def integrations(): if is_admin() or is_setup() is False: name = request.values.get("name") state = request.values.get("state") try: state = unserialize(state, max_age=3600) except (BadSignature, BadTimeSignature): state = False except Exception: state = False if state: if name == "mlc": mlc_client_id = request.values.get("mlc_client_id") mlc_client_secret = request.values.get("mlc_client_secret") set_config("oauth_client_id", mlc_client_id) set_config("oauth_client_secret", mlc_client_secret) return render_template("admin/integrations.html") else: abort(404) else: abort(403) else: abort(403)
def update_check(force=False): """ Makes a request to ctfd.io to check if there is a new version of CTFd available. The service is provided in return for users opting in to anonymous usage data collection. Users can opt-out of update checks by specifying UPDATE_CHECK = False in config.py :param force: :return: """ # If UPDATE_CHECK is disabled don't check for updates at all. if app.config.get("UPDATE_CHECK") is False: return # Don't do an update check if not setup if is_setup() is False: return # Get when we should check for updates next. next_update_check = get_config("next_update_check") or 0 # If we have passed our saved time or we are forcing we should check. update = (next_update_check < time.time()) or force if update: try: name = str(get_config("ctf_name")) or "" params = { "ctf_id": sha256(name), "current": app.VERSION, "python_version_raw": sys.hexversion, "python_version": python_version(), "db_driver": db.session.bind.dialect.name, "challenge_count": Challenges.query.count(), "user_mode": get_config("user_mode"), "user_count": Users.query.count(), "team_count": Teams.query.count(), "theme": get_config("ctf_theme"), "upload_provider": get_app_config("UPLOAD_PROVIDER"), "channel": app.CHANNEL, } check = requests.get("https://versioning.ctfd.io/check", params=params, timeout=3).json() except requests.exceptions.RequestException: pass except ValueError: pass else: try: latest = check["resource"]["tag"] html_url = check["resource"]["html_url"] if StrictVersion(latest) > StrictVersion(app.VERSION): set_config("version_latest", html_url) elif StrictVersion(latest) <= StrictVersion(app.VERSION): set_config("version_latest", None) next_update_check_time = check["resource"].get( "next", int(time.time() + 43200)) set_config("next_update_check", next_update_check_time) except KeyError: set_config("version_latest", None)
def update_check(force=False): """ Makes a request to ctfd.io to check if there is a new version of CTFd available. The service is provided in return for users opting in to anonymous usage data collection. Users can opt-out of update checks by specifying UPDATE_CHECK = False in config.py :param force: :return: """ # If UPDATE_CHECK is disabled don't check for updates at all. if app.config.get('UPDATE_CHECK') is False: return # Don't do an update check if not setup if is_setup() is False: return # Get when we should check for updates next. next_update_check = get_config('next_update_check') or 0 # If we have passed our saved time or we are forcing we should check. update = (next_update_check < time.time()) or force if update: try: name = str(get_config('ctf_name')) or '' params = { 'ctf_id': sha256(name), 'current': app.VERSION, 'python_version_raw': sys.hexversion, 'python_version': python_version(), 'db_driver': db.session.bind.dialect.name, 'challenge_count': Challenges.query.count(), 'user_mode': get_config('user_mode'), 'user_count': Users.query.count(), 'team_count': Teams.query.count(), 'theme': get_config('ctf_theme'), 'upload_provider': get_app_config('UPLOAD_PROVIDER') } check = requests.post('https://versioning.ctfd.io/', json=params, timeout=0.1).json() except requests.exceptions.RequestException as e: pass except ValueError as e: pass else: try: latest = check['resource']['tag'] html_url = check['resource']['html_url'] if StrictVersion(latest) > StrictVersion(app.VERSION): set_config('version_latest', html_url) elif StrictVersion(latest) <= StrictVersion(app.VERSION): set_config('version_latest', None) next_update_check_time = check['resource'].get( 'next', int(time.time() + 43200)) set_config('next_update_check', next_update_check_time) except KeyError: set_config('version_latest', None)
def needs_setup(): if is_setup() is False: if request.endpoint in ( "views.setup", "views.integrations", "views.themes", ): return else: return redirect(url_for("views.setup"))
def setup(): errors = get_errors() if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": # General ctf_name = request.form.get("ctf_name") ctf_description = request.form.get("ctf_description") user_mode = request.form.get("user_mode", USERS_MODE) set_config("ctf_name", ctf_name) set_config("ctf_description", ctf_description) set_config("user_mode", user_mode) # Style ctf_logo = request.files.get("ctf_logo") if ctf_logo: f = upload_file(file=ctf_logo) set_config("ctf_logo", f.location) ctf_small_icon = request.files.get("ctf_small_icon") if ctf_small_icon: f = upload_file(file=ctf_small_icon) set_config("ctf_small_icon", f.location) theme = request.form.get("ctf_theme", DEFAULT_THEME) set_config("ctf_theme", theme) theme_color = request.form.get("theme_color") theme_header = get_config("theme_header") if theme_color and bool(theme_header) is False: # Uses {{ and }} to insert curly braces while using the format method css = ( '<style id="theme-color">\n' ":root {{--theme-color: {theme_color};}}\n" ".navbar{{background-color: var(--theme-color) !important;}}\n" ".jumbotron{{background-color: var(--theme-color) !important;}}\n" "</style>\n" ).format(theme_color=theme_color) set_config("theme_header", css) # DateTime start = request.form.get("start") end = request.form.get("end") set_config("start", start) set_config("end", end) set_config("freeze", None) # Administration name = request.form["name"] email = request.form["email"] password = request.form["password"] name_len = len(name) == 0 names = Users.query.add_columns("name", "id").filter_by(name=name).first() emails = ( Users.query.add_columns("email", "id").filter_by(email=email).first() ) pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form["email"]) team_name_email_check = validators.validate_email(name) if not valid_email: errors.append("Please enter a valid email address") if names: errors.append("That user name is already taken") if team_name_email_check is True: errors.append("Your user name cannot be an email address") if emails: errors.append("That email has already been used") if pass_short: errors.append("Pick a longer password") if pass_long: errors.append("Pick a shorter password") if name_len: errors.append("Pick a longer user name") if len(errors) > 0: return render_template( "setup.html", errors=errors, name=name, email=email, password=password, state=serialize(generate_nonce()), ) admin = Admins( name=name, email=email, password=password, type="admin", hidden=True ) # Create an empty index page page = Pages(title=None, route="index", content="", draft=False) # Upload banner default_ctf_banner_location = url_for("views.themes", path="img/logo.png") ctf_banner = request.files.get("ctf_banner") if ctf_banner: f = upload_file(file=ctf_banner, page_id=page.id) default_ctf_banner_location = url_for("views.files", path=f.location) # Splice in our banner index = f"""<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="{default_ctf_banner_location}" /> <h3 class="text-center"> <p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p> <p>Follow us on social media:</p> <a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a> <a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a> <a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""" page.content = index # Visibility set_config( ConfigTypes.CHALLENGE_VISIBILITY, ChallengeVisibilityTypes.PRIVATE ) set_config( ConfigTypes.REGISTRATION_VISIBILITY, RegistrationVisibilityTypes.PUBLIC ) set_config(ConfigTypes.SCORE_VISIBILITY, ScoreVisibilityTypes.PUBLIC) set_config(ConfigTypes.ACCOUNT_VISIBILITY, AccountVisibilityTypes.PUBLIC) # Verify emails set_config("verify_emails", None) set_config("mail_server", None) set_config("mail_port", None) set_config("mail_tls", None) set_config("mail_ssl", None) set_config("mail_username", None) set_config("mail_password", None) set_config("mail_useauth", None) # Set up default emails set_config("verification_email_subject", DEFAULT_VERIFICATION_EMAIL_SUBJECT) set_config("verification_email_body", DEFAULT_VERIFICATION_EMAIL_BODY) set_config( "successful_registration_email_subject", DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_SUBJECT, ) set_config( "successful_registration_email_body", DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_BODY, ) set_config( "user_creation_email_subject", DEFAULT_USER_CREATION_EMAIL_SUBJECT ) set_config("user_creation_email_body", DEFAULT_USER_CREATION_EMAIL_BODY) set_config("password_reset_subject", DEFAULT_PASSWORD_RESET_SUBJECT) set_config("password_reset_body", DEFAULT_PASSWORD_RESET_BODY) set_config( "password_change_alert_subject", "Password Change Confirmation for {ctf_name}", ) set_config( "password_change_alert_body", ( "Your password for {ctf_name} has been changed.\n\n" "If you didn't request a password change you can reset your password here: {url}" ), ) set_config("setup", True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) try: return render_template("setup.html", state=serialize(generate_nonce())) except TemplateNotFound: # Set theme to default and try again set_config("ctf_theme", DEFAULT_THEME) return render_template("setup.html", state=serialize(generate_nonce())) return redirect(url_for("views.static_html"))
def needs_setup(): if request.path == url_for('views.setup') or request.path.startswith( '/themes'): return if not is_setup(): return redirect(url_for('views.setup'))
def setup(): errors = get_errors() if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": # General ctf_name = request.form.get("ctf_name") ctf_description = request.form.get("ctf_description") user_mode = request.form.get("user_mode", USERS_MODE) set_config("ctf_name", ctf_name) set_config("ctf_description", ctf_description) set_config("user_mode", user_mode) # Style theme = request.form.get("ctf_theme", "core") set_config("ctf_theme", theme) theme_color = request.form.get("theme_color") if theme_color: # Uses {{ and }} to insert curly braces while using the format method css = ( ":root {{--theme-color: {theme_color};}}\n" ".navbar{{background-color: var(--theme-color) !important;}}\n" ".jumbotron{{background-color: var(--theme-color) !important;}}\n" ).format(theme_color=theme_color) set_config("css", css) # DateTime start = request.form.get("start") end = request.form.get("end") set_config("start", start) set_config("end", end) set_config("freeze", None) # Administration name = request.form["name"] email = request.form["email"] password = request.form["password"] name_len = len(name) == 0 names = Users.query.add_columns("name", "id").filter_by(name=name).first() emails = (Users.query.add_columns( "email", "id").filter_by(email=email).first()) pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form["email"]) team_name_email_check = validators.validate_email(name) if not valid_email: errors.append("Please enter a valid email address") if names: errors.append("That user name is already taken") if team_name_email_check is True: errors.append("Your user name cannot be an email address") if emails: errors.append("That email has already been used") if pass_short: errors.append("Pick a longer password") if pass_long: errors.append("Pick a shorter password") if name_len: errors.append("Pick a longer user name") if len(errors) > 0: return render_template( "setup.html", errors=errors, name=name, email=email, password=password, state=serialize(generate_nonce()), ) admin = Admins(name=name, email=email, password=password, type="admin", hidden=True) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p> <p>Follow us on social media:</p> <a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a> <a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a> <a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""".format(request.script_root) page = Pages(title=None, route="index", content=index, draft=False) # Visibility set_config("challenge_visibility", "private") set_config("registration_visibility", "public") set_config("score_visibility", "public") set_config("account_visibility", "public") # Verify emails set_config("verify_emails", None) set_config("mail_server", None) set_config("mail_port", None) set_config("mail_tls", None) set_config("mail_ssl", None) set_config("mail_username", None) set_config("mail_password", None) set_config("mail_useauth", None) set_config("setup", True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) return render_template( "setup.html", nonce=session.get("nonce"), state=serialize(generate_nonce()), themes=config.get_themes(), ) return redirect(url_for("views.static_html"))
def setup(): if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": ctf_name = request.form["ctf_name"] set_config("ctf_name", ctf_name) # CSS set_config("start", "") # Admin user name = request.form["name"] email = request.form["email"] password = request.form["password"] admin = Admins(name=name, email=email, password=password, type="admin", hidden=True) user_mode = request.form["user_mode"] set_config("user_mode", user_mode) # Index page index = """<div class="section section-hero" id="home" style="background-image: url('/themes/H1ve-theme/static/img/bg.jpg'); background-position: 10% 50%"> <div class="section-inner"> <div class="table-container-outer container"> <div class="table-container-inner"> <div data-0="transform[swing]:translateY(0px);opacity[swing]:1" data-250="transform[swing]:translateY(-50px);opacity[swing]:0"> <img class="img-responsive ctf_logo" src="/themes/H1ve-theme/static/img/h1ve.png" height="150px" width="150px" alt="H1ve-Logo"> <h1 class="hero-header" data-150="transform[swing]:translateX(0px);opacity[swing]:1" data-550="transform[swing]:translateX(-25px);opacity[swing]:0">D0g3 <strong class="main-color">Lab</strong></h1> <h2 class="hero-subheader" data-200="transform[swing]:translateX(0px);opacity[swing]:1" data-500="transform[swing]:translateX(25px);opacity[swing]:0">CTF <strong class="main-color">Online</strong></h2> <div data-250="transform[swing]:translateY(0px);opacity[swing]:1" data-550="transform[swing]:translateY(-15px);opacity[swing]:0"> <div class="divider">//</div> </div> <div data-350="transform[swing]:translateY(0px);opacity[swing]:1" data-650="transform[swing]:translateY(-15px);opacity[swing]:0"> <p class="">收集各类自创/大型CTF比赛赛题,提供容器化专属题目环境,供广大CTF爱好者学习。</p> <p class="">如有侵权,或题目问题请电联<a href="mailto:[email protected]">[email protected]</a></p> </div> <div> <p> </p> </div> <p> © 2019 <a href="https://www.d0g3.cn">D0g3</a> | 道之若极,行必有格 | Power By <a href="https://github.com/D0g3-Lab/H1ve/">H1ve</a></p> </div> </div> <div class="scroll-icon visible-lg" data-600="opacity[swing]:1" data-850="opacity[swing]:0"> <span class="icon icon-basic-magic-mouse"></span> </div> </div> </div> </div>""".format(request.script_root) page = Pages(title=None, route="index", content=index, draft=False) # Visibility set_config("challenge_visibility", "private") set_config("registration_visibility", "public") set_config("score_visibility", "public") set_config("account_visibility", "public") # Start time set_config("start", None) set_config("end", None) set_config("freeze", None) # Verify emails set_config("verify_emails", None) set_config("mail_server", None) set_config("mail_port", None) set_config("mail_tls", None) set_config("mail_ssl", None) set_config("mail_username", None) set_config("mail_password", None) set_config("mail_useauth", None) set_config("setup", True) # add h1ve-theme as default theme set_config("ctf_theme", "H1ve-theme") try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) return render_template("setup.html", nonce=session.get("nonce")) return redirect(url_for("views.static_html"))
def setup(): errors = get_errors() if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": # General ctf_name = request.form.get("ctf_name") ctf_description = request.form.get("ctf_description") user_mode = request.form.get("user_mode", USERS_MODE) set_config("ctf_name", ctf_name) set_config("ctf_description", ctf_description) set_config("user_mode", user_mode) # Style theme = request.form.get("ctf_theme", "core") set_config("ctf_theme", theme) theme_color = request.form.get("theme_color") theme_header = get_config("theme_header") if theme_color and bool(theme_header) is False: # Uses {{ and }} to insert curly braces while using the format method css = ( '<style id="theme-color">\n' ":root {{--theme-color: {theme_color};}}\n" ".navbar{{background-color: var(--theme-color) !important;}}\n" ".jumbotron{{background-color: var(--theme-color) !important;}}\n" "</style>\n" ).format(theme_color=theme_color) set_config("theme_header", css) # DateTime start = request.form.get("start") end = request.form.get("end") set_config("start", start) set_config("end", end) set_config("freeze", None) # Administration name = request.form["name"] email = request.form["email"] password = request.form["password"] name_len = len(name) == 0 names = Users.query.add_columns("name", "id").filter_by(name=name).first() emails = ( Users.query.add_columns("email", "id").filter_by(email=email).first() ) pass_short = len(password) == 0 pass_long = len(password) > 128 valid_email = validators.validate_email(request.form["email"]) team_name_email_check = validators.validate_email(name) if not valid_email: errors.append("Please enter a valid email address") if names: errors.append("That user name is already taken") if team_name_email_check is True: errors.append("Your user name cannot be an email address") if emails: errors.append("That email has already been used") if pass_short: errors.append("Pick a longer password") if pass_long: errors.append("Pick a shorter password") if name_len: errors.append("Pick a longer user name") if len(errors) > 0: return render_template( "setup.html", errors=errors, name=name, email=email, password=password, state=serialize(generate_nonce()), ) admin = Admins( name=name, email=email, password=password, type="admin", hidden=True ) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>CTF</p> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""".format( request.script_root ) page = Pages(title=None, route="index", content=index, draft=False) # Visibility set_config("challenge_visibility", "private") set_config("registration_visibility", "public") set_config("score_visibility", "public") set_config("account_visibility", "public") # Verify emails set_config("verify_emails", None) set_config("mail_server", None) set_config("mail_port", None) set_config("mail_tls", None) set_config("mail_ssl", None) set_config("mail_username", None) set_config("mail_password", None) set_config("mail_useauth", None) # Set up default emails set_config("verification_email_subject", DEFAULT_VERIFICATION_EMAIL_SUBJECT) set_config("verification_email_body", DEFAULT_VERIFICATION_EMAIL_BODY) set_config( "successful_registration_email_subject", DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_SUBJECT, ) set_config( "successful_registration_email_body", DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_BODY, ) set_config( "user_creation_email_subject", DEFAULT_USER_CREATION_EMAIL_SUBJECT ) set_config("user_creation_email_body", DEFAULT_USER_CREATION_EMAIL_BODY) set_config("password_reset_subject", DEFAULT_PASSWORD_RESET_SUBJECT) set_config("password_reset_body", DEFAULT_PASSWORD_RESET_BODY) set_config( "password_change_alert_subject", "Password Change Confirmation for {ctf_name}", ) set_config( "password_change_alert_body", ( "Your password for {ctf_name} has been changed.\n\n" "If you didn't request a password change you can reset your password here: {url}" ), ) set_config("setup", True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) return render_template( "setup.html", nonce=session.get("nonce"), state=serialize(generate_nonce()), themes=config.get_themes(), ) return redirect(url_for("views.static_html"))
def setup(): if not config.is_setup(): if not session.get('nonce'): session['nonce'] = generate_nonce() if request.method == 'POST': ctf_name = request.form['ctf_name'] set_config('ctf_name', ctf_name) # CSS set_config('start', '') # Admin user name = request.form['name'] email = request.form['email'] password = request.form['password'] admin = Admins(name=name, email=email, password=password, type='admin', hidden=True) user_mode = request.form['user_mode'] set_config('user_mode', user_mode) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p> <p>Follow us on social media:</p> <a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a> <a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a> <a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""".format(request.script_root) page = Pages(title=None, route='index', content=index, draft=False) # Visibility set_config('challenge_visibility', 'private') set_config('registration_visibility', 'public') set_config('score_visibility', 'public') set_config('account_visibility', 'public') # Start time set_config('start', None) set_config('end', None) set_config('freeze', None) # Verify emails set_config('verify_emails', None) set_config('mail_server', None) set_config('mail_port', None) set_config('mail_tls', None) set_config('mail_ssl', None) set_config('mail_username', None) set_config('mail_password', None) set_config('mail_useauth', None) setup = set_config('setup', True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for('views.static_html')) return render_template('setup.html', nonce=session.get('nonce')) return redirect(url_for('views.static_html'))
def setup(): if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": ctf_name = request.form["ctf_name"] set_config("ctf_name", ctf_name) # CSS set_config("start", "") # Admin user name = request.form["name"] email = request.form["email"] password = request.form["password"] admin = Admins(name=name, email=email, password=password, type="admin", hidden=True) user_mode = request.form["user_mode"] set_config("user_mode", user_mode) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>A HACKEREARTH CTF platform</p> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""".format(request.script_root) page = Pages(title=None, route="index", content=index, draft=False) # Visibility set_config("challenge_visibility", "private") set_config("registration_visibility", "public") set_config("score_visibility", "public") set_config("account_visibility", "public") # Start time set_config("start", None) set_config("end", None) set_config("freeze", None) # Verify emails set_config("verify_emails", None) set_config("mail_server", None) set_config("mail_port", None) set_config("mail_tls", None) set_config("mail_ssl", None) set_config("mail_username", None) set_config("mail_password", None) set_config("mail_useauth", None) set_config("setup", True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) return render_template("setup.html", nonce=session.get("nonce")) return redirect(url_for("views.static_html"))
def setup(): if not config.is_setup(): if not session.get('nonce'): session['nonce'] = generate_nonce() if request.method == 'POST': ctf_name = request.form['ctf_name'] set_config('ctf_name', ctf_name) # CSS set_config('start', '') # Admin user name = request.form['name'] email = request.form['email'] password = request.form['password'] admin = Admins(name=name, email=email, password=password, type='admin', hidden=True) user_mode = request.form['user_mode'] set_config('user_mode', user_mode) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="https://californiactf.com/images/logo-cyber.png" /> <h3 class="text-center"> <p>Find our Beginner's Guide <a href="https://tinyurl.com/beginCTF"><strong>here</strong></a></p> <p>Follow us on social media:</p> <a href="https://www.facebook.com/events/2336033789966986/"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a> <a href="https://discord.gg/8sPVZRb"><i class="fab fa-discord fa-2x" aria-hidden="true"></i></a> </h3> </div> </div>""" page = Pages(title=None, route='index', content=index, draft=False) # Visibility set_config('challenge_visibility', 'private') set_config('registration_visibility', 'public') set_config('score_visibility', 'public') set_config('account_visibility', 'public') # Start time set_config('start', None) set_config('end', None) set_config('freeze', None) # Verify emails set_config('verify_emails', None) set_config('mail_server', None) set_config('mail_port', None) set_config('mail_tls', None) set_config('mail_ssl', None) set_config('mail_username', None) set_config('mail_password', None) set_config('mail_useauth', None) setup = set_config('setup', True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for('views.static_html')) return render_template('setup.html', nonce=session.get('nonce')) return redirect(url_for('views.static_html'))
def setup(): if not config.is_setup(): if not session.get("nonce"): session["nonce"] = generate_nonce() if request.method == "POST": ctf_name = request.form["ctf_name"] set_config("ctf_name", ctf_name) # CSS set_config("start", "") # Admin user name = request.form["name"] password = request.form["password"] admin = Admins( name=name, password=password, type="admin", hidden=True ) user_mode = request.form["user_mode"] set_config("user_mode", user_mode) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p> <p>Follow us on social media:</p> <a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a> <a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a> <a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a> </h3> <br> <h4 class="text-center"> <a href="admin">Click here</a> to login and setup your CTF </h4> </div> </div>""".format( request.script_root ) page = Pages(title=None, route="index", content=index, draft=False) # Visibility set_config("challenge_visibility", "private") set_config("registration_visibility", "public") set_config("score_visibility", "public") set_config("account_visibility", "public") # Start time set_config("start", None) set_config("end", None) set_config("freeze", None) set_config("setup", True) secret = Challenges(name='__SECRET__', value=500, type='standard', state='hidden') try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(secret) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for("views.static_html")) return render_template("setup.html", nonce=session.get("nonce")) return redirect(url_for("views.static_html"))
def mlc(): if get_app_config("OAUTH_PROVIDER") != "mlc": return False if not is_setup(): return True return get_config("oauth_client_id") and get_config("oauth_client_secret")
def setup(): if not config.is_setup(): if not session.get('nonce'): session['nonce'] = generate_nonce() if request.method == 'POST': ctf_name = request.form['ctf_name'] set_config('ctf_name', ctf_name) # CSS set_config('start', '') # Admin user name = request.form['name'] email = request.form['email'] password = request.form['password'] admin = Admins(name=name, email=email, password=password, type='admin', hidden=True) user_mode = request.form['user_mode'] set_config('user_mode', user_mode) # Index page index = """<div class="row"> <div class="col-md-6 offset-md-3"> <img id="img-logo" class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" /> <h3 class="text-center"> <p>NAVY CYBER CONTEST 2019</p> </h3> <br> </div> </div>""".format(request.script_root) page = Pages(title=None, route='index', content=index, draft=False) # Visibility set_config('challenge_visibility', 'private') set_config('registration_visibility', 'public') set_config('score_visibility', 'public') set_config('account_visibility', 'public') # Start time set_config('start', None) set_config('end', None) set_config('freeze', None) # Verify emails set_config('verify_emails', None) set_config('mail_server', None) set_config('mail_port', None) set_config('mail_tls', None) set_config('mail_ssl', None) set_config('mail_username', None) set_config('mail_password', None) set_config('mail_useauth', None) set_config('setup', True) try: db.session.add(admin) db.session.commit() except IntegrityError: db.session.rollback() try: db.session.add(page) db.session.commit() except IntegrityError: db.session.rollback() login_user(admin) db.session.close() app.setup = False with app.app_context(): cache.clear() return redirect(url_for('views.static_html')) return render_template('setup.html', nonce=session.get('nonce')) return redirect(url_for('views.static_html'))
def needs_setup(): return if request.path == url_for("views.setup") or request.path.startswith("/themes"): return if not is_setup(): return redirect(url_for("views.setup"))