def compare(saved, provided):
'''
request a url with (key,token,auth) return http_status_code
**USE [POST] method
*key is flag provide by user (Don't be trusted)
*token is user's Team-Token
*auth is generate by system_sectet_key,use to identify we self
**http_status_code=200 & Text='OKAY' will return true, other is false
'''
token = get_team_token()
if token == 'NULL':
return False
if (validate_url(saved)):
try:
r = requests.post(saved,
data={
"key": provided,
"token": token,
"auth": get_authcode()
},
timeout=3.0)
except requests.RequestException as e:
return False
print r.status_code
if r.status_code == 200 and r.text == 'OKAY':
return True
else:
return False
'''Not support yet'''
return False
def profile():
if authed():
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
user = Teams.query.filter_by(id=session['id']).first()
names = Teams.query.filter_by(name=name).first()
emails = Teams.query.filter_by(email=email).first()
valid_email = re.match("[^@]+@[^@]+\.[^@]+", email)
name_len = len(request.form['name']) == 0
if ('password' in request.form.keys() and not len(request.form['password']) == 0) and \
(not bcrypt_sha256.verify(request.form.get('confirm').strip(), user.password)):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if names and name!=session['username']:
errors.append('That team name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if name_len:
errors.append('Pick a longer team name')
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
team.name = name
team.email = email
session['username'] = name
if 'password' in request.form.keys() and not len(request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get('password'))
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect('/profile')
else:
user = Teams.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country)
else:
return redirect('/login')
def profile():
if authed():
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
names = Teams.query.filter_by(name=name).first()
emails = Teams.query.filter_by(email=email).first()
valid_email = re.match("[^@]+@[^@]+\.[^@]+", email)
name_len = len(request.form['name']) == 0
if not bcrypt_sha256.verify(request.form.get('confirm').strip(), names.password):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if names and name!=session['username']:
errors.append('That team name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if name_len:
errors.append('Pick a longer team name')
if not validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
team.name = name
team.email = email
if 'password' in request.form.keys() and not len(request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get('password'))
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect('/profile')
else:
user = Teams.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation, country=country)
else:
return redirect('/login')
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form.get('name', '')
email = request.form.get('email', '')
password = request.form.get('password', '')
password_confirm = request.form.get('password-confirm', '')
website = request.form.get('website', '')
affiliation = request.form.get('affiliation', '')
country = request.form.get('country', '')
if not name:
errors.append('Pick a longer team name')
else:
names = Teams.query.filter_by(name=name).first()
if names:
errors.append('That team name is already taken')
if not email:
errors.append('Pick a longer email')
elif not re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email):
errors.append("That email doesn't look right")
else:
emails = Teams.query.filter_by(email=email).first()
if emails:
errors.append('That email has already been used')
if not password:
errors.append('Pick a longer password')
password = password_confirm = ''
elif len(password) > 128:
errors.append('Pick a shorter password')
password = password_confirm = ''
elif password != password_confirm:
errors.append("These passwords don't match")
password = password_confirm = ''
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if country not in countries.keys:
errors.append('Invalid country')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=name,
email=email,
password=password,
password_confirm=password_confirm,
website=website,
affiliation=affiliation,
country=country,
countries=countries)
else:
with app.app_context():
team = Teams(name, email.lower(), password, website,
affiliation, country)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn(
"[{0}] {1} registered (UNCONFIRMED) with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if can_send_mail(
): # We want to notify the user that they have registered.
sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template(
'register.html',
country='wo', # default: Multiple Countries
countries=countries)
def profile():
if utils.authed():
if request.method == "POST":
errors = []
name = request.form.get('name').strip()
email = request.form.get('email').strip()
website = request.form.get('website').strip()
affiliation = request.form.get('affiliation').strip()
country = request.form.get('country').strip()
user = Teams.query.filter_by(id=session['id']).first()
if not utils.get_config('prevent_name_change'):
names = Teams.query.filter_by(name=name).first()
name_len = len(request.form['name']) == 0
emails = Teams.query.filter_by(email=email).first()
valid_email = utils.check_email_format(email)
if utils.check_email_format(name) is True:
errors.append('Team name cannot be an email address')
if ('password' in request.form.keys() and not len(request.form['password']) == 0) and \
(not bcrypt_sha256.verify(request.form.get('confirm').strip(), user.password)):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if not utils.get_config(
'prevent_name_change'
) and names and name != session['username']:
errors.append('That team name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if not utils.get_config('prevent_name_change') and name_len:
errors.append('Pick a longer team name')
if website.strip() and not utils.validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
if team.name != name:
if not utils.get_config('prevent_name_change'):
team.name = name
session['username'] = team.name
if team.email != email.lower():
team.email = email.lower()
if utils.get_config('verify_emails'):
team.verified = False
if 'password' in request.form.keys() and not len(
request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(
request.form.get('password'))
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect(url_for('views.profile'))
else:
user = Teams.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
prevent_name_change = utils.get_config('prevent_name_change')
confirm_email = utils.get_config(
'verify_emails') and not user.verified
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
prevent_name_change=prevent_name_change,
confirm_email=confirm_email)
else:
return redirect(url_for('auth.login'))
def profile():
if authed():
team = Teams.query.filter_by(id=session['id']).first()
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
website = request.form.get('website', '')
affiliation = request.form.get('affiliation', '')
country = request.form.get('country')
if not get_config('prevent_name_change'):
if not name:
errors.append('Pick a longer team name')
else:
names = Teams.query.filter_by(name=name).first()
if names and name != team.name:
errors.append('That team name is already taken')
if not email:
errors.append('Pick a longer email')
elif not re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)",
email):
errors.append("That email doesn't look right")
else:
emails = Teams.query.filter_by(email=email).first()
if emails and emails.id != team.id:
errors.append('That email has already been used')
if request.form.get('new-password'):
if request.form.get('new-password') != request.form.get(
'new-password-confirm'):
errors.append("These passwords don't match")
elif not bcrypt_sha256.verify(
request.form.get('current-password'), team.password):
errors.append(
"Your old password doesn't match what we have")
if website and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if country not in countries.keys:
errors.append('Invalid country')
if len(errors) > 0:
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
countries=countries,
errors=errors)
else:
if not get_config('prevent_name_change') and team.name != name:
team.name = name
session['username'] = name
if team.email != email.lower():
team.email = email.lower()
if get_config('verify_emails'):
team.verified = False
if request.form.get('new-password'):
team.password = bcrypt_sha256.encrypt(
request.form['new-password'])
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect(url_for('views.profile'))
else:
name = team.name
email = team.email
website = team.website
affiliation = team.affiliation
country = team.country
prevent_name_change = get_config('prevent_name_change')
confirm_email = get_config('verify_emails') and not team.verified
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
countries=countries,
prevent_name_change=prevent_name_change,
confirm_email=confirm_email)
else:
return redirect(url_for('auth.login'))
def profile():
if authed():
if request.method == "POST":
errors = []
name = request.form.get("name")
email = request.form.get("email")
website = request.form.get("website")
affiliation = request.form.get("affiliation")
country = request.form.get("country")
user = Teams.query.filter_by(id=session["id"]).first()
if not get_config("prevent_name_change"):
names = Teams.query.filter_by(name=name).first()
name_len = len(request.form["name"]) == 0
emails = Teams.query.filter_by(email=email).first()
valid_email = re.match("[^@]+@[^@]+\.[^@]+", email)
if ("password" in request.form.keys() and not len(request.form["password"]) == 0) and (
not bcrypt_sha256.verify(request.form.get("confirm").strip(), user.password)
):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if not get_config("prevent_name_change") and names and name != session["username"]:
errors.append("That team name is already taken")
if emails and emails.id != session["id"]:
errors.append("That email has already been used")
if not get_config("prevent_name_change") and name_len:
errors.append("Pick a longer team name")
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template(
"profile.html",
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
errors=errors,
)
else:
team = Teams.query.filter_by(id=session["id"]).first()
if not get_config("prevent_name_change"):
team.name = name
team.email = email
session["username"] = team.name
if "password" in request.form.keys() and not len(request.form["password"]) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get("password"))
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect("/profile")
else:
user = Teams.query.filter_by(id=session["id"]).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
prevent_name_change = get_config("prevent_name_change")
return render_template(
"profile.html",
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
prevent_name_change=prevent_name_change,
)
else:
return redirect("/login")
def profile():
if authed():
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
schoolCode = request.form.get('schoolCode')
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
user = Teams.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
names = Teams.query.filter_by(name=name).first()
name_len = len(request.form['name']) == 0
emails = Teams.query.filter_by(email=email).first()
valid_email = re.match("[^@]+@[^@]+\.[^@]+", email)
if ('password' in request.form.keys() and not len(request.form['password']) == 0) and \
(not bcrypt_sha256.verify(request.form.get('confirm').strip(), user.password)):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if not get_config('prevent_name_change') and names and name!=session['username']:
errors.append('That team name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if not get_config('prevent_name_change') and name_len:
errors.append('Pick a longer team name')
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template('profile.html', name=name, email=email, schoolCode=schoolCode, website=website,
affiliation=affiliation, country=country, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
team.name = name
if team.email != email.lower():
team.email = email.lower()
if get_config('verify_emails'):
team.verified = False
session['username'] = team.name
if 'password' in request.form.keys() and not len(request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get('password'))
team.schoolCode = schoolCode
team.website = website
team.affiliation = affiliation
team.country = country
db.session.commit()
db.session.close()
return redirect(url_for('views.profile'))
else:
user = Teams.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
schoolCode = user.schoolCode
website = user.website
affiliation = user.affiliation
country = user.country
prevent_name_change = get_config('prevent_name_change')
confirm_email = get_config('verify_emails') and not user.verified
return render_template('profile.html', name=name, email=email, schoolCode=schoolCode, website=website, affiliation=affiliation,
country=country, prevent_name_change=prevent_name_change, confirm_email=confirm_email)
else:
return redirect(url_for('auth.login'))
def profile():
if utils.authed():
if request.method == "POST":
errors = []
name = request.form.get('name').strip()
email = request.form.get('email').strip()
website = request.form.get('website').strip()
affiliation = request.form.get('affiliation').strip()
country = request.form.get('country').strip()
member = request.form.get('member').strip()
number = request.form.get('number').strip()
print member,number
user = Teams.query.filter_by(id=session['id']).first()
if not utils.get_config('prevent_name_change'):
names = Teams.query.filter_by(name=name).first()
name_len = len(request.form['name']) == 0
emails = Teams.query.filter_by(email=email).first()
valid_email = utils.check_email_format(email)
if utils.check_email_format(name) is True:
errors.append(get_tip('EMAIL_NOT_TEAM'))
if ('password' in request.form.keys() and not len(request.form['password']) == 0) and \
(not bcrypt_sha256.verify(request.form.get('confirm').strip(), user.password)):
errors.append(get_tip('PASS_NOT_MATCH'))
if not valid_email:
errors.append(get_tip('INVIDE_EMAIL'))
if not utils.get_config('prevent_name_change') and names and name != session['username']:
errors.append(get_tip('TEAM_EXIST'))
if emails and emails.id != session['id']:
errors.append(get_tip('EMAIL_HAVE_USE'))
if not utils.get_config('prevent_name_change') and name_len:
errors.append(get_tip('TOO_SHORT_TEAM'))
if website.strip() and not utils.validate_url(website):
errors.append(get_tip('INVIDE_LINK_FORMAT'))
if len(errors) > 0:
return render_template('profile.html', name=name, email=email, website=website,
affiliation=affiliation, country=country,member=member, number=number, errors=errors)
else:
team = Teams.query.filter_by(id=session['id']).first()
if team.name != name:
if not utils.get_config('prevent_name_change'):
team.name = name
session['username'] = team.name
if team.email != email.lower():
team.email = email.lower()
if utils.get_config('verify_emails'):
team.verified = False
if 'password' in request.form.keys() and not len(request.form['password']) == 0:
team.password = bcrypt_sha256.encrypt(request.form.get('password'))
team.website = website
team.affiliation = affiliation
'''member info need lock '''
if not utils.get_config('prevent_name_change'):
team.country = country
team.member = member
team.number = number
db.session.commit()
db.session.close()
return redirect(url_for('views.profile'))
else:
user = Teams.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
member = user.member
number = user.number
prevent_name_change = utils.get_config('prevent_name_change')
confirm_email = utils.get_config('verify_emails') and not user.verified
return render_template('profile.html', name=name, email=email, website=website, affiliation=affiliation,
country=country,member=member,number=number, prevent_name_change=prevent_name_change, confirm_email=confirm_email)
else:
return redirect(url_for('auth.login'))
def team_management():
if authed():
user = Users.query.filter_by(id=session.get('id')).first_or_404()
if user.teamid: ## Already has team
s = Signer(app.config['SECRET_KEY'])
team = Teams.query.filter_by(id=user.teamid).first_or_404()
users = Users.query.filter_by(teamid=user.teamid)
secret = urllib.quote_plus(s.sign(str(team.id)).encode('base64'))
if request.method == "POST":
errors = []
if team.captain == user.id:
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
team.website = website
team.affiliation = affiliation
team.country = country
else:
errors.append(
'Only team captains can change this information.')
if errors:
return render_template('view_team.html',
team=team,
users=users,
secret=secret,
errors=errors)
db.session.commit()
db.session.close()
return redirect(url_for('views.team_management'))
else:
captain = False
if team.captain == user.id:
captain = True
return render_template('view_team.html',
team=team,
users=users,
secret=secret,
captain=captain)
else: ## Needs a team
if request.method == "POST":
name = request.form.get('name')
captain = session.get('id')
team = Teams.query.filter_by(name=name).first()
errors = []
if team:
errors.append('That team name is already taken')
t = Teams(name, captain)
if errors:
return render_template('create_team.html',
errors=errors,
team=t)
db.session.add(t)
db.session.flush()
user.teamid = t.id
db.session.commit()
db.session.close()
return redirect(url_for('views.team_management'))
else:
return render_template('create_team.html')
else:
return redirect(url_for('auth.login'))