def reset_password(data=None):
if data is not None:
try:
name = unserialize(data, max_age=1800)
except (BadTimeSignature, SignatureExpired):
return render_template("reset_password.html",
errors=["Your link has expired"])
except (BadSignature, TypeError, base64.binascii.Error):
return render_template("reset_password.html",
errors=["Your reset token is invalid"])
if request.method == "GET":
return render_template("reset_password.html", mode="set")
if request.method == "POST":
user = Users.query.filter_by(name=name).first_or_404()
user.password = request.form["password"].strip()
db.session.commit()
log(
"logins",
format="[{date}] {ip} - successful password reset for {name}",
name=name,
)
db.session.close()
return redirect(url_for("auth.login"))
if request.method == "POST":
email_address = request.form["email"].strip()
team = Users.query.filter_by(email=email_address).first()
get_errors()
if config.can_send_mail() is False:
return render_template(
"reset_password.html",
errors=[
"Email could not be sent due to server misconfiguration"
],
)
if not team:
return render_template(
"reset_password.html",
errors=[
"If that account exists you will receive an email, please check your inbox"
],
)
email.forgot_password(email_address, team.name)
return render_template(
"reset_password.html",
errors=[
"If that account exists you will receive an email, please check your inbox"
],
)
return render_template("reset_password.html")
def new():
if request.method == 'GET':
return render_template("teams/new_team.html")
elif request.method == 'POST':
teamname = request.form.get('name')
passphrase = request.form.get('password', '').strip()
errors = get_errors()
user = get_current_user()
existing_team = Teams.query.filter_by(name=teamname).first()
if existing_team:
errors.append('Ce nom d\'équipe est déjà pris.')
if not teamname:
errors.append('Ce nom d\'équipe est invalide.')
if errors:
return render_template("teams/new_team.html", errors=errors)
team = Teams(
name=teamname,
password=passphrase
)
db.session.add(team)
db.session.commit()
user.team_id = team.id
db.session.commit()
return redirect(url_for('challenges.listing'))
def public(team_id):
standings = get_standings()
errors = get_errors()
team = Teams.query.filter_by(id=team_id, banned=False,
hidden=False).first_or_404()
solves = team.get_solves()
awards = team.get_awards()
score = 0
place = None
for c, i in enumerate(standings):
if i['teamid'] == team_id:
place = c + 1
score = i['score']
break
if errors:
return render_template("teams/public.html",
team=team,
errors=errors)
return render_template(
"teams/public.html",
solves=solves,
awards=awards,
team=team,
score=score,
place=place,
score_frozen=is_scoreboard_frozen(),
)
def users_listing():
page = abs(request.args.get("page", 1, type=int))
q = request.args.get("q")
if q:
field = request.args.get("field")
users = []
errors = get_errors()
if field == "id":
if q.isnumeric():
users = Users.query.filter(Users.id == q).order_by(Users.id.asc()).all()
else:
users = []
errors.append("Your ID search term is not numeric")
elif field == "name":
users = (
Users.query.filter(Users.name.like("%{}%".format(q)))
.order_by(Users.id.asc())
.all()
)
elif field == "email":
users = (
Users.query.filter(Users.email.like("%{}%".format(q)))
.order_by(Users.id.asc())
.all()
)
elif field == "affiliation":
users = (
Users.query.filter(Users.affiliation.like("%{}%".format(q)))
.order_by(Users.id.asc())
.all()
)
elif field == "ip":
users = (
Users.query.join(Tracking, Users.id == Tracking.user_id)
.filter(Tracking.ip.like("%{}%".format(q)))
.order_by(Users.id.asc())
.all()
)
return render_template(
"admin/users/users.html",
users=users,
pages=0,
curr_page=None,
q=q,
field=field,
)
page = abs(int(page))
results_per_page = 50
page_start = results_per_page * (page - 1)
page_end = results_per_page * (page - 1) + results_per_page
users = Users.query.order_by(Users.id.asc()).slice(page_start, page_end).all()
count = db.session.query(db.func.count(Users.id)).first()[0]
pages = int(count / results_per_page) + (count % results_per_page > 0)
return render_template(
"admin/users/users.html", users=users, pages=pages, curr_page=page
)
def login():
errors = get_errors()
if request.method == "POST":
name = request.form["name"]
user = Users.query.filter_by(name=name).first()
if user:
if user and verify_password(request.form["password"], user.password):
session.regenerate()
login_user(user)
log("logins", "[{date}] {ip} - {name} logged in")
db.session.close()
if request.args.get("next") and validators.is_safe_url(
request.args.get("next")
):
return redirect(request.args.get("next"))
return redirect(url_for("challenges.listing"))
else:
# This user exists but the password is wrong
log("logins", "[{date}] {ip} - submitted invalid password for {name}")
errors.append("Your username or password is incorrect")
db.session.close()
return render_template("login.html", errors=errors)
else:
# This user just doesn't exist
log("logins", "[{date}] {ip} - submitted invalid account information")
errors.append("Your username or password is incorrect")
db.session.close()
return render_template("login.html", errors=errors)
else:
db.session.close()
return render_template("login.html", errors=errors)
def new():
if request.method == "GET":
return render_template("teams/new_team.html")
elif request.method == "POST":
teamname = request.form.get("name")
passphrase = request.form.get("password", "").strip()
errors = get_errors()
user = get_current_user()
existing_team = Teams.query.filter_by(name=teamname).first()
if existing_team:
errors.append("That team name is already taken")
if not teamname:
errors.append("That team name is invalid")
if errors:
return render_template("teams/new_team.html", errors=errors)
team = Teams(name=teamname, password=passphrase, captain_id=user.id)
db.session.add(team)
db.session.commit()
user.team_id = team.id
db.session.commit()
return redirect(url_for("challenges.listing"))
def public(team_id):
infos = get_infos()
errors = get_errors()
team = Teams.query.filter_by(id=team_id, banned=False, hidden=False).first_or_404()
solves = team.get_solves()
awards = team.get_awards()
place = team.place
score = team.score
if errors:
return render_template("teams/public.html", team=team, errors=errors)
if config.is_scoreboard_frozen():
infos.append("Scoreboard has been frozen")
return render_template(
"teams/public.html",
solves=solves,
awards=awards,
team=team,
score=score,
place=place,
score_frozen=config.is_scoreboard_frozen(),
infos=infos,
errors=errors,
)
def private():
infos = get_infos()
errors = get_errors()
user = get_current_user()
if not user.team_id:
return render_template("teams/team_enrollment.html")
team_id = user.team_id
team = Teams.query.filter_by(id=team_id).first_or_404()
solves = team.get_solves()
awards = team.get_awards()
place = team.place
score = team.score
if config.is_scoreboard_frozen():
infos.append("Scoreboard has been frozen")
return render_template(
"teams/private.html",
solves=solves,
awards=awards,
user=user,
team=team,
score=score,
place=place,
score_frozen=config.is_scoreboard_frozen(),
infos=infos,
errors=errors,
)
def users_listing():
page = abs(request.args.get('page', 1, type=int))
q = request.args.get('q')
if q:
field = request.args.get('field')
users = []
errors = get_errors()
if field == 'id':
if q.isnumeric():
users = Users.query.filter(Users.id == q).order_by(Users.id.asc()).all()
else:
users = []
errors.append('Your ID search term is not numeric')
elif field == 'name':
users = Users.query.filter(Users.name.like('%{}%'.format(q))).order_by(Users.id.asc()).all()
elif field == 'email':
users = Users.query.filter(Users.email.like('%{}%'.format(q))).order_by(Users.id.asc()).all()
elif field == 'affiliation':
users = Users.query.filter(Users.affiliation.like('%{}%'.format(q))).order_by(Users.id.asc()).all()
return render_template('admin/users/users.html', users=users, pages=None, curr_page=None, q=q, field=field)
page = abs(int(page))
results_per_page = 50
page_start = results_per_page * (page - 1)
page_end = results_per_page * (page - 1) + results_per_page
users = Users.query.order_by(Users.id.asc()).slice(page_start, page_end).all()
count = db.session.query(db.func.count(Users.id)).first()[0]
pages = int(count / results_per_page) + (count % results_per_page > 0)
return render_template('admin/users/users.html', users=users, pages=pages, curr_page=page)
def join():
infos = get_infos()
errors = get_errors()
user = get_current_user_attrs()
if user.team_id:
errors.append("You are already in a team. You cannot join another.")
if request.method == "GET":
team_size_limit = get_config("team_size", default=0)
if team_size_limit:
plural = "" if team_size_limit == 1 else "s"
infos.append("Teams are limited to {limit} member{plural}".format(
limit=team_size_limit, plural=plural))
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
if request.method == "POST":
teamname = request.form.get("name")
passphrase = request.form.get("password", "").strip()
team = Teams.query.filter_by(name=teamname).first()
if errors:
return (
render_template("teams/join_team.html",
infos=infos,
errors=errors),
403,
)
if team and verify_password(passphrase, team.password):
team_size_limit = get_config("team_size", default=0)
if team_size_limit and len(team.members) >= team_size_limit:
errors.append(
"{name} has already reached the team size limit of {limit}"
.format(name=team.name, limit=team_size_limit))
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
user = get_current_user()
user.team_id = team.id
db.session.commit()
if len(team.members) == 1:
team.captain_id = user.id
db.session.commit()
clear_user_session(user_id=user.id)
clear_team_session(team_id=team.id)
return redirect(url_for("challenges.listing"))
else:
errors.append("That information is incorrect")
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
def new():
infos = get_infos()
errors = get_errors()
if request.method == "GET":
team_size_limit = get_config("team_size", default=0)
if team_size_limit:
plural = "" if team_size_limit == 1 else "s"
infos.append(
"Teams are limited to {limit} member{plural}".format(
limit=team_size_limit, plural=plural
)
)
return render_template("teams/new_team.html", infos=infos, errors=errors)
elif request.method == "POST":
teamname = request.form.get("name", "").strip()
passphrase = request.form.get("password", "").strip()
errors = get_errors()
user = get_current_user()
existing_team = Teams.query.filter_by(name=teamname).first()
if existing_team:
errors.append("That team name is already taken")
if not teamname:
errors.append("That team name is invalid")
if errors:
return render_template("teams/new_team.html", errors=errors)
team = Teams(name=teamname, password=passphrase, captain_id=user.id)
db.session.add(team)
db.session.commit()
user.team_id = team.id
db.session.commit()
clear_user_session(user_id=user.id)
clear_team_session(team_id=team.id)
return redirect(url_for("challenges.listing"))
def login():
errors = get_errors()
if request.method == "POST":
name = request.form["name"]
# Check if the user submitted an email address or a team name
if validators.validate_email(name) is True:
user = Users.query.filter_by(email=name).first()
else:
user = Users.query.filter_by(name=name).first()
if user:
if user.password is None:
errors.append(
"Your account was registered with a 3rd party authentication provider. "
"Please try logging in with a configured authentication provider."
)
return render_template("login.html", errors=errors)
if user and verify_password(request.form["password"],
user.password):
session.regenerate()
login_user(user)
log("logins",
"[{date}] {ip} - {name} logged in",
name=user.name)
db.session.close()
if request.args.get("next") and validators.is_safe_url(
request.args.get("next")):
return redirect(request.args.get("next"))
return redirect(url_for("challenges.listing"))
else:
# This user exists but the password is wrong
log(
"logins",
"[{date}] {ip} - submitted invalid password for {name}",
name=user.name,
)
errors.append("用户名或密码错误")
db.session.close()
return render_template("login.html", errors=errors)
else:
# This user just doesn't exist
log("logins",
"[{date}] {ip} - submitted invalid account information")
errors.append("用户名或密码错误")
db.session.close()
return render_template("login.html", errors=errors)
else:
db.session.close()
return render_template("login.html", errors=errors)
def public(user_id):
infos = get_infos()
errors = get_errors()
user = Users.query.filter_by(id=user_id, banned=False, hidden=False).first_or_404()
if config.is_scoreboard_frozen():
infos.append("Scoreboard has been frozen")
return render_template(
"users/public.html", user=user, account=user.account, infos=infos, errors=errors
)
def new():
if request.method == 'GET':
return render_template("teams/new_team.html")
elif request.method == 'POST':
teamname = request.form.get('name')
passphrase = request.form.get('password', '').strip()
confirm_passphrase = request.form.get('confirm-password').strip()
errors = get_errors()
user = get_current_user()
existing_team = Teams.query.filter_by(name=teamname).first()
pass_match = passphrase == confirm_passphrase
if existing_team:
errors.append('That team name is already taken')
if not teamname:
errors.append('That team name is invalid')
for s in '!"#$%&\'()*+,./:;<=>?@[\\]^`{|}~ ':
if s in teamname:
errors.append(
'Your User name should not contain space and symbol %score'
% s)
break
if not pass_match:
errors.append('Password does not match')
if errors:
return render_template("teams/new_team.html", errors=errors)
team = Teams(name=teamname, password=passphrase)
db.session.add(team)
db.session.commit()
user.team_id = team.id
db.session.commit()
system("docker exec server-skr useradd -m %s -s /bin/bash" % teamname)
system(
'''docker exec server-skr bash -c 'echo "%s:%s" | chpasswd' ''' %
(teamname, passphrase))
system("docker exec server-skr cp -rp /chal_template/. /home/%s/" %
teamname)
system('''docker exec server-skr bash -c 'chown %s: /home/%s' ''' %
(teamname, teamname))
system('''docker exec server-skr bash -c 'chmod -w /home/%s' ''' %
teamname)
system("docker exec server-skr cp /etc/passwd /ctfuser")
system("docker exec server-skr cp /etc/shadow /ctfuser")
system("docker exec server-skr cp /etc/group /ctfuser")
from fyp import generateBinaryFlag
generateBinaryFlag(team)
return redirect(url_for('challenges.listing'))
def import_ctf():
backup = request.files['backup']
errors = get_errors()
try:
import_ctf_util(backup)
except Exception as e:
print(e)
errors.append(repr(e))
if errors:
return errors[0], 500
else:
return redirect(url_for('admin.config'))
def reset_password(data=None):
if data is not None:
try:
name = unserialize(data, max_age=1800)
except (BadTimeSignature, SignatureExpired):
return render_template('reset_password.html',
errors=['Your link has expired'])
except (BadSignature, TypeError, base64.binascii.Error):
return render_template('reset_password.html',
errors=['Your reset token is invalid'])
if request.method == "GET":
return render_template('reset_password.html', mode='set')
if request.method == "POST":
team = Users.query.filter_by(name=name).first_or_404()
team.password = bcrypt_sha256.encrypt(
request.form['password'].strip())
db.session.commit()
log('logins',
format="[{date}] {ip} - successful password reset for {name}")
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email_address = request.form['email'].strip()
team = Users.query.filter_by(email=email_address).first()
errors = get_errors()
if config.can_send_mail() is False:
return render_template(
'reset_password.html',
errors=[
'Email could not be sent due to server misconfiguration'
])
if not team:
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
email.forgot_password(email_address, team.name)
return render_template(
'reset_password.html',
errors=[
'If that account exists you will receive an email, please check your inbox'
])
return render_template('reset_password.html')
def listing():
infos = get_infos()
errors = get_errors()
if ctf_started() is False:
errors.append(f"{config.ctf_name()} ещё не начался")
if ctf_paused() is True:
infos.append(f"{config.ctf_name()} приостановлен")
if ctf_ended() is True:
infos.append(f"{config.ctf_name()} закончился")
return render_template("challenges.html", infos=infos, errors=errors)
def listing():
infos = get_infos()
errors = get_errors()
if ctf_started() is False:
errors.append(f"{config.ctf_name()} has not started yet")
if ctf_paused() is True:
infos.append(f"{config.ctf_name()} is paused")
if ctf_ended() is True:
infos.append(f"{config.ctf_name()} has ended")
return render_template("challenges.html", infos=infos, errors=errors)
def register():
errors = get_errors()
if request.method == "POST":
name = request.form["name"]
password = request.form["password"]
name_len = len(name) == 0
names = Users.query.add_columns("name", "id").filter_by(name=name).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
if names:
errors.append("That user name is already taken")
if pass_short:
errors.append("Pick a longer password")
if pass_long:
errors.append("Pick a shorter password")
if name_len:
errors.append("Pick a longer user name")
if len(errors) > 0:
return render_template(
"register.html",
errors=errors,
name=request.form["name"],
password=request.form["password"],
)
else:
with app.app_context():
user = Users(
name=name.strip(),
password=password.strip(),
)
db.session.add(user)
db.session.commit()
db.session.flush()
login_user(user)
log("registrations", "[{date}] {ip} - {name} registered")
db.session.close()
if is_teams_mode():
return redirect(url_for("teams.private"))
return redirect(url_for("challenges.listing"))
else:
return render_template("register.html", errors=errors)
def private():
infos = get_infos()
errors = get_errors()
user = get_current_user()
if config.is_scoreboard_frozen():
infos.append("Scoreboard has been frozen")
return render_template(
"users/private.html",
user=user,
account=user.account,
infos=infos,
errors=errors,
)
def listing():
infos = get_infos()
errors = get_errors()
start = get_config("start") or 0
end = get_config("end") or 0
if ctf_paused():
infos.append("{} is paused".format(config.ctf_name()))
# CTF has ended but we want to allow view_after_ctf. Show error but let JS load challenges.
if ctf_ended() and view_after_ctf():
infos.append("{} has ended".format(config.ctf_name()))
return render_template(
"challenges.html", infos=infos, errors=errors, start=int(start), end=int(end)
)
def join():
infos = get_infos()
errors = get_errors()
if request.method == "GET":
team_size_limit = get_config("team_size", default=0)
if team_size_limit:
plural = "" if team_size_limit == 1 else "s"
infos.append(
"Команды могут содержать не больше {limit} участников".format(
limit=team_size_limit, plural=plural))
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
if request.method == "POST":
teamname = request.form.get("name")
passphrase = request.form.get("password", "").strip()
team = Teams.query.filter_by(name=teamname).first()
if team and verify_password(passphrase, team.password):
team_size_limit = get_config("team_size", default=0)
if team_size_limit and len(team.members) >= team_size_limit:
errors.append(
"Команда {name} уже достигла лимит в {limit} участников".
format(name=team.name, limit=team_size_limit))
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
user = get_current_user()
user.team_id = team.id
db.session.commit()
if len(team.members) == 1:
team.captain_id = user.id
db.session.commit()
clear_user_session(user_id=user.id)
clear_team_session(team_id=team.id)
return redirect(url_for("challenges.listing"))
else:
errors.append("Такая информация некорректна")
return render_template("teams/join_team.html",
infos=infos,
errors=errors)
def list_container():
page = abs(request.args.get("page", 1, type=int))
q = request.args.get("q")
if q:
field = request.args.get("field")
containers = []
errors = get_errors()
if field == "id":
if q.isnumeric():
containers = Containers.query.filter(
Containers.id == q).order_by(Containers.id.asc()).all()
else:
containers = []
errors.append("Your ID search term is not numeric")
elif field == "name":
containers = (
Containers.query.filter(
containers.name.like("%{}%".format(q)))
.order_by(containers.id.asc())
.all()
)
return render_template(
"containers.html",
containers=containers,
pages=0,
curr_page=None,
q=q,
field=field,
)
page = abs(int(page))
results_per_page = 50
page_start = results_per_page * (page - 1)
page_end = results_per_page * (page - 1) + results_per_page
containers = Containers.query.order_by(
Containers.id.asc()).slice(page_start, page_end).all()
for c in containers:
c.status, c.run_port = utils.container_status(c.container_id)
# c.ports = ', '.join(utils.container_ports(
# c.container_id, verbose=True))
count = db.session.query(db.func.count(Containers.id)).first()[0]
pages = int(count / results_per_page) + (count % results_per_page > 0)
return render_template('containers.html', containers=containers, pages=pages, curr_page=page)
def listing():
infos = get_infos()
errors = get_errors()
start = get_config('start') or 0
end = get_config('end') or 0
if ctf_paused():
infos.append('{} is paused'.format(config.ctf_name()))
if view_after_ctf():
infos.append('{} has ended'.format(config.ctf_name()))
return render_template('challenges.html',
infos=infos,
errors=errors,
start=int(start),
end=int(end))
def settings():
infos = get_infos()
errors = get_errors()
user = get_current_user()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
if is_teams_mode() and get_current_team() is None:
team_url = url_for("teams.private")
infos.append(
markup(
f'In order to participate you must either <a href="{team_url}">join or create a team</a>.'
)
)
tokens = UserTokens.query.filter_by(user_id=user.id).all()
prevent_name_change = get_config("prevent_name_change")
if get_config("verify_emails") and not user.verified:
confirm_url = markup(url_for("auth.confirm"))
infos.append(
markup(
"Your email address isn't confirmed!<br>"
"Please check your email to confirm your email address.<br><br>"
f'To have the confirmation email resent please <a href="{confirm_url}">click here</a>.'
)
)
return render_template(
"settings.html",
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
tokens=tokens,
prevent_name_change=prevent_name_change,
infos=infos,
errors=errors,
)
def reset_password(data=None):
if data is not None:
try:
name = unserialize(data, max_age=1800)
except (BadTimeSignature, SignatureExpired):
return render_template('reset_password.html', errors=['Votre lien a expiré'])
except (BadSignature, TypeError, base64.binascii.Error):
return render_template('reset_password.html', errors=['Votre token de réinitialisation est inalide'])
if request.method == "GET":
return render_template('reset_password.html', mode='set')
if request.method == "POST":
user = Users.query.filter_by(name=name).first_or_404()
user.password = request.form['password'].strip()
db.session.commit()
log('logins', format="[{date}] {ip} - successful password reset for {name}", name=name)
db.session.close()
return redirect(url_for('auth.login'))
if request.method == 'POST':
email_address = request.form['email'].strip()
team = Users.query.filter_by(email=email_address).first()
errors = get_errors()
if config.can_send_mail() is False:
return render_template(
'reset_password.html',
errors=['Le courriel n\'a pas pu être envoyé en raison d\'une erreur de configuration du serveur']
)
if not team:
return render_template(
'reset_password.html',
errors=['Si ce compte existe un courriel vous sera envoyé']
)
email.forgot_password(email_address, team.name)
return render_template(
'reset_password.html',
errors=['Si ce compte existe un courriel vous sera envoyé']
)
return render_template('reset_password.html')
def public(team_id):
errors = get_errors()
team = Teams.query.filter_by(id=team_id).first_or_404()
solves = team.get_solves()
awards = team.get_awards()
place = team.place
score = team.score
if errors:
return render_template('teams/team.html', team=team, errors=errors)
return render_template('teams/team.html',
solves=solves,
awards=awards,
team=team,
score=score,
place=place,
score_frozen=config.is_scoreboard_frozen())
def login():
errors = get_errors()
if request.method == "POST":
name = request.form["name"]
# Check if the user submitted an email address or a team name
if validators.validate_email(name) is True:
user = Users.query.filter_by(email=name).first()
else:
user = Users.query.filter_by(name=name).first()
if user:
if user and verify_password(request.form["password"],
user.password):
session.regenerate()
login_user(user)
log("logins", "[{date}] {ip} - {name} logged in")
db.session.close()
if request.args.get("next") and validators.is_safe_url(
request.args.get("next")):
return redirect(request.args.get("next"))
return redirect(url_for("challenges.listing"))
else:
# This user exists but the password is wrong
log("logins",
"[{date}] {ip} - submitted invalid password for {name}")
errors.append("Неверное имя пользователя или пароль")
db.session.close()
return render_template("login.html", errors=errors)
else:
# This user just doesn't exist
log("logins",
"[{date}] {ip} - submitted invalid account information")
errors.append("Неверное имя пользователя или пароль")
db.session.close()
return render_template("login.html", errors=errors)
else:
db.session.close()
return render_template("login.html", errors=errors)
def login():
errors = get_errors()
if request.method == 'POST':
name = request.form['name']
# Check if the user submitted an email address or a team name
if validators.validate_email(name) is True:
user = Users.query.filter_by(email=name).first()
else:
user = Users.query.filter_by(name=name).first()
if user:
if user and check_password(request.form['password'],
user.password):
session.regenerate()
login_user(user)
log('logins', "[{date}] {ip} - {name} logged in")
db.session.close()
if request.args.get('next') and validators.is_safe_url(
request.args.get('next')):
return redirect(request.args.get('next'))
return redirect(url_for('challenges.listing'))
else:
# This user exists but the password is wrong
log('logins',
"[{date}] {ip} - submitted invalid password for {name}")
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else:
# This user just doesn't exist
log('logins',
"[{date}] {ip} - submitted invalid account information")
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html', errors=errors)
def listing():
if (Configs.challenge_visibility == ChallengeVisibilityTypes.PUBLIC
and authed() is False):
pass
else:
if is_teams_mode() and get_current_team() is None:
return redirect(url_for("teams.private", next=request.full_path))
infos = get_infos()
errors = get_errors()
if ctf_started() is False:
errors.append(f"{Configs.ctf_name} has not started yet")
if ctf_paused() is True:
infos.append(f"{Configs.ctf_name} is paused")
if ctf_ended() is True:
infos.append(f"{Configs.ctf_name} has ended")
return render_template("challenges.html", infos=infos, errors=errors)
