diff options
| -rw-r--r-- | doc/problemexamples/problemtemplate.zip | bin | 22318 -> 27882 bytes | |||
| -rw-r--r-- | src/admin/language.php | 9 | ||||
| -rw-r--r-- | src/admin/problem.php | 11 | ||||
| -rw-r--r-- | src/team/run.php | 78 |
4 files changed, 87 insertions, 11 deletions
diff --git a/doc/problemexamples/problemtemplate.zip b/doc/problemexamples/problemtemplate.zip Binary files differindex c3ddf4a..b5e88ac 100644 --- a/doc/problemexamples/problemtemplate.zip +++ b/doc/problemexamples/problemtemplate.zip diff --git a/src/admin/language.php b/src/admin/language.php index b2a7481..94be1ae 100644 --- a/src/admin/language.php +++ b/src/admin/language.php @@ -15,7 +15,7 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// -// Last modified 05/aug/2012 by cassio@ime.usp.br +// Last modified 08/aug/2015 by cassio@ime.usp.br require('header.php'); if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) @@ -29,13 +29,18 @@ if (isset($_GET["delete"]) && is_numeric($_GET["delete"])) { if (isset($_POST["Submit3"]) && isset($_POST["langnumber"]) && is_numeric($_POST["langnumber"]) && isset($_POST["langname"]) && $_POST["langname"] != "") { + if(strpos(trim($_POST["langname"]),' ')!==false) { + $_POST["confirmation"]=''; + MSGError('Language name cannot have spaces'); + } else { if ($_POST["confirmation"] == "confirm") { $param = array(); $param['number'] = $_POST['langnumber']; - $param['name'] = $_POST['langname']; + $param['name'] = trim($_POST['langname']); $param['extension'] = $_POST['langextension']; DBNewLanguage ($_SESSION["usertable"]["contestnumber"], $param); } + } ForceLoad("language.php"); } ?> diff --git a/src/admin/problem.php b/src/admin/problem.php index 6a894ba..4228d05 100644 --- a/src/admin/problem.php +++ b/src/admin/problem.php @@ -15,7 +15,7 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// -// Last modified 31/aug/2012 by cassio@ime.usp.br +// Last modified 08/aug/2015 by cassio@ime.usp.br if ($_POST["confirmation"] != "confirm") unset($_POST['noflush']); @@ -168,6 +168,10 @@ if(isset($_POST['Submit5']) && $_POST['Submit5']=='Send') { if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_POST["problemnumber"]) && isset($_POST["problemname"]) && $_POST["problemname"] != "") { + if(strpos(trim($_POST["problemname"]),' ')!==false) { + $_POST["confirmation"]=''; + MSGError('Problem short name cannot have spaces'); + } else { if ($_POST["confirmation"] == "confirm") { if ($_FILES["probleminput"]["name"] != "") { $type=myhtmlspecialchars($_FILES["probleminput"]["type"]); @@ -182,7 +186,7 @@ if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_P $param = array(); $param['number'] = $_POST["problemnumber"]; - $param['name'] = $_POST["problemname"]; + $param['name'] = trim($_POST["problemname"]); $param['inputfilename'] = $name; $param['inputfilepath'] = $temp; $param['fake'] = 'f'; @@ -190,6 +194,7 @@ if (isset($_POST["Submit3"]) && isset($_POST["problemnumber"]) && is_numeric($_P $param['color'] = $_POST["color"]; DBNewProblem ($_SESSION["usertable"]["contestnumber"], $param); } + } ForceLoad("problem.php"); } ?> @@ -340,7 +345,7 @@ To replace the data of a problem, proceed as if it did not exist (data will be r </td> </tr> <tr> - <td width="35%" align=right>Short Name (usually a letter):</td> + <td width="35%" align=right>Short Name (usually a letter, no spaces):</td> <td width="65%"> <input type="text" name="problemname" value="" size="20" maxlength="20" /> </td> diff --git a/src/team/run.php b/src/team/run.php index 467ce56..d11447b 100644 --- a/src/team/run.php +++ b/src/team/run.php @@ -15,15 +15,21 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// -// Last modified 28/oct/2013 by cassio@ime.usp.br +// Last modified 08/aug/2015 by cassio@ime.usp.br require('header.php'); +$ds = DIRECTORY_SEPARATOR; +if($ds=="") $ds = "/"; if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Submit"]) && isset($_POST["language"]) && is_numeric($_POST["problem"]) && is_numeric($_POST["language"]) && $_FILES["sourcefile"]["name"]!="") { if ($_POST["confirmation"] == "confirm") { - if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) + if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { + echo "RESULT: CONTEST NOT FOUND"; + exit; + } ForceLoad("../index.php"); - + } $prob = myhtmlspecialchars($_POST["problem"]); $lang = myhtmlspecialchars($_POST["language"]); @@ -35,14 +41,26 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su if ($size > $ct["contestmaxfilesize"]) { LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . "$name with $size bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { + echo "RESULT: FILE TOO LARGE"; + exit; + } MSGError("File size exceeds the limit allowed."); ForceLoad($runteam); } if(strpos($name,' ') === true || strpos($temp,' ') === true) { + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { + echo "RESULT: FILE NAME CANNOT HAVE SPACES"; + exit; + } MSGError("File name cannot contain spaces."); ForceLoad($runteam); } if (!is_uploaded_file($temp) || strlen($name)>100) { + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { + echo "RESULT: FILE UPLOAD PROBLEM"; + exit; + } IntrusionNotify("file upload problem."); ForceLoad("../index.php"); } @@ -59,15 +77,45 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su 'lang'=>$lang, 'filename'=>$name, 'filepath'=>$temp); + + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { + $pastcode = myhtmlspecialchars($_POST["pastcode"]); + if(isset($_POST["pasthash"]) && isset($_POST["pastval"])) { + $pasthash = myhtmlspecialchars($_POST["pasthash"]); + $pastval = myhtmlspecialchars($_POST["pastval"]); + $pastsubmission = myhash(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config') . $pastcode); + if($pastsubmission != $pasthash) { + echo "\nRESULT: INVALID SUBMISSION CODE"; + exit; + } + } else { + $pastval = 0; + } + $verify = $pastcode . '-' .$_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]; + $fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"].'-'. + $_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"].'.txt'; + $codes = @file($fcname); + if(in_array($verify,$codes)) { + echo "\nRESULT: RUN ALREADY SUBMITTED"; + } else { + if($pastval > 0) { + $param['rundate']=time() - $pastval; + $b = DBSiteInfo($contest, $site, $c); + $dif = $b["currenttime"]; + $param['rundatediff']=$dif - $pastval; + } + if(DBNewRun ($param) == 2) + @file_put_contents($fcname, $verify . '\n', FILE_APPEND | LOCK_EX); + echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY"; + } + exit; + } DBNewRun ($param); $_SESSION['forceredo']=true; } ForceLoad($runteam); } -$ds = DIRECTORY_SEPARATOR; -if($ds=="") $ds = "/"; - $runtmp = $_SESSION["locr"] . $ds . "private" . $ds . "runtmp" . $ds . "run-contest" . $_SESSION["usertable"]["contestnumber"] . "-site". $_SESSION["usertable"]["usersitenumber"] . "-user" . $_SESSION["usertable"]["usernumber"] . ".php"; $redo = TRUE; @@ -126,6 +174,23 @@ if($redo) { $strtmp .= "</table>"; if (count($run) == 0) $strtmp .= "<br><center><b><font color=\"#ff0000\">NO RUNS AVAILABLE</font></b></center>"; +$linesubmission = @file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-using-command.config'); +if(trim($linesubmission) == '1') { +$strtmp .= "<br><br><center><b>To submit a program, use the command-line tool:</b>\n<br><br>". + "<pre>boca-send-run USER PASSWORD PROBLEM LANGUAGE FILE</pre><br><br>". + "where <pre>USER</pre> is your username, <pre>PASSWORD</pre> is your password, <pre>FILE</pre> is your submission file,<br>". + "<pre>PROBLEM</pre> is one of { <pre>"; + +$prob = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); +for ($i=0;$i<count($prob);$i++) + $strtmp .= $prob[$i]["problem"] . " "; +$strtmp .= "</pre>} and<br><pre>LANGUAGE</pre> is one of { <pre>" +$lang = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); +for ($i=0;$i<count($lang);$i++) + $strtmp .= $lang[$i]["name"] . " "; +$strtmp .= "</pre>}<br><br>\n"; +} else { + $strtmp .= "<br><br><center><b>To submit a program, just fill in the following fields:</b></center>\n". "<form name=\"form1\" enctype=\"multipart/form-data\" method=\"post\" action=\"". $runteam ."\">\n". " <input type=hidden name=\"confirmation\" value=\"noconfirm\" />\n". @@ -177,6 +242,7 @@ $strtmp .= " </select>\n". " <input type=\"reset\" name=\"Submit2\" value=\"Clear\">\n". " </center>\n". "</form>\n"; +} $conf=globalconf(); $strtmp1 = "<!-- " . time() . " --> <?php exit; ?>\t" . encryptData($strcolors,$conf["key"],false) . "\n" . encryptData($strtmp,$conf["key"],false); $randnum = session_id() . "_" . rand(); |