diff options
| author | cassio <cassiopc@gmail.com> | 2015-08-30 22:11:57 +0000 |
|---|---|---|
| committer | cassio <cassiopc@gmail.com> | 2015-08-30 22:11:57 +0000 |
| commit | dd3152be0442e577692067c5523da4f5ab9d9957 (patch) | |
| tree | dd11e8e3bd71404dd7675b8bc8d49f3655a0df61 /src/team/run.php | |
| parent | 9a3077369831bc66fd51bc9c5c276980dd74e046 (diff) | |
| download | boca-dd3152be0442e577692067c5523da4f5ab9d9957.tar.gz boca-dd3152be0442e577692067c5523da4f5ab9d9957.zip | |
multiple bugs to make submission by command line
Diffstat (limited to 'src/team/run.php')
| -rw-r--r-- | src/team/run.php | 158 |
1 files changed, 94 insertions, 64 deletions
diff --git a/src/team/run.php b/src/team/run.php index 9641386..caf3b3d 100644 --- a/src/team/run.php +++ b/src/team/run.php @@ -20,12 +20,12 @@ require('header.php'); $ds = DIRECTORY_SEPARATOR; if($ds=="") $ds = "/"; -if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Submit"]) && isset($_POST["language"]) && - is_numeric($_POST["problem"]) && is_numeric($_POST["language"]) && $_FILES["sourcefile"]["name"]!="") { - if ($_POST["confirmation"] == "confirm") { +if (isset($_POST["problem"]) && isset($_POST["language"]) && + ((isset($_FILES["sourcefile"]) && isset($_POST["Submit"]) && $_FILES["sourcefile"]["name"]!="") || (isset($_POST["data"]) && isset($_POST["name"])))) { + if ($_POST["confirmation"] == "confirm" || (isset($_POST["data"]) && isset($_POST["name"]))) { if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: CONTEST NOT FOUND"; + if(isset($_POST['name']) && $_POST['name'] != '') { + echo "\nRESULT: CONTEST NOT FOUND"; exit; } ForceLoad("../index.php"); @@ -33,62 +33,77 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $prob = myhtmlspecialchars($_POST["problem"]); $lang = myhtmlspecialchars($_POST["language"]); - $probs = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); - $i = 0; - $ss = ""; - for (;$i<count($probs);$i++) { - if($probs[$i]["problem"]==$prob) break; - $ss .= $probs[$i]["problem"] . " "; - } - if($i >= count($probs)) { - echo "RESULT: INVALID PROBLEM (options are: " . $ss . ")"; + if(!is_numeric($prob)) { + $probs = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); + $i = 0; + $ss = ""; + for (;$i<count($probs);$i++) { + if($probs[$i]["problem"]==$prob) { + $prob = $probs[$i]["number"]; + break; + } + $ss .= $probs[$i]["problem"] . " "; + } + if($i >= count($probs)) { + echo "\nRESULT: INVALID PROBLEM (options are: " . $ss . ")"; exit; + } } - $langs = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); - $i = 0; - $ss = ""; - for (;$i<count($langs);$i++) { - if($langs[$i]["name"]==$lang) break; - $ss .= $langs[$i]["name"] . " "; - } - if($i >= count($langs)) { - echo "RESULT: INVALID LANGUAGE (options are: " . $ss . ")"; - exit; - } - - $type=myhtmlspecialchars($_FILES["sourcefile"]["type"]); - $size=myhtmlspecialchars($_FILES["sourcefile"]["size"]); - $name=myhtmlspecialchars($_FILES["sourcefile"]["name"]); - $temp=myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]); - - if ($size > $ct["contestmaxfilesize"]) { - LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . - "$name with $size bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE TOO LARGE"; + if(!is_numeric($lang)) { + $langs = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); + $i = 0; + $ss = ""; + for (;$i<count($langs);$i++) { + if($langs[$i]["name"]==$lang) { + $lang = $langs[$i]["number"]; + break; + } + $ss .= $langs[$i]["name"] . " "; + } + if($i >= count($langs)) { + echo "\nRESULT: INVALID LANGUAGE (options are: " . $ss . ")"; exit; } - MSGError("File size exceeds the limit allowed."); - ForceLoad($runteam); } - if(strpos($name,' ') === true || strpos($temp,' ') === true) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE NAME CANNOT HAVE SPACES"; + if(isset($_POST['name']) && $_POST['name'] != '') { + $temp = tempnam("/tmp","bkp-"); + $fout = fopen($temp,"wb"); + fwrite($fout,base64_decode($_POST['data'])); + fclose($fout); + $size=filesize($temp); + $name=$_POST['name']; + if ($size > $ct["contestmaxfilesize"] || strlen($name)>100 || strlen($name)<1) { + echo "\nRESULT: SUBMITTED FILE (OR NAME) TOO LARGE"; exit; } - MSGError("File name cannot contain spaces."); - ForceLoad($runteam); + } else { + $type=myhtmlspecialchars($_FILES["sourcefile"]["type"]); + $size=myhtmlspecialchars($_FILES["sourcefile"]["size"]); + $name=myhtmlspecialchars($_FILES["sourcefile"]["name"]); + $temp=myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]); + + if ($size > $ct["contestmaxfilesize"]) { + LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . + "$name with $size bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); + MSGError("File size exceeds the limit allowed."); + ForceLoad($runteam); + } + if (!is_uploaded_file($temp) || strlen($name)>100) { + IntrusionNotify("file upload problem."); + ForceLoad("../index.php"); + } } - if (!is_uploaded_file($temp) || strlen($name)>100) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE UPLOAD PROBLEM"; + if(strpos($name,' ') === true || strpos($temp,' ') === true || strpos($name,'/') === true || strpos($temp,'/') === true || + strpos($name,'`') === true || strpos($temp,'`') === true || strpos($name,'\'') === true || strpos($temp,'\'') === true || + strpos($name, "\"") === true || strpos($temp, "\"") === true || strpos($name,'$') === true || strpos($temp,'$') === true) { + if(isset($_POST['name']) && $_POST['name'] != '') { + echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)"; exit; } - IntrusionNotify("file upload problem."); - ForceLoad("../index.php"); + MSGError("File name cannot contain spaces."); + ForceLoad($runteam); } - $ac=array('contest','site','user','problem','lang','filename','filepath'); $ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite', 'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2', @@ -105,12 +120,16 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $pastcode = myhtmlspecialchars($_POST["pastcode"]); if(isset($_POST["pasthash"]) && isset($_POST["pastval"])) { $pasthash = myhtmlspecialchars($_POST["pasthash"]); + $pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]); $pastval = myhtmlspecialchars($_POST["pastval"]); $pastabs = myhtmlspecialchars($_POST["pastabs"]); - $pastsubmission = myhash(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config') . $pastcode . $pastabs); - if($pastsubmission != $pasthash) { - echo "\nRESULT: INVALID SUBMISSION CODE"; - exit; + $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval); + if($pastsubmission != $pastvalhash) { + $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs); + if($pastsubmission != $pasthash) { + echo "\nRESULT: INVALID SUBMISSION CODE"; + exit; + } } } else { $pastval = 0; @@ -118,27 +137,38 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $verify = $pastcode . '-' .$_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]; $fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"].'-'. $_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"].'.txt'; - $codes = @file($fcname); + $codes = @file($fcname,FILE_IGNORE_NEW_LINES); if(in_array($verify,$codes)) { echo "\nRESULT: RUN ALREADY SUBMITTED"; } else { if($pastval > 0) { $param['rundate']=time() - $pastval; - $b = DBSiteInfo($contest, $site, $c); + $b = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"]); $dif = $b["currenttime"]; $param['rundatediff']=$dif - $pastval; } if(DBNewRun ($param) == 2) - @file_put_contents($fcname, $verify . '\n', FILE_APPEND | LOCK_EX); - echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY"; + @file_put_contents($fcname, $verify . "\n", FILE_APPEND | LOCK_EX); + echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY ($pastval)"; } exit; } - DBNewRun ($param); + $retv = DBNewRun ($param); + if(isset($_POST['name']) && $_POST['name'] != '') { + if($retv == 2) + echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY"; + else + echo "\nRESULT: UNKNOWN PROBLEM"; + exit; + } $_SESSION['forceredo']=true; } ForceLoad($runteam); } +if(isset($_POST['name']) && $_POST['name'] != '') { + echo "RESULT: PARAMETERS MISSING"; + exit; +} $runtmp = $_SESSION["locr"] . $ds . "private" . $ds . "runtmp" . $ds . "run-contest" . $_SESSION["usertable"]["contestnumber"] . "-site". $_SESSION["usertable"]["usersitenumber"] . "-user" . $_SESSION["usertable"]["usernumber"] . ".php"; @@ -200,19 +230,19 @@ if (count($run) == 0) $strtmp .= "<br><center><b><font color=\"#ff0000\">NO RUNS $linesubmission = @file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-using-command.config'); if(trim($linesubmission) == '1') { -$strtmp .= "<br><br><center><b>To submit a program, use the command-line tool:</b>\n<br><br>". - "<pre>boca-submit-run USER PASSWORD PROBLEM LANGUAGE FILE</pre><br><br>". - "where <pre>USER</pre> is your username, <pre>PASSWORD</pre> is your password, <pre>FILE</pre> is your submission file,<br>". - "<pre>PROBLEM</pre> is one of { <pre>"; +$strtmp .= "<br><br><center><b>To submit a program, use the command-line tool:</b>\n<br>". + "<pre>boca-submit-run USER PASSWORD PROBLEM LANGUAGE FILE</pre><br>". + "where USER is your username, PASSWORD is your password, FILE is your submission file,<br>". + "PROBLEM is one of { "; $prob = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); for ($i=0;$i<count($prob);$i++) $strtmp .= $prob[$i]["problem"] . " "; -$strtmp .= "</pre>} and<br><pre>LANGUAGE</pre> is one of { <pre>" +$strtmp .= "} and<br>LANGUAGE is one of { "; $lang = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); for ($i=0;$i<count($lang);$i++) $strtmp .= $lang[$i]["name"] . " "; -$strtmp .= "</pre>}<br><br>\n"; +$strtmp .= "}<br><br>\n"; } else { $strtmp .= "<br><br><center><b>To submit a program, just fill in the following fields:</b></center>\n". |