<?php require '../../../include/mellivora.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]); if ($_POST['action'] == 'new') { $id = db_insert('categories', array('added' => time(), 'added_by' => $_SESSION['id'], 'title' => $_POST['title'], 'description' => $_POST['description'], 'available_from' => strtotime($_POST['available_from']), 'available_until' => strtotime($_POST['available_until']))); if ($id) { redirect(CONFIG_SITE_ADMIN_RELPATH . 'edit_category.php?id=' . $id); } else { message_error('Could not insert new category.'); } } }
<?php require '../../../include/mellivora.inc.php'; enforce_authentication(CONFIG_UC_MODERATOR); validateAuthority(3, $_GET['id']); if ($_SERVER['REQUEST_METHOD'] == 'POST') { validate_id($_POST['id']); validate_xsrf_token($_POST['xsrf_token']); if ($_POST['action'] == 'delete') { db_delete('submissions', array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } else { if ($_POST['action'] == 'mark_incorrect') { db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } else { if ($_POST['action'] == 'mark_correct') { db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id'])); redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1'); } } } }
<?php require '../../include/ctf.inc.php'; enforce_authentication(); validate_xsrf_token(array_get($_POST, CONST_XSRF_TOKEN_KEY)); logout();