def tracker():
if request.endpoint == "views.themes":
return
if authed():
user_ips = get_current_user_recent_ips()
ip = get_ip()
track = None
if (ip not in user_ips) or (request.method != "GET"):
track = Tracking.query.filter_by(
ip=get_ip(), user_id=session["id"]).first()
if track:
track.date = datetime.datetime.utcnow()
else:
track = Tracking(ip=get_ip(), user_id=session["id"])
db.session.add(track)
if track:
try:
db.session.commit()
except (InvalidRequestError, IntegrityError):
db.session.rollback()
db.session.close()
logout_user()
else:
clear_user_recent_ips(user_id=session["id"])
def reset():
if request.method == "POST":
require_setup = False
logout = False
next_url = url_for("admin.statistics")
data = request.form
if data.get("pages"):
_pages = Pages.query.all()
for p in _pages:
for f in p.files:
delete_file(file_id=f.id)
Pages.query.delete()
if data.get("notifications"):
Notifications.query.delete()
if data.get("challenges"):
_challenges = Challenges.query.all()
for c in _challenges:
for f in c.files:
delete_file(file_id=f.id)
Challenges.query.delete()
if data.get("accounts"):
Users.query.delete()
Teams.query.delete()
require_setup = True
logout = True
if data.get("submissions"):
Solves.query.delete()
Submissions.query.delete()
Awards.query.delete()
Unlocks.query.delete()
Tracking.query.delete()
if require_setup:
set_config("setup", False)
cache.clear()
logout_user()
next_url = url_for("views.setup")
db.session.commit()
clear_pages()
clear_standings()
clear_config()
if logout is True:
cache.clear()
logout_user()
db.session.close()
return redirect(next_url)
return render_template("admin/reset.html")
def get_current_user():
if authed():
user = Users.query.filter_by(id=session["id"]).first()
# Check if the session is still valid
session_hash = session.get("hash")
if session_hash:
if session_hash != hmac(user.password):
logout_user()
abort(redirect(url_for("auth.login", next=request.full_path)))
return user
else:
return None
def reset():
if request.method == 'POST':
# Truncate Users, Teams, Submissions, Solves, Notifications, Awards, Unlocks, Tracking
Tracking.query.delete()
Solves.query.delete()
Submissions.query.delete()
Awards.query.delete()
Unlocks.query.delete()
Users.query.delete()
Teams.query.delete()
set_config('setup', False)
db.session.commit()
cache.clear()
logout_user()
db.session.close()
return redirect(url_for('views.setup'))
return render_template('admin/reset.html')
def tracker():
if request.endpoint == "views.themes":
return
if authed():
track = Tracking.query.filter_by(ip=get_ip(),
user_id=session["id"]).first()
if not track:
visit = Tracking(ip=get_ip(), user_id=session["id"])
db.session.add(visit)
else:
track.date = datetime.datetime.utcnow()
try:
db.session.commit()
except (InvalidRequestError, IntegrityError):
db.session.rollback()
logout_user()
if authed():
user = get_current_user()
team = get_current_team()
#level = get_level()
if request.path.startswith("/themes") is False:
if user and user.banned:
return (
render_template(
"errors/403.html",
error="You have been banned from this CTF",
),
403,
)
if team and team.banned:
return (
render_template(
"errors/403.html",
error="Your team has been banned from this CTF",
),
403,
)
db.session.close()
def logout():
if current_user.authed():
logout_user()
return redirect(url_for("views.static_html"))
def logout():
if current_user.authed():
logout_user()
return {"success": True, "data": None}
