function dldc_update_profile(DLDC_User $user, $password)
{
$data = array('email' => trim(Common::getPostString('email')), 'firstname' => trim(Common::getPostString('firstname')), 'lastname' => trim(Common::getPostString('lastname')));
if (!empty($password)) {
if (!DLDC_User::login(dldc_username(), Common::getPostString('password_old'))) {
return dldc_error('You have to supply your current password to change it.');
}
if ($password !== Common::getPostString('password_retype')) {
return dldc_error('You have to retype your new password correctly.');
}
$data['password'] = DLDC_User::hashPassword($password);
dldc_message('Your password has been changed!');
}
$user->saveVars($data);
dldc_message('Information has been saved.');
}
function dldc_login($username, $password)
{
if ($user = DLDC_User::login($username, $password)) {
$_SESSION['DLDC_USER'] = $user;
$_SESSION['DLDC_IS_ADMIN'] = dldc_is_admin();
return true;
} else {
return false;
}
}
function dldc_reqister($username, $password, $email, $firstname, $lastname)
{
if (!dldc_is_valid_username($username)) {
dldc_error('Invalid username. Start with a letter and then add 2-23 digits, letters or underscores.');
} elseif (!dldc_is_valid_password($password)) {
dldc_error('Your password is not secure enough for this service.');
} elseif ($password !== Common::getPostString('password_retype')) {
dldc_error('You have to confirm your password by retyping it.');
} elseif (empty($email)) {
dldc_error('Please fill in an email address.');
} else {
dldc_cleanup();
# DELETE YOUR OLD "PLAYER"!
if (!DLDC_User::create($username, $password, $email, $firstname, $lastname)) {
dldc_error('An error occured!');
} else {
dldc_message('You have been successfully registered!');
}
}
}
$secret_user = (require 'secrets.php');
chdir("../../../");
require_once "challenge/html_head.php";
$title = 'Disclosures';
html_head("Install: {$title}");
if (!GWF_User::isAdminS()) {
return htmlSendToLogin("Better be admin !");
}
### Create challenge table and stuff
require 'www/user.php';
require 'www/db.php';
$users = array('aaaaaron' => array('Aaronson', 'Aaron A.', '*****@*****.**', 'Sonnenblume2014'), 'administrator' => $secret_user, 'dloser' => array('Winner', 'BigRichardDick', '*****@*****.**', 'pwnedgizagain'), 'benja' => array('Barneby-Smith', 'Benjamin', '*****@*****.**', 'Wizard1234'), 'casi' => array('Casi', 'Casi', '*****@*****.**', 'casiisaccasiisac'), 'jannn' => array('L', 'Jan', '*****@*****.**', 'essenlol123'), 'ulla' => array('Kalele', 'Ulla', '*****@*****.**', 'Hannover!!'), 'test' => array('test', 'test', '*****@*****.**', '11111111'), 'admin' => array('test', 'test', '*****@*****.**', '11111111'), 'desiree' => array('Reelity', 'Daisy', '*****@*****.**', '.SOLAME.'), 'strider' => array('', '', '*****@*****.**', 'hahackah'), 'wildgoat' => array('', '', '*****@*****.**', 'iliketrains'), 'synergy' => array('', '', '*****@*****.**', 'syn.synack.ack'), 'fastfloats' => array('', '', '*****@*****.**', 'GMPDEV111'), 'teeest' => array('', '', '*****@*****.**', 'test'), 'lostchall' => array('', '', '*****@*****.**', 'PassWordPass!"§'), 'Weezer' => array('', '', '*****@*****.**', 'Weeeeeeeee'), 'olga' => array('Olga', 'Olga', '*****@*****.**', 'Pass123'));
$i = 0;
GDO::table('DLDC_User')->createTable(true);
foreach ($users as $username => $data) {
list($lastname, $firstname, $email, $password) = $data;
$user = DLDC_User::instance($username, $password, $email, $firstname, $lastname);
$minscore = $username === 'dloser' ? 90 : 0;
$user->setVar('wechall_userid', --$i);
$user->setVar('level', rand($minscore, 100));
$user->insert();
}
### WC continues
GDO::setCurrentDB($db1);
$score = 5;
$url = "challenge/dloser/disclosures/index.php";
$creators = "gizmore,dloser";
$tags = 'Exploit';
WC_Challenge::installChallenge($title, DLDC_SOLUTION, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_S);
require_once "challenge/html_foot.php";
