def get_challenges(): if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf(): pass else: return [] if utils.user_can_view_challenges() and (utils.ctf_started() or utils.is_admin()): chals = db.session.query( Challenges.id, Challenges.name, Challenges.category ).filter(or_(Challenges.hidden != True, Challenges.hidden == None)).all() jchals = [] for x in chals: jchals.append({ 'id':x.id, 'name':x.name, 'category':x.category }) # Sort into groups categories = set(map(lambda x:x['category'], jchals)) jchals = [j for c in categories for j in jchals if j['category'] == c] return jchals return []
def challenges_view(): infos = [] errors = [] start = utils.get_config('start') or 0 end = utils.get_config('end') or 0 if utils.ctf_paused(): infos.append('{} is paused'.format(utils.ctf_name())) if not utils.is_admin(): # User is not an admin if not utils.ctftime(): # It is not CTF time if utils.view_after_ctf(): # But we are allowed to view after the CTF ends pass else: # We are NOT allowed to view after the CTF ends if utils.get_config('start') and not utils.ctf_started(): errors.append('{} has not started yet'.format(utils.ctf_name())) if (utils.get_config('end') and utils.ctf_ended()) and not utils.view_after_ctf(): errors.append('{} has ended'.format(utils.ctf_name())) return render_template('challenges.html', infos=infos, errors=errors, start=int(start), end=int(end)) if utils.get_config('verify_emails'): if utils.authed(): if utils.is_admin() is False and utils.is_verified() is False: # User is not confirmed return redirect(url_for('auth.confirm_user')) if utils.user_can_view_challenges(): # Do we allow unauthenticated users? if utils.get_config('start') and not utils.ctf_started(): errors.append('{} has not started yet'.format(utils.ctf_name())) if (utils.get_config('end') and utils.ctf_ended()) and not utils.view_after_ctf(): errors.append('{} has ended'.format(utils.ctf_name())) return render_template('challenges.html', infos=infos, errors=errors, start=int(start), end=int(end)) else: return redirect(url_for('auth.login', next='challenges'))
def chals_contest(contestid): contest = Contests.query.filter_by(id=contestid).first() if not utils.is_admin(): if not utils.ctftime(contest=contest): if utils.view_after_ctf(contest=contest): pass else: return redirect(url_for('views.static_html')) if utils.user_can_view_challenges(contest=contest) and ( utils.ctf_started(contest=contest) or utils.is_admin()): chals = Challenges.query.filter( and_(or_(Challenges.hidden != True, Challenges.hidden == None), Challenges.contestid == contestid)).order_by( Challenges.value).all() json = {'game': []} for x in chals: tags = [ tag.tag for tag in Tags.query.add_columns('tag').filter_by( chal=x.id).all() ] files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] unlocked_hints = set([ u.itemid for u in Unlocks.query.filter_by(model='hints', teamid=session['id']) ]) hints = [] for hint in Hints.query.filter_by(chal=x.id).all(): if hint.id in unlocked_hints or utils.ctf_ended(): hints.append({ 'id': hint.id, 'cost': hint.cost, 'hint': hint.hint }) else: hints.append({'id': hint.id, 'cost': hint.cost}) # hints = [{'id':hint.id, 'cost':hint.cost} for hint in Hints.query.filter_by(chal=x.id).all()] chal_type = get_chal_class(x.type) json['game'].append({ 'id': x.id, 'type': chal_type.name, 'name': x.name, 'value': x.value, 'description': x.description, 'category': x.category, 'files': files, 'tags': tags, 'hints': hints }) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def chals(): if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf(): pass else: abort(403) if utils.user_can_view_challenges() and (utils.ctf_started() or utils.is_admin()): teamid = session.get('id') chals = Challenges.query.filter( or_(Challenges.hidden != True, Challenges.hidden == None)).order_by(Challenges.value).all() json = {'game': []} for x in chals: tags = [ tag.tag for tag in Tags.query.add_columns('tag').filter_by( chal=x.id).all() ] files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] unlocked_hints = set([ u.itemid for u in Unlocks.query.filter_by(model='hints', teamid=teamid) ]) hints = [] for hint in Hints.query.filter_by(chal=x.id).all(): if hint.id in unlocked_hints or utils.ctf_ended(): hints.append({ 'id': hint.id, 'cost': hint.cost, 'hint': hint.hint }) else: hints.append({'id': hint.id, 'cost': hint.cost}) chal_type = get_chal_class(x.type) json['game'].append({ 'id': x.id, 'type': chal_type.name, 'name': x.name, 'value': x.value, 'description': x.description, 'category': x.category, 'files': files, 'tags': tags, 'hints': hints, 'template': chal_type.templates['modal'], 'script': chal_type.scripts['modal'], }) db.session.close() return jsonify(json) else: db.session.close() abort(403)
def hints_view(hintid): if utils.ctf_started() is False: if utils.is_admin() is False: abort(403) hint = Hints.query.filter_by(id=hintid).first_or_404() chal = Challenges.query.filter_by(id=hint.chal).first() unlock = Unlocks.query.filter_by(model='hints', itemid=hintid, teamid=session['id']).first() if request.method == 'GET': if unlock: return jsonify({ 'hint': hint.hint, 'chal': hint.chal, 'cost': hint.cost }) else: return jsonify({'chal': hint.chal, 'cost': hint.cost}) elif request.method == 'POST': if unlock is None: # The user does not have an unlock. if utils.ctftime() or ( utils.ctf_ended() and utils.view_after_ctf()) or utils.is_admin() is True: # It's ctftime or the CTF has ended (but we allow views after) team = Teams.query.filter_by(id=session['id']).first() if team.score() < hint.cost: return jsonify({'errors': get_tip('NOT_ENOUGH_POINT')}) unlock = Unlocks(model='hints', teamid=session['id'], itemid=hint.id) award = Awards(teamid=session['id'], name=text_type( get_tip('HIT_FOR').format(chal.name)), value=(-hint.cost)) db.session.add(unlock) db.session.add(award) db.session.commit() json_data = { 'hint': hint.hint, 'chal': hint.chal, 'cost': hint.cost } db.session.close() return jsonify(json_data) elif utils.ctf_ended(): # The CTF has ended. No views after. abort(403) else: # The user does have an unlock, we should give them their hint. json_data = { 'hint': hint.hint, 'chal': hint.chal, 'cost': hint.cost } db.session.close() return jsonify(json_data)
def chals(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect('/') if can_view_challenges(): chals = Challenges.query.add_columns( 'id', 'name', 'value', 'description', 'category').order_by(Challenges.value).all() json = {'game': []} for x in chals: files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] json['game'].append({ 'id': x[1], 'name': x[2], 'value': x[3], 'description': x[4], 'category': x[5], 'files': files }) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def file_handler(path): f = Files.query.filter_by(location=path).first_or_404() chal = Challenges.query.filter_by(id=f.chal).first() s3, bucket = get_s3_conn(app) if utils.is_admin(): key = f.location url = s3.generate_presigned_url('get_object', Params={ 'Bucket': bucket, 'Key': key, }) return redirect(url) if utils.user_can_view_challenges(): if not utils.ctftime(): if not utils.view_after_ctf(): abort(403) if chal.hidden: abort(403) key = f.location url = s3.generate_presigned_url('get_object', Params={ 'Bucket': bucket, 'Key': key, }) return redirect(url) else: return redirect(url_for('auth.login'))
def require_verified_emails_wrapper(*args, **kwargs): if utils.get_config('verify_emails'): if utils.authed(): if utils.is_admin() is False and utils.is_verified( ) is False: # User is not confirmed return redirect(url_for('auth.confirm_user')) return f(*args, **kwargs)
def challenges(): if not is_admin() and not ctftime_view(): return redirect('/') if can_view_challenges(): return render_template('chals.html', ctftime=ctftime_submit()) else: return redirect(url_for('login', next="challenges"))
def solves(teamid=None): if teamid is None: if is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif authed(): solves = Solves.query.join(Teams, Solves.teamid == Teams.id).filter( Solves.teamid == session['id'], Teams.banned == None).all() else: return redirect(url_for('auth.login', next='solves')) else: solves = Solves.query.filter_by(teamid=teamid).all() db.session.close() json = {'solves': []} for x in solves: json['solves'].append({ 'chal': x.chal.name, 'chalid': x.chalid, 'team': x.teamid, 'value': x.chal.value, 'category': x.chal.category, 'time': unix_time(x.date) }) return jsonify(json)
def solves(teamid=None): solves = None awards = None if teamid is None: if is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif authed(): solves = Solves.query.join(Teams, Solves.teamid == Teams.id).filter(Solves.teamid==session['id'], Teams.banned==None).all() else: return redirect(url_for('auth.login', next='solves')) else: solves = Solves.query.filter_by(teamid=teamid).all() awards = Awards.query.filter_by(teamid=teamid).all() db.session.close() json = {'solves':[]} for solve in solves: json['solves'].append({ 'chal': solve.chal.name, 'chalid': solve.chalid, 'team': solve.teamid, 'value': solve.chal.value, 'category': solve.chal.category, 'time': unix_time(solve.date) }) for award in awards: json['solves'].append({ 'chal': award.name, 'chalid': None, 'team': award.teamid, 'value': award.value, 'category': award.category, 'time': unix_time(award.date) }) json['solves'].sort(key=lambda k: k['time']) return jsonify(json)
def challenges_view(): errors = [] start = utils.get_config('start') or 0 end = utils.get_config('end') or 0 if not utils.is_admin(): # User is not an admin if not utils.ctftime(): # It is not CTF time if utils.view_after_ctf(): # But we are allowed to view after the CTF ends pass else: # We are NOT allowed to view after the CTF ends if utils.get_config('start') and not utils.ctf_started(): errors.append('{} has not started yet'.format(utils.ctf_name())) if (utils.get_config('end') and utils.ctf_ended()) and not utils.view_after_ctf(): errors.append('{} has ended'.format(utils.ctf_name())) return render_template('chals.html', errors=errors, start=int(start), end=int(end)) if utils.get_config('verify_emails') and not utils.is_verified(): # User is not confirmed return redirect(url_for('auth.confirm_user')) if utils.user_can_view_challenges(): # Do we allow unauthenticated users? if utils.get_config('start') and not utils.ctf_started(): errors.append('{} has not started yet'.format(utils.ctf_name())) if (utils.get_config('end') and utils.ctf_ended()) and not utils.view_after_ctf(): errors.append('{} has ended'.format(utils.ctf_name())) return render_template('chals.html', errors=errors, start=int(start), end=int(end)) else: return redirect(url_for('auth.login', next='challenges'))
def chals(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect(url_for('views.index')) if user_can_view_challenges() and (ctf_started() or is_admin()): chals = Challenges.query.filter( or_(Challenges.hidden != True, Challenges.hidden == None)).order_by(Challenges.value).all() json = {'game': []} for chal in chals: tags = [ tag.tag for tag in Tags.query.filter_by(chal=chal.id).all() ] files = [ str(f.location) for f in Files.query.filter_by(chal=chal.id).all() ] hints = [{ 'title': hint.title, 'description': hint.description } for hint in Announcements.query.filter_by( chalid=chal.id).order_by(Announcements.date.asc()).all()] notepad = Notepads.query.filter_by(teamid=session['id'], chalid=chal.id).first() notepad = notepad.content if notepad else '' json['game'].append({ 'id': chal.id, 'name': chal.name, 'value': chal.value, 'description': chal.description, 'category': chal.category, 'down': chal.down, 'files': files, 'tags': tags, 'hints': hints, 'notepad': notepad, }) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def user_can_get_config(): if utils.is_admin(): return True if not utils.authed(): return False if not utils.user_can_view_challenges(): return False return True
def team(teamid): if utils.get_config('workshop_mode'): abort(404) if utils.get_config('view_scoreboard_if_utils.authed') and not utils.authed(): return redirect(url_for('auth.login', next=request.path)) infos = [] errors = [] if utils.ctf_paused(): infos.append('{} is paused'.format(utils.ctf_name())) if not utils.ctftime(): # It is not CTF time if utils.view_after_ctf(): # But we are allowed to view after the CTF ends pass else: # We are NOT allowed to view after the CTF ends if utils.get_config('start') and not utils.ctf_started(): errors.append('{} has not started yet'.format(utils.ctf_name())) if (utils.get_config('end') and utils.ctf_ended()) and not utils.view_after_ctf(): errors.append('{} has ended'.format(utils.ctf_name())) freeze = utils.get_config('freeze') user = Teams.query.filter_by(id=teamid).first_or_404() solves = Solves.query.filter_by(teamid=teamid) awards = Awards.query.filter_by(teamid=teamid) place = user.place() score = user.score() if freeze: freeze = utils.unix_time_to_utc(freeze) if teamid != session.get('id'): solves = solves.filter(Solves.date < freeze) awards = awards.filter(Awards.date < freeze) solves = solves.all() awards = awards.all() db.session.close() if utils.hide_scores() and teamid != session.get('id'): errors.append('Scores are currently hidden') else: # banned is a synonym for hidden :/ if not utils.is_admin() and (user.admin or user.banned): errors.append('Scores are currently hidden') if errors: return render_template('team.html', team=user, infos=infos, errors=errors) if request.method == 'GET': return render_template('team.html', solves=solves, awards=awards, team=user, score=score, place=place, score_frozen=utils.is_scoreboard_frozen(), infos=infos) elif request.method == 'POST': json = {'solves': []} for x in solves: json['solves'].append({'id': x.id, 'chal': x.chalid, 'team': x.teamid}) return jsonify(json)
def chal_view_linearunlocked(chal_id): teamid = session.get('id') chal = Challenges.query.filter_by(id=chal_id).first_or_404() chal_class = get_chal_class(chal.type) # Get solved challenge ids solves = [] if utils.is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif utils.user_can_view_challenges(): if utils.authed(): solves = Solves.query\ .join(Teams, Solves.teamid == Teams.id)\ .filter(Solves.teamid == session['id'])\ .all() solve_ids = [] for solve in solves: solve_ids.append(solve.chalid) # Return nothing if there is at least one linear unlocking requirement not solved lu_entries = LinearUnlockingEntry.query.filter_by(chalid=chal.id).all() for lu_entry in lu_entries: if lu_entry.requires_chalid > -1 and lu_entry.requires_chalid not in solve_ids: return jsonify([]) tags = [ tag.tag for tag in Tags.query.add_columns('tag').filter_by( chal=chal.id).all() ] files = [ str(f.location) for f in Files.query.filter_by(chal=chal.id).all() ] unlocked_hints = set([ u.itemid for u in Unlocks.query.filter_by(model='hints', teamid=teamid) ]) hints = [] for hint in Hints.query.filter_by(chal=chal.id).all(): if hint.id in unlocked_hints or utils.ctf_ended(): hints.append({ 'id': hint.id, 'cost': hint.cost, 'hint': hint.hint }) else: hints.append({'id': hint.id, 'cost': hint.cost}) challenge, response = chal_class.read(challenge=chal) response['files'] = files response['tags'] = tags response['hints'] = hints db.session.close() return jsonify(response)
def solves(teamid=None): solves = None awards = None if teamid is None: if utils.is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif utils.user_can_view_challenges(): if utils.authed(): solves = Solves.query.join(Teams, Solves.teamid == Teams.id).filter( Solves.teamid == session['id'], Teams.banned == False).all() else: return jsonify({'solves': []}) else: return redirect(url_for('auth.login', next='solves')) else: if utils.hide_scores(): # Use empty values to hide scores solves = [] awards = [] else: solves = Solves.query.filter_by(teamid=teamid) awards = Awards.query.filter_by(teamid=teamid) freeze = utils.get_config('freeze') if freeze: freeze = utils.unix_time_to_utc(freeze) if teamid != session.get('id'): solves = solves.filter(Solves.date < freeze) awards = awards.filter(Awards.date < freeze) solves = solves.all() awards = awards.all() db.session.close() json = {'solves': []} for solve in solves: json['solves'].append({ 'chal': solve.chal.name, 'chalid': solve.chalid, 'team': solve.teamid, 'value': solve.chal.value, 'category': solve.chal.category, 'time': utils.unix_time(solve.date) }) if awards: for award in awards: json['solves'].append({ 'chal': award.name, 'chalid': None, 'team': award.teamid, 'value': award.value, 'category': award.category or "Award", 'time': utils.unix_time(award.date) }) json['solves'].sort(key=lambda k: k['time']) return jsonify(json)
def file_handler(path): f = Files.query.filter_by(location=path).first_or_404() if f.chal: if not is_admin(): if not ctftime(): if view_after_ctf() and ctf_started(): pass else: abort(403) return send_file(os.path.join(app.root_path, 'uploads', f.location))
def file_handler(path): f = Files.query.filter_by(location=path).first_or_404() if f.chal: if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf() and utils.ctf_started(): pass else: abort(403) upload_folder = os.path.join(app.root_path, app.config['UPLOAD_FOLDER']) return send_file(safe_join(upload_folder, f.location))
def challenges_view(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect('/') if can_view_challenges(): return render_template('chals.html', ctftime=ctftime()) else: return redirect(url_for('auth.login', next='challenges'))
def challenges_view(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect('/') if can_view_challenges(): return render_template('chals.html', ctftime=ctftime()) else: return redirect(url_for('login', next="challenges"))
def user_can_get_config(): if utils.is_admin(): return True if not (utils.authed() and utils.is_verified()): return False if not utils.user_can_view_challenges(): return False if not (utils.ctf_started() and (utils.ctf_ended() or utils.view_after_ctf())): return False return True
def solves(teamid=None): if teamid is None: if is_admin() or user_can_view_challenges(): teamid = session['id'] else: return redirect(url_for('auth.login', next='solves')) teamid = int(teamid) user_solves = [] for solve, value in get_solves_and_value(is_admin=is_admin()): if solve.teamid == teamid: j = { 'team': solve.teamid, 'value': value, 'time': unix_time(solve.date), } if isinstance(solve, Solves) and solve.teamid == session['id']: mark = Marks.query.filter_by(teamid=session['id'], chalid=solve.chalid).first() if mark: j.update({'mark': mark.mark, 'feedback': mark.feedback}) else: j.update({'mark': None, 'feedback': None}) if isinstance(solve, Solves): j['chalid'] = solve.chalid j['chal'] = solve.chal.name j['category'] = solve.chal.category elif isinstance(solve, Awards): j['chalid'] = None j['chal'] = solve.name j['category'] = solve.category else: raise RuntimeError("Objects returned by get_solves_and_value " "should be Solves or Awards") user_solves.append(j) user_solves = sorted(user_solves, key=operator.itemgetter('time')) return jsonify({'solves': user_solves})
def challenges_view(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect(url_for('views.static_html')) if get_config('verify_emails') and not is_verified(): return redirect(url_for('auth.confirm_user')) if can_view_challenges(): return render_template('chals.html', ctftime=ctftime()) else: return redirect(url_for('auth.login', next='challenges'))
def challenges_view(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect('/') if get_config('verify_emails') and not is_verified(): return redirect(url_for('auth.confirm_user')) if can_view_challenges(): return render_template('chals.html', ctftime=ctftime()) else: return redirect(url_for('auth.login', next='challenges'))
def competitions(): if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf(): pass else: abort(403) if utils.user_can_view_challenges() and (utils.ctf_started() or utils.is_admin()): competitions = Competitions.query.all() json = {'competitions': []} for x in competitions: json['competitions'].append({ 'id': x.id, 'title': x.title, 'description': x.description }) db.session.close() return jsonify(json) else: db.session.close() abort(403)
def chals(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect(url_for('views.static_html')) if user_can_view_challenges() and (ctf_started() or is_admin()): chals = Challenges.query.filter( or_(Challenges.hidden != True, Challenges.hidden == None)).add_columns( 'id', 'name', 'value', 'description', 'category').order_by(Challenges.value).all() json = {'game': []} for x in chals: tags = [ tag.tag for tag in Tags.query.add_columns('tag').filter_by( chal=x[1]).all() ] files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] json['game'].append({ 'id': x[1], 'name': x[2], 'value': x[3], 'description': x[4], 'category': x[5], 'files': files, 'tags': tags }) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def chals(): if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf(): pass else: return redirect(url_for('views.static_html')) if utils.user_can_view_challenges() and (utils.ctf_started() or utils.is_admin()): chals = Challenges.query.filter(or_(Challenges.hidden != True, Challenges.hidden == None)).order_by(Challenges.value).all() json = {'game': []} for x in chals: tags = [tag.tag for tag in Tags.query.add_columns('tag').filter_by(chal=x.id).all()] files = [str(f.location) for f in Files.query.filter_by(chal=x.id).all()] unlocked_hints = set([u.itemid for u in Unlocks.query.filter_by(model='hints', teamid=session['id'])]) hints = [] for hint in Hints.query.filter_by(chal=x.id).all(): if hint.id in unlocked_hints or utils.ctf_ended(): hints.append({'id': hint.id, 'cost': hint.cost, 'hint': hint.hint}) else: hints.append({'id': hint.id, 'cost': hint.cost}) # hints = [{'id':hint.id, 'cost':hint.cost} for hint in Hints.query.filter_by(chal=x.id).all()] chal_type = get_chal_class(x.type) json['game'].append({ 'id': x.id, 'type': chal_type.name, 'name': x.name, 'value': x.value, 'description': x.description, 'category': x.category, 'files': files, 'tags': tags, 'hints': hints }) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def get_data(): if request.method == 'GET': if is_admin() is False: log() # Get client data flag, token, time, k = filter(request) if k is not None: data = client(check=True, flag_old=k.flag, flag_new=flag, time=time) save(k, flag) if k is None: data = client(reason='token wrong', time=time) return jsonify(data) if is_admin() is True: # Show Serve log to admin return jsonify(client(reason='admin')) elif request.method == 'POST': # TODO data = {} return jsonify(data)
def user_create_chal(): if request.method == 'POST': chal_type = request.form['chaltype'] chal_class = get_chal_class(chal_type) # do not allow non-admin users to create non-community challenges if not utils.is_admin() and chal_class != CommunityChallenge: abort(403) chal_class.create(request) return redirect(url_for('challenges.challenges_view')) else: return render_template('admin/chals/create.html', content=open(create_path).read())
def during_ctf_time_only_wrapper(*args, **kwargs): if utils.ctftime() or utils.is_admin(): return f(*args, **kwargs) else: if utils.ctf_ended(): if utils.view_after_ctf(): return f(*args, **kwargs) else: error = '{} has ended'.format(utils.ctf_name()) abort(403, description=error) if utils.ctf_started() is False: error = '{} has not started yet'.format(utils.ctf_name()) abort(403, description=error)
def solves(teamid=None): solves = None awards = None if teamid is None: if utils.is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif utils.user_can_view_challenges(): if utils.authed(): solves = Solves.query.join(Teams, Solves.teamid == Teams.id).filter(Solves.teamid == session['id'], Teams.banned == False).all() else: return jsonify({'solves': []}) else: return redirect(url_for('auth.login', next='solves')) else: solves = Solves.query.filter_by(teamid=teamid) awards = Awards.query.filter_by(teamid=teamid) freeze = utils.get_config('freeze') if freeze: freeze = utils.unix_time_to_utc(freeze) if teamid != session.get('id'): solves = solves.filter(Solves.date < freeze) awards = awards.filter(Awards.date < freeze) solves = solves.all() awards = awards.all() db.session.close() json = {'solves': []} for solve in solves: json['solves'].append({ 'chal': solve.chal.name, 'chalid': solve.chalid, 'team': solve.teamid, 'value': solve.chal.value, 'category': solve.chal.category, 'time': utils.unix_time(solve.date) }) if awards: for award in awards: json['solves'].append({ 'chal': award.name, 'chalid': None, 'team': award.teamid, 'value': award.value, 'category': award.category or "Award", 'time': utils.unix_time(award.date) }) json['solves'].sort(key=lambda k: k['time']) return jsonify(json)
def solves(teamid=None): if teamid is None: if is_admin(): solves = Solves.query.filter_by(teamid=session['id']).all() elif authed(): solves = Solves.query.join(Teams, Solves.teamid == Teams.id).filter(Solves.teamid==session['id'], Teams.banned==None).all() else: return redirect(url_for('auth.login', next='solves')) else: solves = Solves.query.filter_by(teamid=teamid).all() db.session.close() json = {'solves':[]} for x in solves: json['solves'].append({ 'chal':x.chal.name, 'chalid':x.chalid,'team':x.teamid, 'value': x.chal.value, 'category':x.chal.category, 'time':unix_time(x.date)}) return jsonify(json)
def comps(compid): if not utils.is_admin(): if not utils.ctftime(): if utils.view_after_ctf(): pass else: abort(403) if compid is None: comp = Competitions.query.all() return render_template('competitions.html', comp=comp) else: comp = Competitions.query.filter(Competitions.id == compid).one() if comp: return render_template('comp.html', comp=comp) else: abort(403)
def chals(): if not is_admin() and not ctftime_view(): return redirect('/') if can_view_challenges(): chals = Challenges.query.add_columns('id', 'name', 'value', 'description', 'category').order_by(Challenges.value).all() json = {'game':[]} for x in chals: files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] json['game'].append({'id':x[1], 'name':x[2], 'value':x[3], 'description':x[4], 'category':x[5], 'files':files}) db.session.close() return jsonify(json) else: db.session.close() return redirect('/login')
def user_chal_types(): data = {} for class_id in CHALLENGE_CLASSES: challenge_class = CHALLENGE_CLASSES.get(class_id) # only allow CommunityChallenge for non-admin users if not utils.is_admin() and challenge_class != CommunityChallenge: continue data[challenge_class.id] = { 'id': challenge_class.id, 'name': challenge_class.name, 'templates': challenge_class.templates, 'scripts': challenge_class.scripts, } return jsonify(data)
def team_solves_view(teamid=None): solves = None awards = None if teamid is None: if is_admin(): solves = Solves.query.filter_by(userid=session['id']).all() elif authed(): user = Users.query.filter_by(id=session.get('id')).first_or_404() user_ids = [ u.id for u in Users.query.with_entities(Users.id).filter_by( teamid=user.teamid) ] solves = Solves.query.filter(Solves.userid.in_(user_ids)).all() else: return redirect(url_for('auth.login', next='solves')) else: team = Teams.query.filter_by(id=teamid).first_or_404() user_ids = [ u.id for u in Users.query.with_entities(Users.id).filter_by( teamid=team.id) ] solves = Solves.query.filter(Solves.userid.in_(user_ids)).all() awards = Awards.query.filter(Awards.userid.in_(user_ids)).all() db.session.close() json = {'solves': []} for solve in solves: json['solves'].append({ 'chal': solve.chal.name, 'chalid': solve.chalid, 'team': solve.userid, 'value': solve.chal.value, 'category': solve.chal.category, 'time': unix_time(solve.date) }) if awards: for award in awards: json['solves'].append({ 'chal': award.name, 'chalid': None, 'team': award.userid, 'value': award.value, 'category': award.category, 'time': unix_time(award.date) }) json['solves'].sort(key=lambda k: k['time']) return jsonify(json)
def challenges_view_contest(contest_slug): contest = Contests.query.filter_by(slug=contest_slug).first() errors = [] start = contest.starttime or 0 end = contest.endtime or 0 if not utils.is_admin(): # User is not an admin if not utils.ctftime(): # It is not CTF time if utils.view_after_ctf( ): # But we are allowed to view after the CTF ends pass else: # We are NOT allowed to view after the CTF ends if utils.ctf_started(contest=contest): errors.append('{} has not started yet'.format( contest.name)) if utils.ctf_ended( contest=contest) and not utils.view_after_ctf(): errors.append('{} has ended'.format(contest.name)) return render_template('chals.html', errors=errors, start=start, end=end) if utils.get_config('verify_emails') and not utils.is_verified( ): # User is not confirmed return redirect(url_for('auth.confirm_user')) if utils.user_can_view_challenges( contest=contest): # Do we allow unauthenticated users? if not utils.ctf_started(contest=contest): errors.append('{} has not started yet'.format(contest.name)) if utils.ctf_ended( contest=contest) and not utils.view_after_ctf(contest=contest): errors.append('{} has ended'.format(contest.name)) contest = Contests.query.filter_by(slug=contest_slug).first() contest_dict = vars(contest) contest_dict.pop('_sa_instance_state', None) return render_template('chals.html', errors=errors, start=start, end=end, contest=contest_dict) else: return redirect( url_for("contests.contest_participate", contest_slug=contest_slug))
def student(studentid): if get_config('view_scoreboard_if_authed') and not authed(): return redirect(url_for('auth.login', next=request.path)) if not is_admin() and session['id'] != studentid: return render_template('errors/403.html') user = Students.query.filter_by(id=studentid).first_or_404() solves = Solves.query.filter_by(studentid=studentid) awards = Awards.query.filter_by(studentid=studentid).all() score = user.score() place = user.place() db.session.close() if request.method == 'GET': return render_template('student.html', solves=solves, awards=awards, student=user, score=score, place=place) elif request.method == 'POST': json = {'solves': []} for x in solves: json['solves'].append({'id': x.id, 'chal': x.chalid, 'student': x.studentid}) return jsonify(json)
def chals(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return redirect(url_for('views.static_html')) if can_view_challenges(): chals = Challenges.query.filter(or_(Challenges.hidden != True, Challenges.hidden == None)).add_columns('id', 'name', 'value', 'description', 'category').order_by(Challenges.value).all() json = {'game':[]} for x in chals: tags = [tag.tag for tag in Tags.query.add_columns('tag').filter_by(chal=x[1]).all()] files = [ str(f.location) for f in Files.query.filter_by(chal=x.id).all() ] json['game'].append({'id':x[1], 'name':x[2], 'value':x[3], 'description':x[4], 'category':x[5], 'files':files, 'tags':tags}) db.session.close() return jsonify(json) else: db.session.close() return redirect(url_for('auth.login', next='chals'))
def admin_view(): if request.method == 'POST': username = request.form.get('name') password = request.form.get('password') admin_user= Teams.query.filter_by(name=request.form['name'], admin=True).first() if admin_user and bcrypt_sha256.verify(request.form['password'], admin_user.password): try: session.regenerate() # NO SESSION FIXATION FOR YOU except: pass # TODO: Some session objects dont implement regenerate :( session['username'] = admin_user.name session['id'] = admin_user.id session['admin'] = True session['nonce'] = sha512(os.urandom(10)) db.session.close() return redirect('/admin/graphs') if is_admin(): return redirect('/admin/graphs') return render_template('admin/login.html')
def admin_view(): if is_admin(): return redirect(url_for('admin.admin_graphs')) return redirect(url_for('auth.login'))