$runsite}, contest={$contest}).", 2);
            MSGError("Unable to judge the run (maybe it was already judged or catched by a chief)");
        }
        return false;
    }
    $temp = DBRow($r, 0);
    $t = $b["currenttime"];
    $team = $temp["usernumber"];
    if ($temp["runanswer"] != "") {
        $tinhabalao = DBBalloon($contest, $runsite, $temp["usernumber"], $temp["runproblem"], $bw == 1, $c);
    } else {
        $tinhabalao = false;
    }
    if ($temp["runjudge1"] == $usernumber && $temp["runjudgesite1"] == $usersite) {
        DBExec($c, "update runtable set runanswer1={$answer}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run judge1)");
        $outra = $temp["runanswer2"];
    }
    if ($temp["runjudge2"] == $usernumber && $temp["runjudgesite2"] == $usersite) {
        DBExec($c, "update runtable set runanswer2={$answer}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run judge2)");
        $outra = $temp["runanswer1"];
    }
    $newstatus = 'judging';
    if ($chief == 1 || $outra != 0 && $outra == $answer && $temp["runstatus"] != "judged+" || $outra != 0 && $outra == $answer && $temp["runanswer"] == $answer) {
        $newstatus = 'judged';
        DBExec($c, "update runtable set runstatus='judged', " . "runjudge={$usernumber}, runjudgesite={$usersite}, " . "runanswer={$answer}, rundatediffans={$t}, updatetime=" . time() . " " . "where contestnumber={$contest} and runnumber={$runnumber} and runsitenumber={$runsite}", "DBUpdateRunC(update run)");
        $tembalao = DBBalloon($contest, $runsite, $temp["usernumber"], $temp["runproblem"], $bw == 1, $c);
        //	if ($runsite==$usersite) {
        if (!$tinhabalao && $tembalao) {
            if (($b = DBSiteInfo($contest, $runsite, $c)) == null) {
                return true;
            }
            $ta = $b["currenttime"];
            $tf = $b["sitelastmileanswer"];
            if ($ta < $tf || $ta > $b['siteduration']) {
                $u = DBUserInfo($contest, $runsite, $team, $c);
                if ($u['usertype'] == 'team') {
                    $p = DBGetProblemData($contest, $temp["runproblem"], $c);
                    DBNewTask_old($contest, $runsite, $team, escape_string("\"" . $u["username"] . "\" must have a balloon for problem " . $p[0]["problemname"] . ": " . $p[0]["fullname"]), "", "", "t", $p[0]["color"], $p[0]["colorname"], $c);
                }
            } else {
                LOGError("DBUpdateRunC: HIDDEN: user={$team},site={$runsite},contest={$contest} would have a balloon for problem=" . $temp["runproblem"]);
            }
        } else {
            if ($tinhabalao && !$tembalao) {
                $u = DBUserInfo($contest, $runsite, $team, $c);
                if ($u['usertype'] == 'team') {
                    $p = DBGetProblemData($contest, $temp["runproblem"], $c);
                    DBNewTask_old($contest, $runsite, $team, escape_string("\"" . $u["username"] . "\" must have _NO_ balloon for problem " . $p[0]["problemname"] . ": " . $p[0]["fullname"]) . ". Please verify and remove it, if needed.", "", "", "t", $p[0]["color"], $p[0]["colorname"], $c);
                }
            }
        }
        //	}
    }
    if ($bw == 1) {
        DBExec($c, "commit work", "DBUpdateRunC(commit)");
        LOGLevel("Run updated (run={$runnumber},site={$runsite},user={$team},contest={$contest},newstatus={$newstatus}," . "judge={$usernumber}(site={$usersite}),answer={$answer}(" . $a["runanswer"] . ")).", 3);
    }
    return true;
}
Пример #3
0
function DBLogInContest($name, $pass, $contest, $msg = true)
{
    $b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)");
    if ($b == null) {
        LOGLevel("There is no contest {$contest}.", 0);
        if ($msg) {
            MSGError("There is no contest {$contest}, contact an admin.");
        }
        return false;
    }
    $d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false);
    if ($d == null) {
        if ($msg) {
            MSGError("There is no active site, contact an admin.");
        }
        return false;
    }
    $a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)");
    if ($a == null) {
        if ($msg) {
            LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2);
            MSGError("User does not exist or incorrect password.");
        }
        return false;
    }
    $a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false);
    $_SESSION['usertable'] = $a;
    $p = myhash($a["userpassword"] . session_id());
    $_SESSION['usertable']['userpassword'] = $p;
    if ($a["userpassword"] != "" && $p != $pass) {
        LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2);
        if ($msg) {
            MSGError("Incorrect password.");
        }
        unset($_SESSION["usertable"]);
        return false;
    }
    if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
        LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2);
        if ($msg) {
            MSGError("Logins are not allowed.");
        }
        unset($_SESSION["usertable"]);
        return false;
    }
    if ($a["userenabled"] != "t") {
        LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2);
        if ($msg) {
            MSGError("User disabled.");
        }
        unset($_SESSION["usertable"]);
        return false;
    }
    $gip = getIP();
    if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
        LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1);
        if ($msg && $a["usertype"] != "admin") {
            MSGError("You are using two distinct IPs. Admin notified.");
        }
    }
    if ($a["userpermitip"] != "") {
        $ips = explode(';', $a["userpermitip"]);
        $gips = explode(';', $gip);
        if (count($gips) < count($ips)) {
            IntrusionNotify("Invalid IP: " . $gip);
            ForceLoad("index.php");
        }
        for ($ipss = 0; $ipss < count($ips); $ipss++) {
            $gipi = $gips[$ipss];
            $ipi = $ips[$ipss];
            if (!match_network($ipi, $gipi)) {
                IntrusionNotify("Invalid IP: " . $gip);
                ForceLoad("index.php");
            }
        }
    }
    $c = DBConnect();
    $t = time();
    if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") {
        $r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)");
    } else {
        DBExec($c, "begin work");
        $sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")";
        DBExec($c, $sql);
        DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)");
        if ($name == 'admin') {
            list($clockstr, $clocktime) = siteclock();
            if ($clocktime < -600) {
                DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)");
            }
        }
        DBExec($c, "commit work");
    }
    LOGLevel("User {$name} authenticated (" . $gip . ")", 2);
    return $a;
}