function DBRunDelete($number, $site, $contest, $user, $usersite) { $c = DBConnect(); DBExec($c, "begin work", "DBRunDelete(transaction)"); $sql = "select * from runtable as r where r.contestnumber={$contest} and " . "r.runsitenumber={$site} and r.runnumber={$number}"; $r = DBExec($c, $sql . " for update", "DBRunDelete(get run for update)"); $n = DBnlines($r); if ($n != 1) { DBExec($c, "rollback work", "DBRunDelete(rollback)"); LogLevel("Unable to delete a run. " . "(run={$number}, site={$site}, contest={$contest})", 1); return false; } $temp = DBRow($r, 0); $tinhabalao = DBBalloon($contest, $site, $temp["usernumber"], $temp["runproblem"], true, $c); DBExec($c, "update runtable set runstatus='deleted', runjudge={$user}, runjudgesite={$usersite}, updatetime=" . time() . " where contestnumber={$contest} and runnumber={$number} and runsitenumber={$site}", "DBRunDelete(update run)"); $tembalao = DBBalloon($contest, $site, $temp["usernumber"], $temp["runproblem"], true, $c); if ($tinhabalao && !$tembalao) { $u = DBUserInfo($contest, $site, $temp["usernumber"], $c); if ($u['usertype'] == 'team') { $p = DBGetProblemData($contest, $temp["runproblem"], $c); DBNewTask_old($contest, $site, $temp["usernumber"], escape_string("\"" . $u["username"] . "\" must have _NO_ balloon for problem " . $p[0]["problemname"] . ": " . $p[0]["fullname"]), "", "", "t", $p[0]["color"], $p[0]["colorname"], $c); } } DBExec($c, "commit work", "DBRunDelete(commit)"); LOGLevel("Run deleted (run={$number}, site={$site}, contest={$contest}, user={$user}(site={$usersite})).", 3); return true; }
} } } echo " <td nowrap bgcolor=\"#{$color}\">" . $run[$i]["status"] . "</td>\n"; if ($run[$i]["judge"] != "") { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $run[$i]["judgesite"], $run[$i]["judge"]); echo " <td nowrap>" . $u["username"] . " (" . $run[$i]["judgesite"] . ")"; } else { echo " <td> "; } if ($run[$i]["judge1"] != "") { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $run[$i]["judgesite1"], $run[$i]["judge1"]); echo " [" . $u["username"] . " (" . $run[$i]["judgesite1"] . ")]"; } if ($run[$i]["judge2"] != "") { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $run[$i]["judgesite2"], $run[$i]["judge2"]); echo " [" . $u["username"] . " (" . $run[$i]["judgesite2"] . ")]"; } echo "</td>\n"; if ($run[$i]["autoend"] != "") { $color = "bbbbff"; if ($run[$i]["autoanswer"] == "") { $color = "ff7777"; } } else { if ($run[$i]["autobegin"] == "") { $color = "ffff88"; } else { $color = "77ff77"; } }
} else { echo "0"; } exit; } if (isset($_GET['remote']) && is_numeric($_GET['remote'])) { ob_start(); header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: text/html; charset=utf-8"); session_start(); ob_end_flush(); if (isset($_SESSION["usertable"])) { $_SESSION["usertable"] = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); } else { IntrusionNotify("scoretable1"); ForceLoad("index.php"); } if (!isset($_SESSION['usertable']['usertype']) || $_SESSION["usertable"]["usertype"] != "score" && $_SESSION["usertable"]["usertype"] != "site") { IntrusionNotify("scoretable2"); ForceLoad("index.php"); } } if (!ValidSession()) { InvalidSession("scoretable.php"); ForceLoad("index.php"); } $loc = $_SESSION["loc"]; if (!isset($detail)) {
function DBUserUpdate($contest, $site, $user, $username, $userfull, $userdesc, $passo, $passn) { $a = DBUserInfo($contest, $site, $user, null, false); $p = myhash($a["userpassword"] . session_id()); if ($a["userpassword"] != "" && $p != $passo) { LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " (contest={$contest}, site={$site}) " . "tried to change settings, but password was incorrect.", 2); MSGError("Incorrect password."); } else { if (!$a['changepassword']) { MSGError('Password change is DISABLED'); return; } if ($a["userpassword"] == "") { $temp = myhash(""); } else { $temp = $a["userpassword"]; } $lentmp = strlen($temp); $temp = bighexsub($passn, $temp); if ($lentmp > strlen($temp)) { $newpass = '******' . $temp; } else { $newpass = substr($temp, strlen($temp) - $lentmp); } $c = DBConnect(); DBExec($c, "begin work"); DBExec($c, "lock table usertable"); $r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}"); $n = DBnlines($r); if ($n == 0) { $sql = "update usertable set username='******', userdesc='{$userdesc}', userfullname='{$userfull}', updatetime=" . time(); if ($newpass != myhash("")) { $sql .= ", userpassword='******'"; } $sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}"; $r = DBExec($c, $sql); DBExec($c, "commit work"); LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " changed his settings (newname={$username}) " . "(user={$user},site={$site},contest={$contest})", 2); MSGError("Data updated."); ForceLoad("index.php"); } else { DBExec($c, "rollback work"); LOGLevel("User " . $_SESSION["usertable"]["username"] . "/" . $_SESSION["usertable"]["usersitenumber"] . " couldn't change his settings " . "(user={$user},site={$site},contest={$contest})", 2); MSGError("Update problem (maybe username already in use). No data was changed."); } } }
function ValidSession() { if (!isset($_SESSION["usertable"])) { return FALSE; } $_SESSION["usertable"] = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); if ($_SESSION["usertable"]["usersession"] != session_id() && ($_SESSION["usertable"]["usermultilogin"] != 't' || $_SESSION["usertable"]["usertype"] != 'score')) { return FALSE; } return TRUE; }
if (trim($s["sitejudging"]) != "") { $s["sitejudging"] .= "," . $_SESSION["usertable"]["usersitenumber"]; } else { $s["sitejudging"] = $_SESSION["usertable"]["usersitenumber"]; } $clar = DBAllClarsInSites($_SESSION["usertable"]["contestnumber"], $s["sitejudging"], 'report'); for ($i = 0; $i < count($clar); $i++) { echo " <tr>\n"; echo " <td nowrap>" . $clar[$i]["number"] . "</td>\n"; echo " <td nowrap>" . $clar[$i]["site"] . "</td>\n"; echo " <td nowrap>" . $clar[$i]["user"] . "</td>\n"; echo " <td nowrap>" . dateconvminutes($clar[$i]["timestamp"]) . "</td>\n"; echo " <td nowrap>" . $clar[$i]["problem"] . "</td>\n"; echo " <td nowrap>" . $clar[$i]["status"] . "</td>\n"; if ($clar[$i]["judge"] != "") { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $clar[$i]["judgesite"], $clar[$i]["judge"]); echo " <td nowrap>" . $u["username"] . " (" . $clar[$i]["judgesite"] . ")</td>\n"; } else { echo " <td> </td>\n"; } if ($clar[$i]["question"] == "") { $clar[$i]["question"] = " "; } echo " <td>"; // echo "<pre>" . $clar[$i]["question"] . "</pre>"; // echo $clar[$i]["question"]; echo " <textarea name=\"m{$i}\" cols=\"60\" rows=\"8\" readonly>" . $clar[$i]["question"] . "</textarea>\n"; echo "</td>\n"; if (trim($clar[$i]["answer"]) == "") { $clar[$i]["answer"] = "Not answered yet"; }
function DBLogInContest($name, $pass, $contest, $msg = true) { $b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)"); if ($b == null) { LOGLevel("There is no contest {$contest}.", 0); if ($msg) { MSGError("There is no contest {$contest}, contact an admin."); } return false; } $d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false); if ($d == null) { if ($msg) { MSGError("There is no active site, contact an admin."); } return false; } $a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)"); if ($a == null) { if ($msg) { LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2); MSGError("User does not exist or incorrect password."); } return false; } $a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false); $_SESSION['usertable'] = $a; $p = myhash($a["userpassword"] . session_id()); $_SESSION['usertable']['userpassword'] = $p; if ($a["userpassword"] != "" && $p != $pass) { LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2); if ($msg) { MSGError("Incorrect password."); } unset($_SESSION["usertable"]); return false; } if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2); if ($msg) { MSGError("Logins are not allowed."); } unset($_SESSION["usertable"]); return false; } if ($a["userenabled"] != "t") { LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2); if ($msg) { MSGError("User disabled."); } unset($_SESSION["usertable"]); return false; } $gip = getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1); if ($msg && $a["usertype"] != "admin") { MSGError("You are using two distinct IPs. Admin notified."); } } if ($a["userpermitip"] != "") { $ips = explode(';', $a["userpermitip"]); $gips = explode(';', $gip); if (count($gips) < count($ips)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } for ($ipss = 0; $ipss < count($ips); $ipss++) { $gipi = $gips[$ipss]; $ipi = $ips[$ipss]; if (!match_network($ipi, $gipi)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } } } $c = DBConnect(); $t = time(); if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") { $r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)"); } else { DBExec($c, "begin work"); $sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")"; DBExec($c, $sql); DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)"); if ($name == 'admin') { list($clockstr, $clocktime) = siteclock(); if ($clocktime < -600) { DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)"); } } DBExec($c, "commit work"); } LOGLevel("User {$name} authenticated (" . $gip . ")", 2); return $a; }
<?php require '../../db.php'; require '../config.php'; header('Content-type: text/plain; encoding=utf-8'); $s = DBSiteInfo($contest, $site); $run = DBAllRunsInSites($contest, $site, 'run'); $numRuns = count($run); for ($i = 0; $i < $numRuns; $i++) { $u = DBUserInfo($contest, $site, $run[$i]['user']); $runID = $run[$i]['number']; $runTime = dateconvminutes($run[$i]['timestamp']); $runTeam = $u['username']; $runProblem = $run[$i]['problem']; if ($runTime > $freezeTime) { continue; } echo $runID . '' . $runTime . '' . $runTeam . '' . $runProblem . ''; if ($run[$i]['yes'] == 't') { echo 'Y' . "\n"; } else { if ($run[$i]['answer'] == 'Not answered yet') { echo '?' . "\n"; } else { echo 'N' . "\n"; } } }
function ValidSession() { if (!isset($_SESSION["usertable"])) { return FALSE; } $gip = getIP(); if ($_SESSION["usertable"]["userip"] != $gip || $_SESSION["usertable"]["usersession"] != session_id()) { return FALSE; } if ($_SESSION["usertable"]["usermultilogin"] == 't') { return TRUE; } $tmp = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"]); if ($tmp["userip"] != $gip) { return FALSE; } return TRUE; }
} else { echo " <td nowrap>No</td>\n"; } if ($usr[$i]["usermultilogin"] == "t") { echo " <td nowrap>Yes</td>\n"; } else { echo " <td nowrap>No</td>\n"; } echo " <td nowrap>" . $usr[$i]["userfullname"] . " </td>\n"; echo " <td nowrap>" . $usr[$i]["userdesc"] . " </td>\n"; echo "</tr>"; } echo "</table>\n"; unset($u); if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"])) { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_GET["site"], $_GET["user"]); } ?> <script language="JavaScript" src="../sha256.js"></script> <script language="JavaScript" src="../hex.js"></script> <script language="JavaScript"> function computeHASH() { document.form3.passwordn1.value = bighexsoma(js_myhash(document.form3.passwordn1.value),js_myhash(document.form3.passwordo.value)); document.form3.passwordn2.value = bighexsoma(js_myhash(document.form3.passwordn2.value),js_myhash(document.form3.passwordo.value)); document.form3.passwordo.value = js_myhash(js_myhash(document.form3.passwordo.value)+'<?php echo session_id(); ?> '); // document.form3.passwordn1.value = js_myhash(document.form3.passwordn1.value); // document.form3.passwordn2.value = js_myhash(document.form3.passwordn2.value);
// but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// //Last updated 10/jul/2012 by cassio@ime.usp.br require 'header.php'; $score = DBScore($_SESSION["usertable"]["contestnumber"], false, -1, $st["siteglobalscore"]); echo "<h2>ICPC Output</h2>"; echo "<pre>"; $n = 0; $class = 1; while (list($e, $c) = each($score)) { if (isset($score[$e]["site"]) && isset($score[$e]["user"])) { $r = DBUserInfo($_SESSION["usertable"]["contestnumber"], $score[$e]["site"], $score[$e]["user"]); echo $r["usericpcid"] . ","; echo $class++ . ","; echo $score[$e]["totalcount"] . ","; echo $score[$e]["totaltime"] . ","; if ($score[$e]["first"]) { echo $score[$e]["first"] . "\n"; } else { echo "0\n"; } $n++; } } echo "</pre>"; include "{$locr}/footnote.php"; ?>