-
Notifications
You must be signed in to change notification settings - Fork 0
/
viewchall.php
95 lines (95 loc) · 3.88 KB
/
viewchall.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
session_start();
$token = isset($_SESSION['token']) ? $_SESSION['token'] : "";
if (!$token) {
$token = md5(openssl_random_pseudo_bytes(32));
$_SESSION['token']= $token;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="stylesheet" href="style.css">
<?php include("nav.php"); ?>
<?php
include("conn.php");
$ret=0;
if(!isset($_SESSION["username"])){
exit("You are not logged in! Please <a href='login.php'>log in</a></body></html>");
}
if(preg_match('/[^0-9]/', $_GET["id"])){
exit("<p>Invalid challenge ID!</p>");
}
$conn = mysqli_connect($servername, $username, $password, $dbusers);
$sql = "SELECT * FROM `challenges` where ID=".$_GET["id"];
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) < 1) {
exit("<p>Invalid challenge ID!</p>");
}
$row=mysqli_fetch_array($result, MYSQLI_ASSOC);
$sql = "SELECT * FROM `challengesolves` WHERE challenge=".$_GET["id"]." AND user='".$_SESSION["username"]."'";
$result = mysqli_query($conn, $sql);
$solved=0;
if (mysqli_num_rows($result) > 0) {
$solved=1;
}
echo "<title>".stripslashes($row["name"])."</title>";
if (isset($_POST["password"]) && isset($_POST["submit"])){
$success=0;
$timeout=0;
if ($_POST["token"]!==$_SESSION["token"]){
$GLOBALS["ret"]=1;
exit("Invalid CSRF token");
}
if(!isset($_SESSION["challatt"])){
$_SESSION["challatt"]=time()-10;
}
if($_SESSION["challatt"]+10<=time()){
if(password_verify($_POST["password"], $row["password"])){
if($solved===0){
$points=$row["points"];
$sql = "INSERT INTO `challengesolves` VALUES (".$_GET["id"].", '".$_SESSION["username"]."')";
$result = mysqli_query($conn, $sql);
$sql = "SELECT points FROM `users` WHERE username='".$_SESSION["username"]."'";
$result = mysqli_query($conn, $sql);
$user=mysqli_fetch_array($result);
$points+=$user["points"];
$sql = "UPDATE `users` SET points=".$points." WHERE username='".$_SESSION["username"]."'";
$result = mysqli_query($conn, $sql);
}
$success=1;
}
} else {
$timeout=1;
}
}
?>
</head>
<body>
<?php
if(isset($success)){
if($success===1){
exit("<p>Congratulations! You have solved the challenge!</p>");
}
if($success===0){
if ($timeout==0){
echo "<p>Wrong password.</p>";
} else {
echo "<p>Please wait at least 10 seconds between password submissions.</p>";
}
$_SESSION["challatt"]=time();
}
}
if($solved===1){
echo "<p>Note: you have already solved this challenge</p>";
}
echo "<h1>The challenge:</h1>";
echo base64_decode($row["html"]);
?>
<h1>Enter challenge password:</h1>
<form method="POST">
<input type="password" name="password"><input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>