示例#1
1
文件: sourcecode.php 项目: CDFLS/CWOJ
function sc_check_priv($prob_id, $opened, $user)
{
    if (!function_exists('check_priv')) {
        require __DIR__ . '/privilege.php';
    }
    if (isset($_SESSION['user'])) {
        if (strcmp($user, $_SESSION['user']) == 0 || check_priv(PRIV_SOURCE)) {
            return TRUE;
        }
    }
    require __DIR__ . '/../conf/database.php';
    if (!defined('PROB_HAS_TEX')) {
        require __DIR__ . '/../lib/problem_flags.php';
    }
    if ($opened) {
        $row = mysqli_fetch_row(mysqli_query($con, "select has_tex from problem where problem_id={$prob_id}"));
        if (!$row) {
            return _('There\'s no such problem');
        }
        $prob_flag = $row[0];
        if ($prob_flag & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) {
            return _('Looks like you can\'t access this page');
        }
        if ($prob_flag & PROB_DISABLE_OPENSOURCE) {
            return _('This solution is not open-source');
        } else {
            if ($prob_flag & PROB_SOLVED_OPENSOURCE) {
                if (isset($_SESSION['user'])) {
                    $query = 'select min(result) from solution where user_id=\'' . $_SESSION['user'] . "' and problem_id={$prob_id} group by problem_id";
                    $user_status = mysqli_query($con, $query);
                    $row = mysqli_fetch_row($user_status);
                    if ($row && $row[0] == 0) {
                        return TRUE;
                    }
                }
                return _('You can\'t see me before solving it');
            } else {
                if (isset($_SESSION['user'])) {
                    $res = mysqli_query($con, "SELECT contest.contest_id,co.contest_id from contest\n                                       RIGHT JOIN (select contest_id from contest_status where user_id='" . $_SESSION['user'] . "' and leave_time is NULL) as cs on (contest.contest_id=cs.contest_id)\n                                       LEFT JOIN (select contest_id from contest_problem where problem_id={$prob_id}) as cp on (contest.contest_id=cp.contest_id)\n                                       LEFT JOIN (select contest_id from contest_owner where user_id='" . $_SESSION['user'] . "') as co on (contest.contest_id=co.contest_id)\n                                       where NOW()>start_time and NOW()<end_time and contest.hide_source_code");
                    $num = mysqli_num_rows($res);
                    if ($num > 0) {
                        $accessible = false;
                        while ($row = mysqli_fetch_row($res)) {
                            if (!is_null($row[1])) {
                                $accessible = true;
                            }
                        }
                        if ($accessible) {
                            return TRUE;
                        } else {
                            return _('You can\'t see me before the contest ends');
                        }
                    }
                    return TRUE;
                }
            }
        }
    }
    return _('Looks like you can\'t access this page');
}
示例#2
0
    if ($_POST['id'] == 'all') {
        if (mysqli_query($con, "update solution set public_code=1 where user_id='{$uid}'")) {
            echo 'success';
        } else {
            echo _('Something went wrong...');
        }
    } else {
        $id = intval($_POST['id']);
        mysqli_query($con, "update solution set public_code=(!public_code) where solution_id={$id} and user_id='{$uid}'");
        if (mysqli_affected_rows($con) == 1) {
            echo 'success';
        } else {
            echo _('Something went wrong...');
        }
    }
} else {
    if ($op == 'mark_mal') {
        require __DIR__ . '/../func/privilege.php';
        if (!check_priv(PRIV_PROBLEM) && !check_priv(PRIV_SYSTEM)) {
            echo _('Permission Denied...');
            exit;
        }
        $id = intval($_POST['id']);
        mysqli_query($con, "update solution set malicious=(!malicious) where solution_id={$id}");
        if (mysqli_affected_rows($con) == 1) {
            echo 'success';
        } else {
            echo _('Something went wrong...');
        }
    }
}
示例#3
0
文件: navbar.php 项目: CDFLS/CWOJ
    ?>
 <strong class="notifier"></strong></a></li>
                            <li><a href="/marked.php"><i class="fa fa-fw fa-star"></i> <?php 
    echo _('Marked');
    ?>
</a></li>
                            <li><a href="/profile.php"><i class="fa fa-fw fa-github-alt"></i> <?php 
    echo _('Profile');
    ?>
</a></li>
                            <li><a href="/preferences.php"><i class="fa fa-fw fa-cog"></i> <?php 
    echo _('Preferences');
    ?>
</a></li>
                            <?php 
    if (check_priv(PRIV_PROBLEM) || check_priv(PRIV_SYSTEM)) {
        ?>
                                <li class="divider hidden-xs"></li>
                                <li><a href="/admin.php"><i class="fa fa-fw fa-bolt"></i> <?php 
        echo _('Administration');
        ?>
</a></li>
                            <?php 
    }
    ?>
                            <li class="divider hidden-xs"></li>
                            <li><a id="nav_logoff" href="#"><i class="fa fa-fw fa-sign-out"></i> <?php 
    echo _('Log off');
    ?>
</a></li>
                        </ul>
示例#4
0
 function updatechange_plan($param)
 {
     global $gbl, $sgbl, $login, $ghtml;
     if_demo_throw_exception('changeplan');
     if ($this->isLogin()) {
         throw new lxException('cannot_change_plan', 'nname', $this->nname);
     }
     $gbl->__ajax_refresh = true;
     $tname = $param['newresourceplan'];
     $parent = $this->getParentO();
     $template = getFromAny(array($parent, $login), "resourceplan", $tname);
     if (!$template) {
         throw new lxException('cannot_find_the_resource_plan', 'nname', $this->nname);
     }
     $priv = $template->priv;
     $this->resourceplan_used = $param['newresourceplan'];
     $oldv = clone $this->priv;
     check_priv($parent, $this->get__table(), $this->priv, $priv);
     $this->distributeChildQuota($oldv);
     $this->changePlanSpecific($template);
     $this->setUpdateSubaction('change_plan');
     return null;
 }
示例#5
0
<?php

require __DIR__ . '/inc/init.php';
require __DIR__ . '/func/privilege.php';
require __DIR__ . '/func/checklogin.php';
if (!check_priv(PRIV_PROBLEM)) {
    include __DIR__ . '/inc/403.php';
} else {
    if (!isset($_SESSION['admin_tfa']) || !$_SESSION['admin_tfa']) {
        $_SESSION['admin_retpage'] = $_SERVER['REQUEST_URI'];
        header("Location: admin_auth.php");
        exit;
    } else {
        require __DIR__ . '/lib/problem_flags.php';
        require __DIR__ . '/conf/database.php';
        $level_max = PROB_LEVEL_MASK >> PROB_LEVEL_SHIFT;
        if (!isset($_GET['problem_id'])) {
            $p_type = 'add';
            $inTitle = _('New Problem');
        } else {
            $p_type = 'edit';
            $prob_id = intval($_GET['problem_id']);
            $inTitle = _('Edit Problem') . " #{$prob_id}";
            $query = "select title,description,input,output,sample_input,sample_output,hint,source,case_time_limit,memory_limit,case_score,compare_way,has_tex from problem where problem_id={$prob_id}";
            $result = mysqli_query($con, $query);
            $row = mysqli_fetch_row($result);
            if (!$row) {
                $info = _('There\'s no such problem');
            } else {
                switch ($row[11] >> 16) {
                    case 0:
示例#6
0
文件: ajax_user.php 项目: CDFLS/CWOJ
        <tr><td colspan="2"><?php 
    echo _('Last Seen');
    ?>
</td><td><?php 
    echo $row[3];
    ?>
</td></tr>
        <tr><td colspan="2"><?php 
    echo _('Privilege');
    ?>
</td><td><?php 
    echo list_priv($row[10]);
    ?>
</td></tr>
        <?php 
    if (check_priv(PRIV_SYSTEM)) {
        ?>
            <tr><td colspan="2"><?php 
        echo _('IP Address');
        ?>
</td><td><?php 
        echo $row[2] . ' ' . get_ipgeo($row[2]);
        ?>
</td></tr>
        <?php 
    }
    ?>
        <tr><td colspan="2"><?php 
    echo _('School');
    ?>
</td><td><?php 
示例#7
0
require_once "plib/priv.php";
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
$d_id = $cgi[d_id];
if ($p_id == "" || $t_id == "" || $d_id == "") {
    sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " &gt; <a href=templist.php?p_id={$p_id}>{$p_cname}</a> &gt; <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> &gt; 修改文档({$d_id})";
if ($cgi[edit] != "") {
    //sys_jmp("doclist.php?p_id=$p_id&t_id=$t_id");
    if (check_priv($p_id, $t_id, $d_id) < 0) {
        sys_exit("对不起,你没有操作权限", $error_message);
    }
    upload_pic();
    $t_name = $temp_data[$t_id][t_name];
    $t_cname = $temp_data[$t_id][cname];
    $nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> &gt; <a href=\"templist.php?p_id=%s\">%s</a> &gt; %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) &gt; 更新文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
    print_html("更新文档", $nav_buf);
    printf("更新数据库记录....");
    $sqlstr = sprintf("update %s set savedatetime=now(), mu_id=%s,", $t_name, $ck_u_id);
    foreach ($cgi as $this_name => $this_value) {
        if ($this_name == "") {
            continue;
        }
        $pos = strpos($this_name, $pre_field);
        if ($pos !== 0) {
示例#8
0
<?php
require_once("plib/head.php");
require_once("plib/priv.php");


$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];

if($p_id == "" || $t_id == "" ) sys_exit("参数错误");

conProjDB($p_id, $t_id);

if($ck_u_type > 2 ) sys_exit("对不起,你没有操作权限",   "");
if( check_priv($p_id, $t_id, 0) < 0 ) sys_exit("对不起,你没有操作权限",   $error_message);

	
foreach($cgi as $cgi_name=>$cgi_value)
{
		
	$pos = strpos($cgi_name, "showorder_");
	if($pos === 0)
	{
		$f_id = substr($cgi_name, strlen("showorder_"));
		$sqlstr = sprintf("update tempdef set showorder=%s where f_id=%s", $cgi_value, $f_id);
		$res = mysql_query($sqlstr, $proj_mysql) or exit(mysql_error() . "\n" . $sqlstr);
	}
}
	
printf("<script type=\"text/javascript\"> window.location = 'tempdeflist.php?t_id=%s&p_id=%s' </script>\n", $t_id, $p_id);
示例#9
0
文件: problemset.php 项目: CDFLS/CWOJ
 //Determine page_id
 if (isset($_GET['page_id'])) {
     $page_id = intval($_GET['page_id']);
 } else {
     if (isset($_SESSION['view'])) {
         $view_arr = unserialize($_SESSION['view']);
         $page_id = intval($view_arr['prob'] / 100);
     } else {
         $page_id = 10;
     }
 }
 $addt_cond = '';
 if (!check_priv(PRIV_PROBLEM)) {
     $addt_cond .= "and defunct=0 ";
 }
 if (!check_priv(PRIV_INSIDER)) {
     $addt_cond .= "and (has_tex&" . PROB_IS_HIDE . ")=0 ";
 }
 $row = mysqli_fetch_row(mysqli_query($con, "select max(problem_id) from problem where 1=1 {$addt_cond}"));
 $maxpage = intval($row[0] / 100);
 if ($page_id < 10) {
     header("Location: problemset.php");
     exit;
 } else {
     if ($page_id > $maxpage) {
         if ($maxpage == 0) {
             $info = _('Looks like there\'s no problem here');
         } else {
             header("Location: problemset.php?page_id={$maxpage}");
             exit;
         }
示例#10
0
function do_desc_add($object, $class, $param)
{
    global $gbl, $sgbl, $login, $ghtml;
    $quotaclass = exec_class_method($class, "getquotaclass", $class);
    $numvar = "{$quotaclass}_num";
    $qobject = $object->getClientParentO();
    dprint($qobject->getClname());
    if ($qobject->isQuotaVariable($numvar)) {
        if (isQuotaGreaterThanOrEq($qobject->used->{$numvar}, $qobject->priv->{$numvar})) {
            throw new lxException("Quota Exceeded for {$class}", 'nname', $numvar);
        }
    }
    /*
    	$list = $qobject->getQuotaVariableList();
    	foreach((array) $list as $l => $v) {
    		if (csb($l, "{$class}_m_")) {
    			$license = strtil(strfrom($l, "_n_"), "_num");
    			$licvar = strtil(strfrom($l, "_m_"), "_n_");
    			if (isset($param[$licvar]) && $param[$licvar] === $license) {
    				if (isQuotaGreaterThanOrEq($qobject->used->$l, $qobject->priv->$l)) {
    					throw new lxException("Quota Exceeded for $class $licvar.$license", 'nname', $numvar);
    				}
    			}
    		}
    	}
    */
    // Setting it here itself so that the add can override if necessary. This is done in tickets, where the parent is always the admin.
    $param['parent_clname'] = $object->getClName();
    // In the case of mailaccount, the real parent is mmail, while the object is added to client.
    if (isset($param['real_clparent_f'])) {
        $parent_class = exec_class_method($class, 'defaultParentClass', $object);
        $param['parent_clname'] = createParentName($parent_class, $param['real_clparent_f']);
    }
    $param = exec_class_method($class, 'Add', $object, $class, $param);
    // First loop to create a unique nname if applicable.... FOr the 'unique-nname-creation' to work in the second loop, the variables must be resolved before that... So this extra looping...
    foreach ($param as $k => $v) {
        if (csb($k, "__v_") || csb($k, "__m_")) {
            continue;
        }
        $object->resolve_class_differences($class, $k, $dclass, $dk);
    }
    foreach ($param as $k => $v) {
        if (csb($k, "__v_") || csb($k, "__m_")) {
            continue;
        }
        $object->resolve_class_heirarchy($class, $k, $dclass, $dk);
        $object->resolve_class_differences($class, $k, $ddclass, $ddk);
        $nnamevar = get_real_class_variable($ddclass, "__rewrite_nname_const");
        if ($nnamevar) {
            $nnamelist = null;
            foreach ($nnamevar as $n) {
                $nnamelist[] = $param[$n];
            }
            $nparam[$dclass]['nname'] = implode($sgbl->__var_nname_impstr, $nnamelist);
        }
        $nparam[$dclass][$dk] = $v;
    }
    // First Pass
    foreach ($nparam as $k => $v) {
        if (csa($k, "_s_")) {
            continue;
        }
        if ($k === 'priv') {
            $olist[$k] = new priv(null, null, $nparam[$class]['nname']);
            check_priv($object, $class, $olist[$k], $v);
            continue;
        }
        if ($k === 'used') {
            $olist[$k] = new Used(null, null, $nparam[$class]['nname']);
            $olist[$k]->create($v);
            continue;
        }
        if ($k === 'listpriv') {
            //$olist[$k] = new listpriv($object->__masterserver, null, $class . "_s_vv_p_" . $nparam[$class]['nname']);
            $olist[$k] = new listpriv($object->__masterserver, null, $class . "-" . $nparam[$class]['nname']);
            check_listpriv($object, $class, $olist[$k], $v);
            continue;
        }
        if (csa($k, "_b")) {
            $olist[$k] = new $k($object->__masterserver, null, $nparam[$class]['nname']);
        } else {
            $olist[$k] = new $k($object->__masterserver, null, $v['nname']);
        }
        $olist[$k]->inheritSyncServer($object);
        $olist[$k]->initThisDef();
        $olist[$k]->create($v);
        // The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again.
        if ($olist[$k]->hasDriverClass()) {
            $olist[$k]->createSyncClass();
        }
    }
    // The main object has to inherit the masterserver here itself, so that its children will inherit it later when they are added through addobject.
    if (!cse($class, "_a") && exec_class_method($class, "isDatabase") && exists_in_db($object->__masterserver, $class, $olist[$class]->nname)) {
        // If the parent is getting added too, then that means we are in the client add page, and thus the variable is vps_name, domain_name rather than nname.
        if ($object->dbaction === 'add') {
            $vname = "{$class}_name";
        } else {
            $vname = "nname";
        }
        throw new lxException("{$olist[$class]->nname}+already+exists+in+{$class}.", $vname, $class);
    }
    //Second Pass...
    foreach ($nparam as $k => $v) {
        if (!csa($k, "_s_") && !csa($k, "-")) {
            continue;
        }
        $clist = explode("_s_", $k);
        $k = $clist[1];
        $cl = $clist[0];
        $nolist[$k] = new $k($object->__masterserver, null, $v['nname']);
        $nolist[$k]->inheritSyncServer($olist[$cl]);
        $nolist[$k]->initThisDef();
        $nolist[$k]->create($v);
        // The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again.
        if ($nolist[$k]->hasDriverClass()) {
            $nolist[$k]->createSyncClass();
        }
        $olist[$cl]->addObject($k, $nolist[$k]);
    }
    foreach ($olist as $k => $v) {
        if (cse($k, "_b") || $k === 'used' || $k === 'priv' || $k === 'listpriv') {
            $olist[$class]->{$k} = $v;
            continue;
        }
        if ($k != $class) {
            $olist[$class]->addObject($k, $v);
            continue;
        }
    }
    if (isset($param['__v_priv'])) {
        $olist[$class]->priv = $param['__v_priv'];
    }
    if (isset($param['__v_listpriv'])) {
        $olist[$class]->listpriv = $param['__v_listpriv'];
    }
    //$olist[$class]->parent_clname = $object->getClName();
    $rparent = $object;
    $olist[$class]->__parent_o = $rparent;
    $olist[$class]->postAdd();
    $rparent->addToList($class, $olist[$class]);
    $olist[$class]->superPostAdd();
    //dprintr($object);
    notify_admin("add", $object, $olist[$class]);
    do_actionlog($login, $olist[$class], "add", "");
    //This shouldn't happen here. This should be done only after the synctosystem since, the sync can fail and the write may not happen at all.
    //$olist[$class]->changeUsedFromParentAll();
    dprint($olist[$class]->getParentO());
}
示例#11
0
require_once "plib/publish.php";
require_once "plib/priv.php";
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
$d_id = $cgi[d_id];
if ($p_id == "" || $t_id == "") {
    sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " &gt; <a href=templist.php?p_id={$p_id}>{$p_cname}</a> &gt; <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> &gt; 添加文档";
if ($cgi[edit] != "") {
    if (check_priv($p_id, $t_id, 0) < 0) {
        sys_exit("对不起,你没有操作权限", $error_message);
    }
    upload_pic();
    $t_name = $temp_data[$t_id][t_name];
    $t_cname = $temp_data[$t_id][cname];
    $nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> &gt; <a href=\"templist.php?p_id=%s\">%s</a> &gt; %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) &gt; 添加文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
    print_html("添加文档", $nav_buf);
    printf("添加数据库记录....");
    $sqlstr = sprintf("insert into %s (cu_id, mu_id, createdatetime, savedatetime, published) values(%s, %s, now(), now(), 'n')", $t_name, $ck_u_id, $ck_u_id);
    $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统错误,请稍候再试", mysql_error() . "\n" . $sqlstr);
    $d_id = mysql_insert_id($proj_mysql);
    $sqlstr = sprintf("update %s set", $t_name);
    foreach ($poly_data as $pm_id => $this_poly) {
        $url_radio = $cgi["urlradio_{$pm_id}"];
        $outer_url = $cgi["outer_url_{$pm_id}"];
示例#12
0
 if (!isset($_POST['source'])) {
     echo _('Code too short...');
     exit;
 }
 $code = $_POST['source'];
 if (strlen($code) > 29990) {
     echo _('Code too long...');
     exit;
 }
 require __DIR__ . '/../lib/problem_flags.php';
 require __DIR__ . '/../func/privilege.php';
 $forbidden = false;
 if ($row[4] == 'Y' && !check_priv(PRIV_PROBLEM)) {
     $forbidden = true;
 } else {
     if ($row[5] & PROB_IS_HIDE && !check_priv(PRIV_INSIDER)) {
         $forbidden = true;
     }
 }
 if ($forbidden) {
     echo _('Permission Denied...');
     exit;
 }
 $_SESSION['lang'] = $lang;
 mysqli_query($con, "update users set language={$lang} where user_id='" . $_SESSION['user'] . "'");
 mysqli_query($con, "update problem set in_date=NOW() where problem_id={$prob}");
 $key = md5('key' . time() . rand());
 $share_code = isset($_POST['public']) ? 1 : 0;
 $data = array('a' => $prob, 'b' => $lang, 'c' => $row[0], 'd' => $row[1], 'e' => $row[2], 'f' => $code, 'g' => $_SESSION['user'], 'h' => $key, 'i' => $share_code, 'j' => $row[3]);
 ignore_user_abort(TRUE);
 $result = posttodaemon($data);