def attempts():
chals = Challenges.query.add_columns('id').all()
json = {'maxattempts':[]}
for chal, chalid in chals:
fails = WrongKeys.query.filter_by(userid=session['id'], chalid=chalid).count()
if fails >= int(get_config("max_tries")) and int(get_config("max_tries")) > 0:
json['maxattempts'].append({'chalid':chalid})
return jsonify(json)
def attempts():
chals = Challenges.query.add_columns('id').all()
json = {'maxattempts': []}
for chal, chalid in chals:
fails = WrongKeys.query.filter_by(userid=session['id'],
chalid=chalid).count()
if fails >= int(get_config("max_tries")) and int(
get_config("max_tries")) > 0:
json['maxattempts'].append({'chalid': chalid})
return jsonify(json)
def user(userid):
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
user = Users.query.filter_by(id=userid).first_or_404()
solves = Solves.query.filter_by(userid=userid)
awards = Awards.query.filter_by(userid=userid).all()
score = user.score()
place = user.place()
db.session.close()
if request.method == 'GET':
return render_template('user.html',
solves=solves,
awards=awards,
user=user,
score=score,
place=place)
elif request.method == 'POST':
json = {'solves': []}
for x in solves:
json['solves'].append({
'id': x.id,
'chal': x.chalid,
'user': x.userid
})
return jsonify(json)
def admin_pages(route):
if request.method == 'GET' and request.args.get('mode') == 'create':
return render_template('admin/editor.html')
if route and request.method == 'GET':
page = Pages.query.filter_by(route=route).first()
return render_template('admin/editor.html', page=page)
if route and request.method == 'POST':
page = Pages.query.filter_by(route=route).first()
errors = []
html = request.form['html']
route = request.form['route']
if not route:
errors.append('Missing URL route')
if errors:
page = Pages(html, "")
return render_template('/admin/editor.html', page=page)
if page:
page.route = route
page.html = html
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_pages'))
page = Pages(route, html)
db.session.add(page)
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_pages'))
pages = Pages.query.all()
return render_template('admin/pages.html', routes=pages, css=get_config('css'))
def admin_pages(route):
if request.method == 'GET' and request.args.get('mode') == 'create':
return render_template('admin/editor.html')
if route and request.method == 'GET':
page = Pages.query.filter_by(route=route).first()
return render_template('admin/editor.html', page=page)
if route and request.method == 'POST':
page = Pages.query.filter_by(route=route).first()
errors = []
html = request.form['html']
route = request.form['route']
if not route:
errors.append('Missing URL route')
if errors:
page = Pages(html, "")
return render_template('/admin/editor.html', page=page)
if page:
page.route = route
page.html = html
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_pages'))
page = Pages(route, html)
db.session.add(page)
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_pages'))
pages = Pages.query.all()
return render_template('admin/pages.html',
routes=pages,
css=get_config('css'))
def topusers(count):
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
try:
count = int(count)
except:
count = 10
if count > 20 or count < 0:
count = 10
json = {'scores': {}}
standings = get_standings(count=count)
for user in standings:
solves = Solves.query.filter_by(userid=user.userid).all()
awards = Awards.query.filter_by(userid=user.userid).all()
json['scores'][user.name] = []
scores = []
for x in solves:
json['scores'][user.name].append({
'chal': x.chalid,
'user': x.userid,
'value': x.chal.value,
'time': unix_time(x.date)
})
for award in awards:
json['scores'][user.name].append({
'chal': None,
'user': award.userid,
'value': award.value,
'time': unix_time(award.date)
})
json['scores'][user.name] = sorted(json['scores'][user.name],
key=lambda k: k['time'])
return jsonify(json)
def topusers(count):
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
try:
count = int(count)
except:
count = 10
if count > 20 or count < 0:
count = 10
json = {'scores':{}}
standings = get_standings(count=count)
for user in standings:
solves = Solves.query.filter_by(userid=user.userid).all()
awards = Awards.query.filter_by(userid=user.userid).all()
json['scores'][user.name] = []
scores = []
for x in solves:
json['scores'][user.name].append({
'chal': x.chalid,
'user': x.userid,
'value': x.chal.value,
'time': unix_time(x.date)
})
for award in awards:
json['scores'][user.name].append({
'chal': None,
'user': award.userid,
'value': award.value,
'time': unix_time(award.date)
})
json['scores'][user.name] = sorted(json['scores'][user.name], key=lambda k: k['time'])
return jsonify(json)
def scores():
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
standings = get_standings()
json = {'standings':[]}
for i, x in enumerate(standings):
json['standings'].append({'pos':i+1, 'id':x.userid, 'user':x.name,'score':int(x.score)})
return jsonify(json)
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Users.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That user name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer user name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
user = Users(name, email.lower(), password)
db.session.add(user)
db.session.commit()
db.session.flush()
session['username'] = user.name
session['id'] = user.id
session['admin'] = user.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config('verify_emails'):
verify_email(user.email)
else:
if can_send_mail():
sendmail(request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def challenges_view():
if not is_admin():
if not ctftime():
if view_after_ctf():
pass
else:
return redirect(url_for('views.static_html'))
if get_config('verify_emails') and not is_verified():
return redirect(url_for('auth.confirm_user'))
if can_view_challenges():
return render_template('chals.html', ctftime=ctftime())
else:
return redirect(url_for('auth.login', next='challenges'))
def challenges_view():
if not is_admin():
if not ctftime():
if view_after_ctf():
pass
else:
return redirect(url_for('views.static_html'))
if get_config('verify_emails') and not is_verified():
return redirect(url_for('auth.confirm_user'))
if can_view_challenges():
return render_template('chals.html', ctftime=ctftime())
else:
return redirect(url_for('auth.login', next='challenges'))
def scores():
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
standings = get_standings()
json = {'standings': []}
for i, x in enumerate(standings):
json['standings'].append({
'pos': i + 1,
'id': x.userid,
'user': x.name,
'score': int(x.score)
})
return jsonify(json)
def users(page):
page = abs(int(page))
results_per_page = 50
page_start = results_per_page * (page - 1)
page_end = results_per_page * (page - 1) + results_per_page
if get_config('verify_emails'):
users = Users.query.filter_by(verified=True).slice(
page_start, page_end).all()
else:
users = Users.query.slice(page_start, page_end).all()
count = len(users)
pages = int(count / results_per_page) + (count % results_per_page > 0)
return render_template('users.html',
users=users,
user_pages=pages,
curr_page=page)
def confirm_user(data=None):
if not get_config('verify_emails'):
return redirect(url_for('challenges.challenges_view'))
if data and request.method == "GET": ## User is confirming email account
try:
s = Signer(app.config['SECRET_KEY'])
email = s.unsign(data.decode('base64'))
except BadSignature:
return render_template('confirm.html', errors=['Your confirmation link seems wrong'])
user = Users.query.filter_by(email=email).first()
user.verified = True
db.session.commit()
db.session.close()
if authed():
return redirect(url_for('challenges.challenges_view'))
return redirect(url_for('auth.login'))
if not data and request.method == "GET": ## User has been directed to the confirm page because his account is not verified
user = Users.query.filter_by(id=session['id']).first()
if user.verified:
return redirect(url_for('views.profile'))
return render_template('confirm.html', user=user)
def confirm_user(data=None):
if not get_config('verify_emails'):
return redirect(url_for('challenges.challenges_view'))
if data and request.method == "GET": ## User is confirming email account
try:
s = Signer(app.config['SECRET_KEY'])
email = s.unsign(data.decode('base64'))
except BadSignature:
return render_template(
'confirm.html', errors=['Your confirmation link seems wrong'])
user = Users.query.filter_by(email=email).first()
user.verified = True
db.session.commit()
db.session.close()
if authed():
return redirect(url_for('challenges.challenges_view'))
return redirect(url_for('auth.login'))
if not data and request.method == "GET": ## User has been directed to the confirm page because his account is not verified
user = Users.query.filter_by(id=session['id']).first()
if user.verified:
return redirect(url_for('views.profile'))
return render_template('confirm.html', user=user)
def custom_css():
return Response(get_config("css"), mimetype='text/css')
def chal(chalid):
if not ctftime():
return redirect(url_for('challenges.challenges_view'))
if authed():
fails = WrongKeys.query.filter_by(userid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return "3" # Submitting too fast
return jsonify({
'status':
'3',
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(userid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
# Hit max attempts
max_tries = int(get_config("max_tries"))
if fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip(
).lower():
solve = Solves(chalid=chalid,
userid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid,
userid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({
'status':
'0',
'message':
'Incorrect. You have {} {} remaining.'.format(
attempts_left, tries_str)
})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return "2" # challenge was already solved
return jsonify({
'status': '2',
'message': 'You already solved this'
})
else:
return "-1"
def scoreboard_view():
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
standings = get_standings()
return render_template('scoreboard.html', users=standings)
def admin_config():
if request.method == "POST":
start = None
end = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if end < unix_time(datetime.datetime.now()):
end = None
try:
view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(request.form.get('view_scoreboard_if_authed', None))
prevent_registration = bool(request.form.get('prevent_registration', None))
prevent_name_change = bool(request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
finally:
view_challenges_unregistered = set_config('view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = set_config('view_scoreboard_if_authed', view_scoreboard_if_authed)
prevent_registration = set_config('prevent_registration', prevent_registration)
prevent_name_change = set_config('prevent_name_change', prevent_name_change)
view_after_ctf = set_config('view_after_ctf', view_after_ctf)
verify_emails = set_config('verify_emails', verify_emails)
mail_tls = set_config('mail_tls', mail_tls)
mail_ssl = set_config('mail_ssl', mail_ssl)
mail_server = set_config("mail_server", request.form.get('mail_server', None))
mail_port = set_config("mail_port", request.form.get('mail_port', None))
mail_username = set_config("mail_username", request.form.get('mail_username', None))
mail_password = set_config("mail_password", request.form.get('mail_password', None))
ctf_name = set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = set_config("ctf_theme", request.form.get('ctf_theme', None))
mg_base_url = set_config("mg_base_url", request.form.get('mg_base_url', None))
mg_api_key = set_config("mg_api_key", request.form.get('mg_api_key', None))
max_tries = set_config("max_tries", request.form.get('max_tries', None))
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_config'))
ctf_name = get_config('ctf_name')
ctf_theme = get_config('ctf_theme')
max_tries = get_config('max_tries')
mail_server = get_config('mail_server')
mail_port = get_config('mail_port')
mail_username = get_config('mail_username')
mail_password = get_config('mail_password')
mg_api_key = get_config('mg_api_key')
mg_base_url = get_config('mg_base_url')
if not max_tries:
set_config('max_tries', 0)
max_tries = 0
view_after_ctf = get_config('view_after_ctf')
start = get_config('start')
end = get_config('end')
mail_tls = get_config('mail_tls')
mail_ssl = get_config('mail_ssl')
view_challenges_unregistered = get_config('view_challenges_unregistered')
view_scoreboard_if_authed = get_config('view_scoreboard_if_authed')
prevent_registration = get_config('prevent_registration')
prevent_name_change = get_config('prevent_name_change')
verify_emails = get_config('verify_emails')
db.session.commit()
db.session.close()
months = [
'January', 'February', 'March', 'April',
'May', 'June', 'July', 'August',
'September', 'October', 'November', 'December'
]
curr_year = datetime.date.today().year
start_days = 0
end_days = 0
if start:
start = datetime.datetime.fromtimestamp(float(start))
start_days = calendar.monthrange(start.year, start.month)[1]
if end:
end = datetime.datetime.fromtimestamp(float(end))
end_days = calendar.monthrange(end.year, end.month)[1]
themes = get_themes()
themes.remove(ctf_theme)
return render_template('admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
max_tries=max_tries,
mail_server=mail_server,
mail_port=mail_port,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
months=months,
curr_year=curr_year,
start_days=start_days,
end_days=end_days,
themes=themes)
def admin_config():
if request.method == "POST":
start = None
end = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if end < unix_time(datetime.datetime.now()):
end = None
try:
view_challenges_unregistered = bool(
request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(
request.form.get('view_scoreboard_if_authed', None))
prevent_registration = bool(
request.form.get('prevent_registration', None))
prevent_name_change = bool(
request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
finally:
view_challenges_unregistered = set_config(
'view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = set_config('view_scoreboard_if_authed',
view_scoreboard_if_authed)
prevent_registration = set_config('prevent_registration',
prevent_registration)
prevent_name_change = set_config('prevent_name_change',
prevent_name_change)
view_after_ctf = set_config('view_after_ctf', view_after_ctf)
verify_emails = set_config('verify_emails', verify_emails)
mail_tls = set_config('mail_tls', mail_tls)
mail_ssl = set_config('mail_ssl', mail_ssl)
mail_server = set_config("mail_server",
request.form.get('mail_server', None))
mail_port = set_config("mail_port",
request.form.get('mail_port', None))
mail_username = set_config("mail_username",
request.form.get('mail_username', None))
mail_password = set_config("mail_password",
request.form.get('mail_password', None))
ctf_name = set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = set_config("ctf_theme",
request.form.get('ctf_theme', None))
mg_base_url = set_config("mg_base_url",
request.form.get('mg_base_url', None))
mg_api_key = set_config("mg_api_key",
request.form.get('mg_api_key', None))
max_tries = set_config("max_tries",
request.form.get('max_tries', None))
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
return redirect(url_for('admin.admin_config'))
ctf_name = get_config('ctf_name')
ctf_theme = get_config('ctf_theme')
max_tries = get_config('max_tries')
mail_server = get_config('mail_server')
mail_port = get_config('mail_port')
mail_username = get_config('mail_username')
mail_password = get_config('mail_password')
mg_api_key = get_config('mg_api_key')
mg_base_url = get_config('mg_base_url')
if not max_tries:
set_config('max_tries', 0)
max_tries = 0
view_after_ctf = get_config('view_after_ctf')
start = get_config('start')
end = get_config('end')
mail_tls = get_config('mail_tls')
mail_ssl = get_config('mail_ssl')
view_challenges_unregistered = get_config('view_challenges_unregistered')
view_scoreboard_if_authed = get_config('view_scoreboard_if_authed')
prevent_registration = get_config('prevent_registration')
prevent_name_change = get_config('prevent_name_change')
verify_emails = get_config('verify_emails')
db.session.commit()
db.session.close()
months = [
'January', 'February', 'March', 'April', 'May', 'June', 'July',
'August', 'September', 'October', 'November', 'December'
]
curr_year = datetime.date.today().year
start_days = 0
end_days = 0
if start:
start = datetime.datetime.fromtimestamp(float(start))
start_days = calendar.monthrange(start.year, start.month)[1]
if end:
end = datetime.datetime.fromtimestamp(float(end))
end_days = calendar.monthrange(end.year, end.month)[1]
themes = get_themes()
themes.remove(ctf_theme)
return render_template(
'admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
max_tries=max_tries,
mail_server=mail_server,
mail_port=mail_port,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
months=months,
curr_year=curr_year,
start_days=start_days,
end_days=end_days,
themes=themes)
def chal(chalid):
if not ctftime():
return redirect(url_for('challenges.challenges_view'))
if authed():
fails = WrongKeys.query.filter_by(userid=session['id'], chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
# return "3" # Submitting too fast
return jsonify({'status': '3', 'message': "You're submitting keys too fast. Slow down."})
solves = Solves.query.filter_by(userid=session['id'], chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
# Hit max attempts
max_tries = int(get_config("max_tries"))
if fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip().lower():
solve = Solves(chalid=chalid, userid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
# return "1" # key was correct
return jsonify({'status':'1', 'message':'Correct'})
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid, userid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({'status': '0', 'message': 'Incorrect. You have {} {} remaining.'.format(attempts_left, tries_str)})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
# return "2" # challenge was already solved
return jsonify({'status': '2', 'message': 'You already solved this'})
else:
return "-1"
def profile():
if authed():
if request.method == "POST":
errors = []
name = request.form.get('name')
email = request.form.get('email')
website = request.form.get('website')
affiliation = request.form.get('affiliation')
country = request.form.get('country')
user = Users.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
names = Users.query.filter_by(name=name).first()
name_len = len(request.form['name']) == 0
emails = Users.query.filter_by(email=email).first()
valid_email = re.match("[^@]+@[^@]+\.[^@]+", email)
if ('password' in request.form.keys() and not len(request.form['password']) == 0) and \
(not bcrypt_sha256.verify(request.form.get('confirm').strip(), user.password)):
errors.append("Your old password doesn't match what we have.")
if not valid_email:
errors.append("That email doesn't look right")
if not get_config('prevent_name_change'
) and names and name != session['username']:
errors.append('That user name is already taken')
if emails and emails.id != session['id']:
errors.append('That email has already been used')
if not get_config('prevent_name_change') and name_len:
errors.append('Pick a longer user name')
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if len(errors) > 0:
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
errors=errors)
else:
user = Users.query.filter_by(id=session['id']).first()
if not get_config('prevent_name_change'):
user.name = name
if user.email != email.lower():
user.email = email.lower()
if get_config('verify_emails'):
user.verified = False
session['username'] = user.name
if 'password' in request.form.keys() and not len(
request.form['password']) == 0:
user.password = bcrypt_sha256.encrypt(
request.form.get('password'))
user.website = website
user.affiliation = affiliation
user.country = country
db.session.commit()
db.session.close()
return redirect(url_for('views.profile'))
else:
user = Users.query.filter_by(id=session['id']).first()
name = user.name
email = user.email
website = user.website
affiliation = user.affiliation
country = user.country
prevent_name_change = get_config('prevent_name_change')
confirm_email = get_config('verify_emails') and not user.verified
return render_template('profile.html',
name=name,
email=email,
website=website,
affiliation=affiliation,
country=country,
prevent_name_change=prevent_name_change,
confirm_email=confirm_email)
else:
return redirect(url_for('auth.login'))
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Users.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Users.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That user name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer user name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
user = Users(name, email.lower(), password)
db.session.add(user)
db.session.commit()
db.session.flush()
session['username'] = user.name
session['id'] = user.id
session['admin'] = user.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config('verify_emails'):
verify_email(user.email)
else:
if can_send_mail():
sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def scoreboard_view():
if get_config('view_scoreboard_if_authed') and not authed():
return redirect(url_for('auth.login', next=request.path))
standings = get_standings()
return render_template('scoreboard.html', users=standings)
