check if same computer is being used - this is only useful for in-loco contests

1 files changed, 31 insertions, 0 deletions

diff --git a/src/flog.php b/src/flog.php
index ed5afbd..0134b1c 100644
--- a/src/flog.php
+++ b/src/flog.php
@@ -156,6 +156,37 @@ function DBLogInContest($name,$pass,$contest,$msg=true) {
 		unset($_SESSION["usertable"]);
 		return false;
 	}
+
+	if(!ctype_alnum($name)) {
+	  LOGLevel("User $name tried to log in contest $contest but username is not alphanum.",2);
+	  if($msg) MSGError("Username must be alpha numeric.");
+	  unset($_SESSION["usertable"]);
+	  return false;
+	}
+	$ccode = explode(' ',trim($_SERVER['HTTP_USER_AGENT']),100);
+	$ccode = $ccode[count($ccode)-1];
+	$ds = DIRECTORY_SEPARATOR;
+	if($ds=="") $ds = "/";
+	$dircode=$_SESSION["locr"] . $ds . "private" . $ds . "agentcode";
+	@mkdir($dircode);
+	$dircode .= $ds . $contest . '-' . $name;
+	if(@file_exists($dircode)) {
+	  if(($prevuser = @file_get_contents($dircode)) === false) {
+	    LOGLevel("User $name tried to log in contest $contest but computer file cannot be read.",2);
+	    if($msg) MSGError("Invalid computer (2).");
+	    unset($_SESSION["usertable"]);
+	    return false;
+	  }
+	  if($prevuser != $ccode) {
+	    LOGLevel("User $name tried to log in contest $contest but computer is invalid.",2);
+	    if($msg) MSGError("Invalid computer (3).");
+	    unset($_SESSION["usertable"]);
+	    return false;
+	  }
+	} else {
+	  @file_put_contents($dircode, $ccode);
+	}
+			  
 	$gip=getIP();
 	if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
 		LOGLevel("User $name is using two different IPs: " . $a["userip"] .