<?php $error = ''; if (strvals_exist($_POST, 'name', 'password')) { $result = $db->fetch('SELECT id, pass, is_admin FROM users WHERE name=?', $_POST['name']); if (!$result || !password_verify($_POST['password'], $result->pass)) { $error = 'Wrong username or password!'; } else { log_in($result->id, $_POST['name'], $result->is_admin); $solves = $db->fetchAll('SELECT challenge_id FROM solves WHERE user_id=?', $result->id); foreach ($solves as $solve) { add_solved_challenge($solve->challenge_id); } redirect_to('?p=home'); } } echo render('login.html.php', array('error' => $error));
<?php if (!logged_in()) { redirect_to('?p=login'); } $error = 'Invalid id.'; if (!strvals_exist($_GET, 'id')) { die($error); } $chal = $db->fetch('SELECT id, title, `desc`, flag, points FROM challenges WHERE id=? AND ctf=?', $_GET['id'], CTF_NAME); if (!$chal) { die($error); } $valid_flag = ''; $flag_msg = 'Incorrect flag.'; if (strvals_exist($_POST, 'flag')) { $valid_flag = false; if (validate_flag($_POST['flag'], $chal->flag)) { $valid_flag = true; if (is_solved($chal->id)) { $flag_msg = 'Correct flag but you already solved the challenge.'; } else { $db->put('INSERT INTO solves (user_id, challenge_id) VALUES (?, ?)', $_SESSION['id'], $chal->id); add_solved_challenge($chal->id); $flag_msg = 'Correct flag! +' . $chal->points . ' points!'; } } } echo render('chal.html.php', array('chal' => $chal, 'valid_flag' => $valid_flag, 'flag_msg' => $flag_msg));