Merge remote-tracking branch 'origin/develc' into devel

author: Bruno Cesar Ribas <brunoribas@gmail.com> 2018-11-05 19:23:17 +0000
committer: Bruno Cesar Ribas <brunoribas@gmail.com> 2018-11-05 19:23:17 +0000
commit: 87cb46dc671b84a5cfcb665cb9f02e050595529b (patch)
tree: 1543911f7934e1e775852a6fb1b5d7e6590beea5 /src/flog.php
parent: d069fc757c591bda3cfabcd55ded730ff7d27348 (diff)
parent: 336e0c032cc0f9e9547853f814ebffdfd00c5e2d (diff)
download: boca-87cb46dc671b84a5cfcb665cb9f02e050595529b.tar.gz
boca-87cb46dc671b84a5cfcb665cb9f02e050595529b.zip
1 files changed, 32 insertions, 0 deletions
diff --git a/src/flog.php b/src/flog.php
index ed5afbd..1e6e6cb 100644
--- a/src/flog.php
+++ b/src/flog.php
@@ -156,6 +156,38 @@ function DBLogInContest($name,$pass,$contest,$msg=true) {
 		unset($_SESSION["usertable"]);
 		return false;
 	}
+
+	if(!ctype_alnum($name)) {
+	  LOGLevel("User $name tried to log in contest $contest but username is not alphanum.",2);
+	  if($msg) MSGError("Username must be alpha numeric.");
+	  unset($_SESSION["usertable"]);
+	  return false;
+	}
+	$ccode = trim($_SERVER['HTTP_USER_AGENT']);
+	$ds = DIRECTORY_SEPARATOR;
+	if($ds=="") $ds = "/";
+	$dircode=$_SESSION["locr"] . $ds . "private" . $ds . "agentcode";
+	@mkdir($dircode);
+	$dircode .= $ds . $contest . '-' . $name;
+	@file_put_contents($dircode . '.log', $ccode . "\n", FILE_APPEND | LOCK_EX);
+	if(@file_exists($dircode)) {
+	  if(($prevuser = @file_get_contents($dircode)) === false) {
+	    LOGLevel("User $name tried to log in contest $contest but computer file cannot be read.",2);
+	    if($msg) MSGError("Invalid computer (2).");
+	    unset($_SESSION["usertable"]);
+	    return false;
+	  }
+	  if($prevuser != $ccode && $a["usertype"] == "team") {
+	    LOGLevel("User $name tried to log in contest $contest but computer is invalid ($ccode).",2);
+	    if($msg) MSGError("Invalid computer (3).");
+	    unset($_SESSION["usertable"]);
+	    return false;
+	  }
+	} else {
+	  if($a["usertype"] == "team")
+	    @file_put_contents($dircode, $ccode);
+	}
+			  
 	$gip=getIP();
 	if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
 		LOGLevel("User $name is using two different IPs: " . $a["userip"] .
author	Bruno Cesar Ribas <brunoribas@gmail.com>	2018-11-05 19:23:17 +0000
committer	Bruno Cesar Ribas <brunoribas@gmail.com>	2018-11-05 19:23:17 +0000
commit	87cb46dc671b84a5cfcb665cb9f02e050595529b (patch)
tree	1543911f7934e1e775852a6fb1b5d7e6590beea5 /src/flog.php
parent	d069fc757c591bda3cfabcd55ded730ff7d27348 (diff)
parent	336e0c032cc0f9e9547853f814ebffdfd00c5e2d (diff)
download	boca-87cb46dc671b84a5cfcb665cb9f02e050595529b.tar.gz boca-87cb46dc671b84a5cfcb665cb9f02e050595529b.zip