public function go() { if (isset($_GET['id'])) { $id = $_GET['id']; } if (isset($_POST['submit'])) { if ($_POST['title'] == '') { $this->addErrorMessage("Title of the challenge should not be empty"); } elseif ($_POST['description'] == '') { $this->addErrorMessage("Description should not be empty"); } elseif ($_POST['visibility'] == '') { $this->addErrorMessage("Visibility field should not be empty"); } else { $this->title = $_POST['title']; $this->description = $_POST['description']; $this->visibility = $_POST['visibility']; $this->publish = $_POST['publish']; ChallengeBackend::updateChallenge($id, $this->title, $this->description, $this->visibility, $this->publish); $this->addSuccessMessage("Challenge details have been updated succesfully"); } } $challenges = Challenge::getChallenge($id); $this->setViewTemplate('editchallenge.tpl'); $this->addToView('challenge', $challenges[0]); $this->generateView(); }
public function getChallenge() { if ($this->challengeObj == UNPREPARED) { $this->challengeObj = Challenge::getChallenge($this->challenge); } return $this->challengeObj; }
public function go() { if (isset($_GET['id'])) { $id = $_GET['id']; $this->addToView('id', $id); $challenge = Challenge::getChallenge($id); if ($this->isLoggedIn() && ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id))) { $challenge_path = SOURCE_ROOT_PATH . "challenges/" . $challenge[0]->pkg_name . "/"; $this->addToView('pkg_name', $challenge[0]->pkg_name); $solution = $challenge[0]->solution; if (isset($_POST) && count($_POST) != 0) { //echo '<div style = "color:red">CHALLENGE WAS SUBMITTED</div>'; } if (!isset($_GET["path"])) { $url = $challenge_path . "index.php"; } else { $url = $challenge_path . $_GET['path']; } header("Location: " . $url); } else { die; } } $this->setViewTemplate("trychallenge.tpl"); $this->generateView(); }
public function go() { if (isset($_GET['id'])) { $id = $_GET['id']; $challenges = Challenge::getChallenge($id); $title = $challenges[0]->title; $url = HACKADEMIC_PATH . "challenges/" . $challenges[0]->pkg_name . "/index.php"; if (isset($_POST['submit'])) { $contents = $_POST['code']; file_put_contents($url, $contents); $this->addSuccessMessage("File has been updated successfully !"); } if (!file_exists($url)) { $this->addErrorMessage("File does not exist"); $file_contents = ''; } else { $file_contents = htmlspecialchars(file_get_contents($url), ENT_NOQUOTES | ENT_HTML401); } $folder = $challenges[0]->pkg_name; } else { $title = "Unknown Challenge"; $file_contents = ''; $folder = null; $this->addErrorMessage("You need to select a challenge to edit."); } $this->setViewTemplate('editcode.tpl'); $this->addToView('file_contents', $file_contents); $this->addToView('title', $title); $this->addToView('folder', $folder); $this->generateView(); }
public function go() { if (isset($_GET['id'])) { $id = $_GET['id']; $challenge = Challenge::getChallenge($id); $this->setViewTemplate('showChallenge.tpl'); $this->addToView('challenge', $challenge[0]); if (!$this->isLoggedIn()) { $this->addErrorMessage("You must login to be able to take the challenge"); } else { if ($this->isAdmin() || self::IsAllowed($this->getLoggedInUser(), $challenge[0]->id)) { $this->addToView('is_allowed', true); } else { $this->addErrorMessage('You cannot take the challenge as you are not a member of any class to which this challenge is assigned.'); } } $this->generateView(); } }
if (key_exists('claim', $_POST)) { $code = $_POST['code']; $action = 'claim'; } } } } } // ACTION switch ($action) { case 'new': $challenge = new Challenge(array('year' => Year::current(), 'name' => $challenge_name, 'points' => $challenge_points, 'code' => $challenge_code)); $challenge->doAdd("Created challenge {$challenge_name} successfully."); break; case 'delete': $challenge = Challenge::getChallenge($challenge_id); foreach ($challenge->getWinners() as $winner) { $winner->doRemove(); } $challenge->doRemove("Deleted challenge successfully."); break; case 'add': $winner = new ChallengeWinner(array('team' => $team_id, 'challenge' => $challenge_id)); $winner->doAdd("Added challenge winner successfully."); break; case 'remove': $winner = ChallengeWinner::getChallengeWinner($winner_id); $winner->doRemove("Deleted challenge winner successfully."); break; case 'claim': $team = Session::currentTeam();
<?php /* * This should work: * uid = admin'+--+- * pwd = 123 */ require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); $createSQL = "CREATE TABLE players (id MEDIUMINT NOT NULL AUTO_INCREMENT,name varchar(60) NOT NULL,password varchar(100) NOT NULL,PRIMARY KEY(id))"; $error = ""; $dbname = 'wcdb' . $challenge->getChallenge() . $challenge->getUser(); $dbname = str_replace('-', '', $dbname); $db = new MySQL('localhost', 'wcuid' . $challenge->getUser(), 'wcpwd#sldi$v0x8' . $token, strtolower($dbname)); if ($db->testTable("SELECT * FROM players LIMIT 0,1", $createSQL)) { $db->query("INSERT INTO players(name,password) VALUES('admin','{$token}')"); } if (isset($_GET['submit'])) { $uid = htmlspecialchars(strip_tags($_GET['username'])); $passwd = htmlspecialchars(strip_tags($_GET['password'])); $sql = "SELECT password FROM players where name='admin'"; $result = $db->query($sql); $tbl = $result->fetch(); $pwd = $tbl['password']; if ($uid == "admin" && $passwd == $pwd) { $challenge->mark(); CTF::showAchieved(); $db->query("DROP database " . 'webchallengedb' . $challenge->getUser());