1 files changed, 55 insertions, 12 deletions

diff --git a/boca-1.5.0/src/fcontest.php b/boca-1.5.0/src/fcontest.php
index 9390a31..23ce241 100644
--- a/boca-1.5.0/src/fcontest.php
+++ b/boca-1.5.0/src/fcontest.php
@@ -139,7 +139,7 @@ CREATE TABLE \"usertable\" (
         \"usersitenumber\" int4 NOT NULL,                 -- (id do local do time)
         \"usernumber\" int4 NOT NULL,                     -- (id do usuario)
         \"username\" varchar(20) NOT NULL,                -- (nome do usuario)
-        \"userfullname\" varchar(200) NOT NULL,            -- (nome completo do usuario)
+        \"userfullname\" varchar(200) NOT NULL,           -- (nome completo do usuario)
         \"userdesc\" varchar(300),                        -- (descricao: escola ou integrantes ou etc)
         \"usertype\" varchar(20) NOT NULL,                -- (judge, team, admin, system)
         \"userenabled\" bool DEFAULT 't' NOT NULL,        -- (usuario ativo)
@@ -216,6 +216,11 @@ function DBAllUserInfo($contest,$site=-1) {
 	$a = array();
 	for ($i=0;$i<$n;$i++) {
 		$a[$i] = DBRow($r,$i);
+		$a[$i]['changepassword']=true;
+		if(substr($a[$i]['userpassword'],0,1)=='!') {
+			$a[$i]['userpassword'] = substr($a[$i]['userpassword'],1);
+			$a[$i]['changepassword']=false;
+		}
 		$a[$i]['userpassword'] = myhash($a[$i]['userpassword'] . $a[$i]['usersessionextra']);
 	}
 	return $a;
@@ -245,8 +250,35 @@ function DBUserInfo($contest, $site, $user, $c=null,$hashpass=true) {
 		LOGError("Unable to find the user in the database. SQL=(" . $sql . ")");
 		MSGError("Unable to find the user in the database. Contact an admin now!");
 	}
+	$a['changepassword']=true;
+	if(substr($a['userpassword'],0,1)=='!') {
+		$a['userpassword'] = substr($a['userpassword'],1);
+		$a['changepassword']=false;
+	}
 	if($hashpass)
 		$a['userpassword'] = myhash($a['userpassword'] . $a['usersessionextra']);
+	$inst = explode(']',$a['userfullname']);
+	if(isset($inst[1])) {
+		$a['userfullname'] = trim($inst[1]);
+		$inst = explode('[',$inst[0]);
+		if(isset($inst[1]))
+		   $a['usershortname'] = trim($inst[1]);
+	}
+	$inst = explode(']',$a['userdesc']);
+	if(isset($inst[1])) {
+		$inst2 = explode('[',$inst[0]);
+		if(isset($inst2[1]))
+			$a['usershortinstitution'] = trim($inst2[0]);
+		if(isset($inst[2])) {
+			$a['userdesc']=trim($inst[2]);
+			$inst = explode('[',$inst[1]);
+			if(isset($inst[1])) {
+				$a['userinstitution'] = trim($inst[1]);
+			}
+		} else {
+			$a['userdesc']=trim($inst[1]);
+		}
+	}
 	return $a;
 }
 function DBDeleteUser($contest, $site, $user) {
@@ -322,9 +354,10 @@ function DBSiteLogoffAll($contest, $site) {
 	LOGLevel("Logoff all (contest=$contest,site=$site).",2);
 }
 
-function DBAllSiteInfo($contest) {
+function DBAllSiteInfo($contest, $c=null) {
 	$sql = "select * from sitetable where contestnumber=$contest";
-	$c = DBConnect();
+	if($c==null)
+		$c = DBConnect();
 	$r = DBExec ($c, $sql);
 	$n = DBnlines($r);
 	if ($n == 0) {
@@ -415,6 +448,7 @@ function DBSiteLogins ($contest, $site, $logins) {
 	$param['contestnumber']=$contest;
 	$param['sitenumber']=$site;
 	$param['sitepermitlogins']=$logins;
+	unset($param['updatetime']);
 	DBUpdateSite ($param);
 	LOGLevel("Site logins=$logins (contest=$contest)",2);
 }
@@ -634,10 +668,11 @@ function DBUpdateSite ($param,$c=null) {
 		$sql .= " sitescorelevel=$sitescorelevel where contestnumber=$contestnumber and sitenumber=$sitenumber " .
 			"and updatetime < $updatetime";
 		DBExec($c,$sql, "DBUpdateSite(update site)");
-		if($docommit) 	
+		if($docommit) {
 			DBExec($c, "commit work", "DBUpdateSite(commit-update)");	
-		LOGLevel("User " . $_SESSION["usertable"]["username"]."/". $_SESSION["usertable"]["usersitenumber"] . 
-				 " changed the site $sitenumber (contest=$contestnumber) settings.",2);
+			LOGLevel("User " . $_SESSION["usertable"]["username"]."/". $_SESSION["usertable"]["usersitenumber"] . 
+					 " changed the site $sitenumber (contest=$contestnumber) settings.",2);
+		}
 	} else {
 		if($docommit) 	
 			DBExec($c, "commit work", "DBUpdateSite(commit-noupdate)");
@@ -648,7 +683,7 @@ function DBUpdateContest ($param, $c=null) {
 	if(isset($param['contestnumber']) && !isset($param['number'])) $param['number']=$param['contestnumber'];
 
 	$ac=array('number');
-	$ac1=array('updatetime','atualizasites','scorelevel','mainsite','localsite','mainsiteurl','keys','unlockkey',
+	$ac1=array('updatetime','atualizasites','scorelevel','mainsite','localsite','mainsiteurl','keys','unlockkey','name',
 			   'active','lastmileanswer','lastmilescore','penalty','startdate', 'duration', 'maxfilesize');
 	$type['number']=1;
 	$type['scorelevel']=1;
@@ -721,6 +756,7 @@ function DBUpdateContest ($param, $c=null) {
 			   "DBUpdateContest(active)");
 		LOGLevel("User " . $_SESSION["usertable"]["username"]."/". $_SESSION["usertable"]["usersitenumber"] . " activated contest $number.",2);
 	}
+	$chd=false;
 	if($updatetime > $a['updatetime']) {
 		$ret=2;
 		$sql = "update contesttable set updatetime=".$updatetime;
@@ -769,7 +805,7 @@ function DBUpdateContest ($param, $c=null) {
 		}
 
 		if($atualizasites) {
-			$s = DBAllSiteInfo($number);
+			$s = DBAllSiteInfo($number,$c);
 			for($i=0; $i<count($s); $i++) {
 				$param = $s[$i];
 				$param['contestnumber']=$number;
@@ -781,7 +817,7 @@ function DBUpdateContest ($param, $c=null) {
 					$param['sitelastmileanswer']=$lastmileanswer;
 				if($lastmilescore > 0)
 					$param['sitelastmilescore']=$lastmilescore;
-				
+				unset($param['updatetime']);
 				DBUpdateSite ($param,$c);
 				
 				if($startdate > 0) {
@@ -793,11 +829,13 @@ function DBUpdateContest ($param, $c=null) {
 				}
 			}
 		}
-		LOGLevel("User " . $_SESSION["usertable"]["username"]."/". $_SESSION["usertable"]["usersitenumber"] . " changed the contest $number settings.",2);
+		$chd=true;
 	}
 	if($cw) {
 		DBExec($c, "commit work", "DBUpdateContest(commit)");
 	}
+	if($chd)
+		LOGLevel("User " . $_SESSION["usertable"]["username"]."/". $_SESSION["usertable"]["usersitenumber"] . " changed the contest $number settings.",2);
 	return $ret;
 }
 function DBRenewSiteTime($param, $c=null) {
@@ -1042,11 +1080,15 @@ function DBUserUpdate($contest, $site, $user, $username, $userfull, $userdesc, $
 				 "tried to change settings, but password was incorrect.",2);
 		MSGError ("Incorrect password.");
 	}
-	else {
+	else { 
+		if(!$a['changepassword']) {
+			MSGError('Password change is DISABLED'); return;
+		}
 		if ($a["userpassword"] == "") $temp = myhash("");
 		else $temp = $a["userpassword"];
+		$lentmp = strlen($temp);
 		$temp = bighexsub($passn, $temp);
-		$newpass = substr($temp, strlen($temp)-strlen($myhash), strlen($myhash));
+		$newpass = substr($temp, strlen($temp)-$lentmp);
 
 		$c = DBConnect();
 		DBExec($c, "begin work");
@@ -1163,6 +1205,7 @@ function DBNewUser($param, $c=null) {
 			MSGError("Site $site does not exist");
 			return false;
 		   }
+		   if($type=='team') $pass='!'.$pass;
 			$sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " .
 				"userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " .
 				"($contest, $site, $user, '$username', '$usericpcid', '$userfull', '$userdesc', '$type', '$enabled', " .