diff options
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | src/index.php | 168 |
2 files changed, 92 insertions, 77 deletions
@@ -1,4 +1,3 @@ - tools/safeexec: tools/safeexec.c gcc -g -O2 $^ -o $@ diff --git a/src/index.php b/src/index.php index 7bdbb81..6e75b41 100644 --- a/src/index.php +++ b/src/index.php @@ -34,17 +34,19 @@ require_once("db.php"); if (!isset($_GET["name"])) { if (ValidSession()) - DBLogOut($_SESSION["usertable"]["contestnumber"], - $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], - $_SESSION["usertable"]["username"]=='admin'); - session_unset(); + DBLogOut($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], $_SESSION["usertable"]["username"]=='admin'); + + session_unset(); session_destroy(); session_start(); + $_SESSION["loc"] = dirname($_SERVER['PHP_SELF']); if($_SESSION["loc"]=="/") $_SESSION["loc"] = ""; + $_SESSION["locr"] = dirname(__FILE__); if($_SESSION["locr"]=="/") $_SESSION["locr"] = ""; } + if(isset($_GET["getsessionid"])) { echo session_id(); exit; @@ -52,65 +54,69 @@ if(isset($_GET["getsessionid"])) { $coo = array(); if(isset($_COOKIE['biscoitobocabombonera'])) { - $coo = explode('-',$_COOKIE['biscoitobocabombonera']); - if(count($coo) != 2 || - strlen($coo[1])!=strlen(myhash('xxx')) || - !is_numeric($coo[0]) || - !ctype_alnum($coo[1])) - $coo = array(); + $coo = explode('-',$_COOKIE['biscoitobocabombonera']); + + if(count($coo) != 2 || strlen($coo[1])!=strlen(myhash('xxx')) || !is_numeric($coo[0]) || !ctype_alnum($coo[1])) + $coo = array(); } + if(count($coo) != 2) setcookie('biscoitobocabombonera',time() . '-' . myhash(time() . rand() . time() . rand()),time() + 240*3600); ob_end_flush(); require_once('version.php'); - ?> + <title>BOCA Online Contest Administrator <?php echo $BOCAVERSION; ?> - Login</title> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel=stylesheet href="Css.php" type="text/css"> <script language="JavaScript" src="sha256.js"></script> <script language="JavaScript"> -function computeHASH() -{ +function computeHASH() { var userHASH, passHASH; userHASH = document.form1.name.value; passHASH = js_myhash(js_myhash(document.form1.password.value)+'<?php echo session_id(); ?>'); + document.form1.name.value = ''; document.form1.password.value = ' '; document.location = 'index.php?name='+userHASH+'&password='+passHASH; } </script> + <?php if(function_exists("globalconf") && function_exists("sanitizeVariables")) { - if(isset($_GET["name"]) && $_GET["name"] != "" ) { - $name = $_GET["name"]; - $password = $_GET["password"]; - $usertable = DBLogIn($name, $password); - if(!$usertable) { - ForceLoad("index.php"); - } - else { - if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) - ForceLoad("index.php"); - if($ct["contestlocalsite"]==$ct["contestmainsite"]) $main=true; else $main=false; - if(isset($_GET['action']) && $_GET['action'] == 'transfer') { - echo "TRANSFER OK"; - } else { - if($main && $_SESSION["usertable"]["usertype"] == 'site') { - MSGError('Direct login of this user is not allowed'); - unset($_SESSION["usertable"]); - ForceLoad("index.php"); - exit; - } - echo "<script language=\"JavaScript\">\n"; - echo "document.location='" . $_SESSION["usertable"]["usertype"] . "/index.php';\n"; - echo "</script>\n"; - } - exit; - } + if(isset($_GET["name"]) && $_GET["name"] != "" ) { + $name = $_GET["name"]; + $password = $_GET["password"]; + $usertable = DBLogIn($name, $password); + if(!$usertable) { + ForceLoad("index.php"); + } else { + if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) + ForceLoad("index.php"); + + if($ct["contestlocalsite"]==$ct["contestmainsite"]) + $main=true; + else + $main=false; + + if(isset($_GET['action']) && $_GET['action'] == 'transfer') { + echo "TRANSFER OK"; + } else { + if($main && $_SESSION["usertable"]["usertype"] == 'site') { + MSGError('Direct login of this user is not allowed'); + unset($_SESSION["usertable"]); + ForceLoad("index.php"); + exit; + } + echo "<script language=\"JavaScript\">\n"; + echo "document.location='" . $_SESSION["usertable"]["usertype"] . "/index.php';\n"; + echo "</script>\n"; + } + exit; + } } } else { echo "<script language=\"JavaScript\">\n"; @@ -118,45 +124,55 @@ if(function_exists("globalconf") && function_exists("sanitizeVariables")) { echo "</script>\n"; } ?> + </head> <body onload="document.form1.name.focus()"> <table width="100%" height="100%" border="0"> - <tr align="center" valign="middle"> - <td> - <form name="form1" action="javascript:computeHASH()"> - <div align="center"> - <table border="0" align="center"> - <tr> - <td nowrap> - <div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="+1"> - BOCA Login</font></div> - </td> - </tr> - <tr> - <td valign="top"> - <table border="0" align="left"> - <tr> - <td><font face="Verdana, Arial, Helvetica, sans-serif" > - Name - </font></td> - <td> - <input type="text" name="name"> - </td> - </tr> - <tr> - <td><font face="Verdana, Arial, Helvetica, sans-serif" >Password</font></td> - <td> - <input type="password" name="password"> - </td> - </tr> - </table> - <input type="submit" name="Submit" value="Login"> - </td> - </tr> - </table> - </div> - </form> - </td> - </tr> + <tr align="center" valign="middle"> + <td> + <form name="form1" action="javascript:computeHASH()"> + <div align="center"> + <table border="0" align="center"> + <tr> + <td nowrap> + <div align="center"> + <font face="Verdana, Arial, Helvetica, sans-serif" size="+1"> + BOCA Login + </font> + </div> + </td> + </tr> + <tr> + <td valign="top"> + <table border="0" align="left"> + <tr> + <td> + <font face="Verdana, Arial, Helvetica, sans-serif"> + Name + </font> + </td> + <td> + <input type="text" name="name"> + </td> + </tr> + <tr> + <td> + <font face="Verdana, Arial, Helvetica, sans-serif"> + Password + </font> + </td> + <td> + <input type="password" name="password"> + </td> + </tr> + </table> + <input type="submit" name="Submit" value="Login"> + </td> + </tr> + </table> + </div> + </form> + </td> + </tr> </table> <?php include('footnote.php'); ?> |