function sc_check_priv($prob_id, $opened, $user)
{
if (!function_exists('check_priv')) {
require __DIR__ . '/privilege.php';
}
if (isset($_SESSION['user'])) {
if (strcmp($user, $_SESSION['user']) == 0 || check_priv(PRIV_SOURCE)) {
return TRUE;
}
}
require __DIR__ . '/../conf/database.php';
if (!defined('PROB_HAS_TEX')) {
require __DIR__ . '/../lib/problem_flags.php';
}
if ($opened) {
$row = mysqli_fetch_row(mysqli_query($con, "select has_tex from problem where problem_id={$prob_id}"));
if (!$row) {
return _('There\'s no such problem');
}
$prob_flag = $row[0];
if ($prob_flag & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) {
return _('Looks like you can\'t access this page');
}
if ($prob_flag & PROB_DISABLE_OPENSOURCE) {
return _('This solution is not open-source');
} else {
if ($prob_flag & PROB_SOLVED_OPENSOURCE) {
if (isset($_SESSION['user'])) {
$query = 'select min(result) from solution where user_id=\'' . $_SESSION['user'] . "' and problem_id={$prob_id} group by problem_id";
$user_status = mysqli_query($con, $query);
$row = mysqli_fetch_row($user_status);
if ($row && $row[0] == 0) {
return TRUE;
}
}
return _('You can\'t see me before solving it');
} else {
if (isset($_SESSION['user'])) {
$res = mysqli_query($con, "SELECT contest.contest_id,co.contest_id from contest\n RIGHT JOIN (select contest_id from contest_status where user_id='" . $_SESSION['user'] . "' and leave_time is NULL) as cs on (contest.contest_id=cs.contest_id)\n LEFT JOIN (select contest_id from contest_problem where problem_id={$prob_id}) as cp on (contest.contest_id=cp.contest_id)\n LEFT JOIN (select contest_id from contest_owner where user_id='" . $_SESSION['user'] . "') as co on (contest.contest_id=co.contest_id)\n where NOW()>start_time and NOW()<end_time and contest.hide_source_code");
$num = mysqli_num_rows($res);
if ($num > 0) {
$accessible = false;
while ($row = mysqli_fetch_row($res)) {
if (!is_null($row[1])) {
$accessible = true;
}
}
if ($accessible) {
return TRUE;
} else {
return _('You can\'t see me before the contest ends');
}
}
return TRUE;
}
}
}
}
return _('Looks like you can\'t access this page');
}
if ($_POST['id'] == 'all') {
if (mysqli_query($con, "update solution set public_code=1 where user_id='{$uid}'")) {
echo 'success';
} else {
echo _('Something went wrong...');
}
} else {
$id = intval($_POST['id']);
mysqli_query($con, "update solution set public_code=(!public_code) where solution_id={$id} and user_id='{$uid}'");
if (mysqli_affected_rows($con) == 1) {
echo 'success';
} else {
echo _('Something went wrong...');
}
}
} else {
if ($op == 'mark_mal') {
require __DIR__ . '/../func/privilege.php';
if (!check_priv(PRIV_PROBLEM) && !check_priv(PRIV_SYSTEM)) {
echo _('Permission Denied...');
exit;
}
$id = intval($_POST['id']);
mysqli_query($con, "update solution set malicious=(!malicious) where solution_id={$id}");
if (mysqli_affected_rows($con) == 1) {
echo 'success';
} else {
echo _('Something went wrong...');
}
}
}
?>
<strong class="notifier"></strong></a></li>
<li><a href="/marked.php"><i class="fa fa-fw fa-star"></i> <?php
echo _('Marked');
?>
</a></li>
<li><a href="/profile.php"><i class="fa fa-fw fa-github-alt"></i> <?php
echo _('Profile');
?>
</a></li>
<li><a href="/preferences.php"><i class="fa fa-fw fa-cog"></i> <?php
echo _('Preferences');
?>
</a></li>
<?php
if (check_priv(PRIV_PROBLEM) || check_priv(PRIV_SYSTEM)) {
?>
<li class="divider hidden-xs"></li>
<li><a href="/admin.php"><i class="fa fa-fw fa-bolt"></i> <?php
echo _('Administration');
?>
</a></li>
<?php
}
?>
<li class="divider hidden-xs"></li>
<li><a id="nav_logoff" href="#"><i class="fa fa-fw fa-sign-out"></i> <?php
echo _('Log off');
?>
</a></li>
</ul>
function updatechange_plan($param)
{
global $gbl, $sgbl, $login, $ghtml;
if_demo_throw_exception('changeplan');
if ($this->isLogin()) {
throw new lxException('cannot_change_plan', 'nname', $this->nname);
}
$gbl->__ajax_refresh = true;
$tname = $param['newresourceplan'];
$parent = $this->getParentO();
$template = getFromAny(array($parent, $login), "resourceplan", $tname);
if (!$template) {
throw new lxException('cannot_find_the_resource_plan', 'nname', $this->nname);
}
$priv = $template->priv;
$this->resourceplan_used = $param['newresourceplan'];
$oldv = clone $this->priv;
check_priv($parent, $this->get__table(), $this->priv, $priv);
$this->distributeChildQuota($oldv);
$this->changePlanSpecific($template);
$this->setUpdateSubaction('change_plan');
return null;
}
<?php
require __DIR__ . '/inc/init.php';
require __DIR__ . '/func/privilege.php';
require __DIR__ . '/func/checklogin.php';
if (!check_priv(PRIV_PROBLEM)) {
include __DIR__ . '/inc/403.php';
} else {
if (!isset($_SESSION['admin_tfa']) || !$_SESSION['admin_tfa']) {
$_SESSION['admin_retpage'] = $_SERVER['REQUEST_URI'];
header("Location: admin_auth.php");
exit;
} else {
require __DIR__ . '/lib/problem_flags.php';
require __DIR__ . '/conf/database.php';
$level_max = PROB_LEVEL_MASK >> PROB_LEVEL_SHIFT;
if (!isset($_GET['problem_id'])) {
$p_type = 'add';
$inTitle = _('New Problem');
} else {
$p_type = 'edit';
$prob_id = intval($_GET['problem_id']);
$inTitle = _('Edit Problem') . " #{$prob_id}";
$query = "select title,description,input,output,sample_input,sample_output,hint,source,case_time_limit,memory_limit,case_score,compare_way,has_tex from problem where problem_id={$prob_id}";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_row($result);
if (!$row) {
$info = _('There\'s no such problem');
} else {
switch ($row[11] >> 16) {
case 0:
<tr><td colspan="2"><?php
echo _('Last Seen');
?>
</td><td><?php
echo $row[3];
?>
</td></tr>
<tr><td colspan="2"><?php
echo _('Privilege');
?>
</td><td><?php
echo list_priv($row[10]);
?>
</td></tr>
<?php
if (check_priv(PRIV_SYSTEM)) {
?>
<tr><td colspan="2"><?php
echo _('IP Address');
?>
</td><td><?php
echo $row[2] . ' ' . get_ipgeo($row[2]);
?>
</td></tr>
<?php
}
?>
<tr><td colspan="2"><?php
echo _('School');
?>
</td><td><?php
require_once "plib/priv.php";
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
$d_id = $cgi[d_id];
if ($p_id == "" || $t_id == "" || $d_id == "") {
sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 修改文档({$d_id})";
if ($cgi[edit] != "") {
//sys_jmp("doclist.php?p_id=$p_id&t_id=$t_id");
if (check_priv($p_id, $t_id, $d_id) < 0) {
sys_exit("对不起,你没有操作权限", $error_message);
}
upload_pic();
$t_name = $temp_data[$t_id][t_name];
$t_cname = $temp_data[$t_id][cname];
$nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 更新文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
print_html("更新文档", $nav_buf);
printf("更新数据库记录....");
$sqlstr = sprintf("update %s set savedatetime=now(), mu_id=%s,", $t_name, $ck_u_id);
foreach ($cgi as $this_name => $this_value) {
if ($this_name == "") {
continue;
}
$pos = strpos($this_name, $pre_field);
if ($pos !== 0) {
<?php
require_once("plib/head.php");
require_once("plib/priv.php");
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
if($p_id == "" || $t_id == "" ) sys_exit("参数错误");
conProjDB($p_id, $t_id);
if($ck_u_type > 2 ) sys_exit("对不起,你没有操作权限", "");
if( check_priv($p_id, $t_id, 0) < 0 ) sys_exit("对不起,你没有操作权限", $error_message);
foreach($cgi as $cgi_name=>$cgi_value)
{
$pos = strpos($cgi_name, "showorder_");
if($pos === 0)
{
$f_id = substr($cgi_name, strlen("showorder_"));
$sqlstr = sprintf("update tempdef set showorder=%s where f_id=%s", $cgi_value, $f_id);
$res = mysql_query($sqlstr, $proj_mysql) or exit(mysql_error() . "\n" . $sqlstr);
}
}
printf("<script type=\"text/javascript\"> window.location = 'tempdeflist.php?t_id=%s&p_id=%s' </script>\n", $t_id, $p_id);
//Determine page_id
if (isset($_GET['page_id'])) {
$page_id = intval($_GET['page_id']);
} else {
if (isset($_SESSION['view'])) {
$view_arr = unserialize($_SESSION['view']);
$page_id = intval($view_arr['prob'] / 100);
} else {
$page_id = 10;
}
}
$addt_cond = '';
if (!check_priv(PRIV_PROBLEM)) {
$addt_cond .= "and defunct=0 ";
}
if (!check_priv(PRIV_INSIDER)) {
$addt_cond .= "and (has_tex&" . PROB_IS_HIDE . ")=0 ";
}
$row = mysqli_fetch_row(mysqli_query($con, "select max(problem_id) from problem where 1=1 {$addt_cond}"));
$maxpage = intval($row[0] / 100);
if ($page_id < 10) {
header("Location: problemset.php");
exit;
} else {
if ($page_id > $maxpage) {
if ($maxpage == 0) {
$info = _('Looks like there\'s no problem here');
} else {
header("Location: problemset.php?page_id={$maxpage}");
exit;
}
function do_desc_add($object, $class, $param)
{
global $gbl, $sgbl, $login, $ghtml;
$quotaclass = exec_class_method($class, "getquotaclass", $class);
$numvar = "{$quotaclass}_num";
$qobject = $object->getClientParentO();
dprint($qobject->getClname());
if ($qobject->isQuotaVariable($numvar)) {
if (isQuotaGreaterThanOrEq($qobject->used->{$numvar}, $qobject->priv->{$numvar})) {
throw new lxException("Quota Exceeded for {$class}", 'nname', $numvar);
}
}
/*
$list = $qobject->getQuotaVariableList();
foreach((array) $list as $l => $v) {
if (csb($l, "{$class}_m_")) {
$license = strtil(strfrom($l, "_n_"), "_num");
$licvar = strtil(strfrom($l, "_m_"), "_n_");
if (isset($param[$licvar]) && $param[$licvar] === $license) {
if (isQuotaGreaterThanOrEq($qobject->used->$l, $qobject->priv->$l)) {
throw new lxException("Quota Exceeded for $class $licvar.$license", 'nname', $numvar);
}
}
}
}
*/
// Setting it here itself so that the add can override if necessary. This is done in tickets, where the parent is always the admin.
$param['parent_clname'] = $object->getClName();
// In the case of mailaccount, the real parent is mmail, while the object is added to client.
if (isset($param['real_clparent_f'])) {
$parent_class = exec_class_method($class, 'defaultParentClass', $object);
$param['parent_clname'] = createParentName($parent_class, $param['real_clparent_f']);
}
$param = exec_class_method($class, 'Add', $object, $class, $param);
// First loop to create a unique nname if applicable.... FOr the 'unique-nname-creation' to work in the second loop, the variables must be resolved before that... So this extra looping...
foreach ($param as $k => $v) {
if (csb($k, "__v_") || csb($k, "__m_")) {
continue;
}
$object->resolve_class_differences($class, $k, $dclass, $dk);
}
foreach ($param as $k => $v) {
if (csb($k, "__v_") || csb($k, "__m_")) {
continue;
}
$object->resolve_class_heirarchy($class, $k, $dclass, $dk);
$object->resolve_class_differences($class, $k, $ddclass, $ddk);
$nnamevar = get_real_class_variable($ddclass, "__rewrite_nname_const");
if ($nnamevar) {
$nnamelist = null;
foreach ($nnamevar as $n) {
$nnamelist[] = $param[$n];
}
$nparam[$dclass]['nname'] = implode($sgbl->__var_nname_impstr, $nnamelist);
}
$nparam[$dclass][$dk] = $v;
}
// First Pass
foreach ($nparam as $k => $v) {
if (csa($k, "_s_")) {
continue;
}
if ($k === 'priv') {
$olist[$k] = new priv(null, null, $nparam[$class]['nname']);
check_priv($object, $class, $olist[$k], $v);
continue;
}
if ($k === 'used') {
$olist[$k] = new Used(null, null, $nparam[$class]['nname']);
$olist[$k]->create($v);
continue;
}
if ($k === 'listpriv') {
//$olist[$k] = new listpriv($object->__masterserver, null, $class . "_s_vv_p_" . $nparam[$class]['nname']);
$olist[$k] = new listpriv($object->__masterserver, null, $class . "-" . $nparam[$class]['nname']);
check_listpriv($object, $class, $olist[$k], $v);
continue;
}
if (csa($k, "_b")) {
$olist[$k] = new $k($object->__masterserver, null, $nparam[$class]['nname']);
} else {
$olist[$k] = new $k($object->__masterserver, null, $v['nname']);
}
$olist[$k]->inheritSyncServer($object);
$olist[$k]->initThisDef();
$olist[$k]->create($v);
// The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again.
if ($olist[$k]->hasDriverClass()) {
$olist[$k]->createSyncClass();
}
}
// The main object has to inherit the masterserver here itself, so that its children will inherit it later when they are added through addobject.
if (!cse($class, "_a") && exec_class_method($class, "isDatabase") && exists_in_db($object->__masterserver, $class, $olist[$class]->nname)) {
// If the parent is getting added too, then that means we are in the client add page, and thus the variable is vps_name, domain_name rather than nname.
if ($object->dbaction === 'add') {
$vname = "{$class}_name";
} else {
$vname = "nname";
}
throw new lxException("{$olist[$class]->nname}+already+exists+in+{$class}.", $vname, $class);
}
//Second Pass...
foreach ($nparam as $k => $v) {
if (!csa($k, "_s_") && !csa($k, "-")) {
continue;
}
$clist = explode("_s_", $k);
$k = $clist[1];
$cl = $clist[0];
$nolist[$k] = new $k($object->__masterserver, null, $v['nname']);
$nolist[$k]->inheritSyncServer($olist[$cl]);
$nolist[$k]->initThisDef();
$nolist[$k]->create($v);
// The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again.
if ($nolist[$k]->hasDriverClass()) {
$nolist[$k]->createSyncClass();
}
$olist[$cl]->addObject($k, $nolist[$k]);
}
foreach ($olist as $k => $v) {
if (cse($k, "_b") || $k === 'used' || $k === 'priv' || $k === 'listpriv') {
$olist[$class]->{$k} = $v;
continue;
}
if ($k != $class) {
$olist[$class]->addObject($k, $v);
continue;
}
}
if (isset($param['__v_priv'])) {
$olist[$class]->priv = $param['__v_priv'];
}
if (isset($param['__v_listpriv'])) {
$olist[$class]->listpriv = $param['__v_listpriv'];
}
//$olist[$class]->parent_clname = $object->getClName();
$rparent = $object;
$olist[$class]->__parent_o = $rparent;
$olist[$class]->postAdd();
$rparent->addToList($class, $olist[$class]);
$olist[$class]->superPostAdd();
//dprintr($object);
notify_admin("add", $object, $olist[$class]);
do_actionlog($login, $olist[$class], "add", "");
//This shouldn't happen here. This should be done only after the synctosystem since, the sync can fail and the write may not happen at all.
//$olist[$class]->changeUsedFromParentAll();
dprint($olist[$class]->getParentO());
}
require_once "plib/publish.php";
require_once "plib/priv.php";
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
$d_id = $cgi[d_id];
if ($p_id == "" || $t_id == "") {
sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 添加文档";
if ($cgi[edit] != "") {
if (check_priv($p_id, $t_id, 0) < 0) {
sys_exit("对不起,你没有操作权限", $error_message);
}
upload_pic();
$t_name = $temp_data[$t_id][t_name];
$t_cname = $temp_data[$t_id][cname];
$nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 添加文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
print_html("添加文档", $nav_buf);
printf("添加数据库记录....");
$sqlstr = sprintf("insert into %s (cu_id, mu_id, createdatetime, savedatetime, published) values(%s, %s, now(), now(), 'n')", $t_name, $ck_u_id, $ck_u_id);
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统错误,请稍候再试", mysql_error() . "\n" . $sqlstr);
$d_id = mysql_insert_id($proj_mysql);
$sqlstr = sprintf("update %s set", $t_name);
foreach ($poly_data as $pm_id => $this_poly) {
$url_radio = $cgi["urlradio_{$pm_id}"];
$outer_url = $cgi["outer_url_{$pm_id}"];
if (!isset($_POST['source'])) {
echo _('Code too short...');
exit;
}
$code = $_POST['source'];
if (strlen($code) > 29990) {
echo _('Code too long...');
exit;
}
require __DIR__ . '/../lib/problem_flags.php';
require __DIR__ . '/../func/privilege.php';
$forbidden = false;
if ($row[4] == 'Y' && !check_priv(PRIV_PROBLEM)) {
$forbidden = true;
} else {
if ($row[5] & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) {
$forbidden = true;
}
}
if ($forbidden) {
echo _('Permission Denied...');
exit;
}
$_SESSION['lang'] = $lang;
mysqli_query($con, "update users set language={$lang} where user_id='" . $_SESSION['user'] . "'");
mysqli_query($con, "update problem set in_date=NOW() where problem_id={$prob}");
$key = md5('key' . time() . rand());
$share_code = isset($_POST['public']) ? 1 : 0;
$data = array('a' => $prob, 'b' => $lang, 'c' => $row[0], 'd' => $row[1], 'e' => $row[2], 'f' => $code, 'g' => $_SESSION['user'], 'h' => $key, 'i' => $share_code, 'j' => $row[3]);
ignore_user_abort(TRUE);
$result = posttodaemon($data);
