diff options
Diffstat (limited to 'boca-1.5.2/src/admin/user.php')
| -rw-r--r-- | boca-1.5.2/src/admin/user.php | 469 |
1 files changed, 0 insertions, 469 deletions
diff --git a/boca-1.5.2/src/admin/user.php b/boca-1.5.2/src/admin/user.php deleted file mode 100644 index adde9db..0000000 --- a/boca-1.5.2/src/admin/user.php +++ /dev/null @@ -1,469 +0,0 @@ -<?php -//////////////////////////////////////////////////////////////////////////////// -//BOCA Online Contest Administrator -// Copyright (C) 2003-2012 by BOCA Development Team (bocasystem@gmail.com) -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -//////////////////////////////////////////////////////////////////////////////// -// Last modified 05/aug/2012 by cassio@ime.usp.br -require('header.php'); - -if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"]) && - isset($_GET["logout"]) && $_GET["logout"] == 1) { - DBLogOut($_SESSION["usertable"]["contestnumber"], $_GET["site"], $_GET["user"]); - ForceLoad("user.php"); -} -if (isset($_POST["usersitenumber"]) && isset($_POST["usernumber"]) && is_numeric($_POST["usersitenumber"]) && - is_numeric($_POST["usernumber"]) && isset($_POST["confirmation"]) && $_POST["confirmation"] == "delete") { - if (!DBDeleteUser($_SESSION["usertable"]["contestnumber"], $_POST["usersitenumber"], $_POST["usernumber"])) - MSGError("User could not be removed."); - ForceLoad("user.php"); -} - -if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) - ForceLoad("../index.php"); -if($ct["contestlocalsite"]==$ct["contestmainsite"]) $main=true; else $main=false; - -if (isset($_POST["username"]) && isset($_POST["userfullname"]) && isset($_POST["userdesc"]) && isset($_POST["userip"]) && - isset($_POST["usernumber"]) && isset($_POST["usersitenumber"]) && isset($_POST["userenabled"]) && isset($_POST["usericpcid"]) && - isset($_POST["usermultilogin"]) && isset($_POST["usertype"]) && isset($_POST["confirmation"]) && - isset($_POST["passwordn1"]) && isset($_POST["passwordn2"]) && isset($_POST["passwordo"]) && $_POST["confirmation"] == "confirm") { - $param['user'] = htmlspecialchars($_POST["usernumber"]); - $param['site'] = htmlspecialchars($_POST["usersitenumber"]); - $param['username'] = htmlspecialchars($_POST["username"]); - $param['usericpcid'] = htmlspecialchars($_POST["usericpcid"]); - $param['enabled'] = htmlspecialchars($_POST["userenabled"]); - $param['multilogin'] = htmlspecialchars($_POST["usermultilogin"]); - $param['userfull'] = htmlspecialchars($_POST["userfullname"]); - $param['userdesc'] = htmlspecialchars($_POST["userdesc"]); - $param['type'] = htmlspecialchars($_POST["usertype"]); - $param['permitip'] = htmlspecialchars($_POST["userip"]); - $param['contest'] = $_SESSION["usertable"]["contestnumber"]; - - $passcheck = htmlspecialchars($_POST["passwordo"]); - $a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false); - if(myhash($a['userpassword'] . session_id()) != $passcheck) { - MSGError('Admin password is incorrect'); - } else { - if ($_POST["passwordn1"] == $_POST["passwordn2"]) { - $param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]),$a['userpassword']); - if($param['user'] != 1000) - DBNewUser($param); - } - else MSGError ("Passwords don't match."); - } - ForceLoad("user.php"); -} -else if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["importfile"]["name"]!="") { - if ($_POST["confirmation"] == "confirm") { - $type=myhtmlspecialchars($_FILES["importfile"]["type"]); - $size=myhtmlspecialchars($_FILES["importfile"]["size"]); - $name=myhtmlspecialchars($_FILES["importfile"]["name"]); - $temp=myhtmlspecialchars($_FILES["importfile"]["tmp_name"]); - if (!is_uploaded_file($temp)) { - IntrusionNotify("file upload problem."); - ForceLoad("../index.php"); - } - - if (($ar = file($temp)) === false) { - IntrusionNotify("Unable to open the uploaded file."); - ForceLoad("user.php"); - } - $userlist=array(); - if(strtolower(substr($name,-4))==".tsv") { - for ($i=0; $i < count($ar) && strpos($ar[$i], "File_Version\t1") === false; $i++) ; - if($i >= count($ar)) MSGError('File format not recognized'); - $oklines=0; - for ($i++; $i < count($ar); $i++) { - $x = explode("\t",trim($ar[$i])); - if(count($x)==7) { - $param['site']=trim($x[2]); - $param['username']=trim($x[1]); - $param['usericpcid']=trim($x[1]); - $param['usernumber']=trim($x[1]); - if(trim($x[5])!='') - $param['userfull']=trim($x[3]) . ' - ' . trim($x[5]); - else - $param['userfull']=trim($x[3]); - $param['userdesc']=trim($x[4]); - $param['type']='team'; - $param['enabled']='t'; - $param['multilogin']='f'; - $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); - $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); - - $param['contest']=$_SESSION["usertable"]["contestnumber"]; - if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) - if($param['usernumber'] != 1000 && DBNewUser($param)) { - $oklines++; - } else { - unset($userlist[$param['site'] . '-' . $param['usernumber']]); - break; - } - } - } - MSGError($oklines . ' users included/updated successfully'); - } else if(strtolower(substr($name,-4))==".tab") { - $oklines=0; - for ($i=0; $i<count($ar); $i++) { - $x = explode("\t",trim($ar[$i])); - if(count($x)==9) { - $param=array(); - $param['site']=trim($x[1]); - $param['username']=trim($x[0]); - $param['usericpcid']=trim($x[0]); - $param['usernumber']=trim($x[0]); - if(trim($x[5])!='') - $param['userfull']=trim($x[3]) . ' - ' . trim($x[5]); - else - $param['userfull']=trim($x[3]); - $param['userdesc']=trim($x[4]); - $param['type']='team'; - $param['enabled']='t'; - $param['multilogin']='f'; - $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); - $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); - $param['contest']=$_SESSION["usertable"]["contestnumber"]; - if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) - if($param['usernumber'] != 1000 && DBNewUser($param)) { - $oklines++; - } else { - unset($userlist[$param['site'] . '-' . $param['usernumber']]); - break; - } - } - } - MSGError($oklines . ' users included/updated successfully'); - } else { - for ($i=0; $i < count($ar) && strpos($ar[$i], "[user]") === false; $i++) ; - if($i >= count($ar)) MSGError('File format not recognized'); - for ($i++; $i < count($ar) && $ar[$i][0] != "["; $i++) { - $x = trim($ar[$i]); - if (strpos($x, "user") !== false && strpos($x, "user") == 0) { - $param = array(); - while (strpos($x, "user") !== false && strpos($x, "user") == 0) { - $tmp = explode ("=", $x, 2); - switch (trim($tmp[0])) { - case "usersitenumber": $param['site']=trim($tmp[1]); break; - case "username": $param['username']=trim($tmp[1]); break; - case "usericpcid": $param['usericpcid']=trim($tmp[1]); break; - case "usernumber": $param['usernumber']=trim($tmp[1]); break; - case "userfullname": $param['userfull']=trim($tmp[1]); break; - case "userdesc": $param['userdesc']=trim($tmp[1]); break; - case "usertype": $param['type']=trim($tmp[1]); break; - case "userenabled": $param['enabled']=trim($tmp[1]); break; - case "usermultilogin": $param['multilogin']=trim($tmp[1]); break; - case "userpassword": $param['pass']=myhash(trim($tmp[1])); break; - case "userip": $param['permitip']=trim($tmp[1]); break; - } - $i++; - if ($i>=count($ar)) break; - $x = trim($ar[$i]); - } - $param['contest']=$_SESSION["usertable"]["contestnumber"]; - if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) - if($param['usernumber'] != 1000) DBNewUser($param); - } - } - } - if(count($userlist) > 0) { -?> -<center> -<br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u><br><br> -<table border=1> - <tr> - <td nowrap><b>Site</b></td><td><b>User #</b></td> - <td><b>Password</b></td> - </tr> -<?php - foreach($userlist as $user => $pass) { - $x = explode('-',$user); - echo "<tr><td>" . $x[0] . "</td><td>" . $x[1] . "</td><td>$pass</td></tr>\n"; - } -?> -</table><br><br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u></center></body></html> -<?php - exit; - } - } - ForceLoad("user.php"); -} - -if($main) - $usr = DBAllUserInfo($_SESSION["usertable"]["contestnumber"]); -else - $usr = DBAllUserInfo($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usersitenumber"]); -?> - - <script language="javascript"> - function conf2(url) { - if (confirm("Are you sure?")) { - document.location=url; - } else { - document.location='user.php'; - } - } - </script> -<br> -<table width="100%" border=1> - <tr> - <td nowrap><b>User #</b></td> - <td><b>Site</b></td> - <td><b>Username</b></td> - <td><b>ICPC ID</b></td> - <td><b>Type</b></td> - <td><b>IP</b></td> - <td><b>LastLogin</b></td> - <td><b>LastLogout</b></td> - <td><b>Enabled</b></td> - <td><b>Multi</b></td> - <td><b>Fullname</b></td> - <td><b>Description</b></td> - </tr> -<?php -for ($i=0; $i < count($usr); $i++) { - echo " <tr>\n"; - if(($usr[$i]["usersitenumber"] == $_SESSION["usertable"]["usersitenumber"] || $main==true) && - //$usr[$i]["usertype"] != 'site' && - ($usr[$i]["usernumber"] != $_SESSION["usertable"]["usernumber"] || - $usr[$i]["usersitenumber"] != $_SESSION["usertable"]["usersitenumber"])) - echo " <td nowrap><a href=\"user.php?site=" . $usr[$i]["usersitenumber"] . "&user=" . - $usr[$i]["usernumber"] . "\">" . $usr[$i]["usernumber"] . "</a></td>\n"; - else - echo " <td nowrap>" . $usr[$i]["usernumber"] . "</td>\n"; - - echo " <td nowrap>" . $usr[$i]["usersitenumber"] . "</td>\n"; - echo " <td nowrap>" . $usr[$i]["username"] . " </td>\n"; - echo " <td nowrap>" . $usr[$i]["usericpcid"] . " </td>\n"; - echo " <td nowrap>" . $usr[$i]["usertype"] . " </td>\n"; - if ($usr[$i]["userpermitip"]!="") - echo " <td nowrap>" . $usr[$i]["userpermitip"] . "* </td>\n"; - else - echo " <td nowrap>" . $usr[$i]["userip"] . " </td>\n"; - if ($usr[$i]["userlastlogin"] < 1) - echo " <td nowrap>never</td>\n"; - else - echo " <td nowrap>" . dateconv($usr[$i]["userlastlogin"]) . "</td>\n"; - if ($usr[$i]["usersession"] != "") - echo " <td nowrap><a href=\"javascript: conf2('user.php?logout=1&site=" . $usr[$i]["usersitenumber"] . "&user=" . - $usr[$i]["usernumber"] . "')\">Force Logout</a></td>\n"; - else { - if ($usr[$i]["userlastlogout"] < 1) - echo " <td nowrap>never</td>\n"; - else - echo " <td nowrap>" . dateconv($usr[$i]["userlastlogout"]) . "</td>\n"; - } - if ($usr[$i]["userenabled"] == "t") - echo " <td nowrap>Yes</td>\n"; - else - echo " <td nowrap>No</td>\n"; - if ($usr[$i]["usermultilogin"] == "t") - echo " <td nowrap>Yes</td>\n"; - else - echo " <td nowrap>No</td>\n"; - echo " <td nowrap>" . $usr[$i]["userfullname"] . " </td>\n"; - echo " <td nowrap>" . $usr[$i]["userdesc"] . " </td>\n"; - echo "</tr>"; -} -echo "</table>\n"; - -unset($u); -if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"])) - $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_GET["site"], $_GET["user"]); - -?> -<script language="JavaScript" src="../sha256.js"></script> -<script language="JavaScript" src="../hex.js"></script> -<script language="JavaScript"> -function computeHASH() -{ - document.form3.passwordn1.value = bighexsoma(js_myhash(document.form3.passwordn1.value),js_myhash(document.form3.passwordo.value)); - document.form3.passwordn2.value = bighexsoma(js_myhash(document.form3.passwordn2.value),js_myhash(document.form3.passwordo.value)); - document.form3.passwordo.value = js_myhash(js_myhash(document.form3.passwordo.value)+'<?php echo session_id(); ?>'); -// document.form3.passwordn1.value = js_myhash(document.form3.passwordn1.value); -// document.form3.passwordn2.value = js_myhash(document.form3.passwordn2.value); -} -</script> - -<br><br><center><b>Clicking on a user number will bring the user data for edition.<br> -To import the users, just fill in the import file field.<br> -The file must be in the format defined in the admin's manual.</b></center> - -<form name="form1" enctype="multipart/form-data" method="post" action="user.php"> - <input type=hidden name="confirmation" value="noconfirm" /> - <center> - <table border="0"> - <tr> - <td width="25%" align=right>Import file:</td> - <td width="75%"> - <input type="file" name="importfile" size="40"> - </td> - </tr> - </table> - </center> - <script language="javascript"> - function conf() { - if (confirm("Confirm?")) { - document.form1.confirmation.value='confirm'; - } - } - </script> - <center> - <input type="submit" name="Submit" value="Import" onClick="conf()"> - <input type="reset" name="Submit2" value="Clear"> - </center> -</form> - - <br><br> - <center> -<b>To create/edit one user, enter the data below.<br> -Note that any changes will overwrite the already defined data.<br> -(Specially care if you use a user number that is already existent.)<br> -<br> -</b> - <table border="0"> -<form name="form3" action="user.php" method="post"> - <input type=hidden name="confirmation" value="noconfirm" /> - <script language="javascript"> - function conf3() { - computeHASH(); - if (confirm("Confirm?")) { - document.form3.confirmation.value='confirm'; - } - } -<?php -if (isset($u)) { - echo " function conf4() {\n"; - echo " if (confirm('Confirm the deletion?')) {\n"; - echo " document.form3.confirmation.value='delete';\n"; - echo " }\n"; - echo " }\n"; - $usite = $u['usersitenumber']; -} else - $usite = $ct['contestlocalsite']; -?> - function conf5() { - document.form3.confirmation.value='noconfirm'; - } - </script> - <center> - <table border="0"> - <tr> - <td width="35%" align=right>User Site Number:</td> - <td width="65%"> - <input type="text" name="usersitenumber" <?php if(!$main) echo "readonly "; echo "value=\"" . $usite . "\""; ?> size="20" maxlength="20" /> - </td> - </tr> - <tr> - <td width="35%" align=right>User Number:</td> - <td width="65%"> - <input type="text" name="usernumber" value="<?php if(isset($u)) echo $u["usernumber"]; ?>" size="20" maxlength="20" /> - </td> - </tr> - <tr> - <td width="35%" align=right>Username:</td> - <td width="65%"> - <input type="text" name="username" value="<?php if(isset($u)) echo $u["username"]; ?>" size="20" maxlength="20" /> - </td> - </tr> - <tr> - <td width="35%" align=right>ICPC ID:</td> - <td width="65%"> - <input type="text" name="usericpcid" value="<?php if(isset($u)) echo $u["usericpcid"]; ?>" size="20" maxlength="50" /> - </td> - </tr> - <tr> - <td width="35%" align=right>Type:</td> - <td width="65%"> - <select name="usertype"> - <option <?php if(!isset($u) || $u["usertype"] == "team") echo "selected"; ?> value="team">Team</option> - <option <?php if(isset($u)) if($u["usertype"] == "judge") echo "selected"; ?> value="judge">Judge</option> - <option <?php if(isset($u)) if($u["usertype"] == "admin") echo "selected"; ?> value="admin">Admin</option> - <option <?php if(isset($u)) if($u["usertype"] == "staff") echo "selected"; ?> value="staff">Staff</option> - <option <?php if(isset($u)) if($u["usertype"] == "score") echo "selected"; ?> value="score">Score</option> - <?php if(1 || $main) { ?> - <option <?php if(isset($u)) if($u["usertype"] == "site") echo "selected"; ?> value="site">Site</option> - <?php } ?> - </select> - </td> - </tr> - <tr> - <td width="35%" align=right>Enabled:</td> - <td width="65%"> - <select name="userenabled"> - <option <?php if(!isset($u) || $u["userenabled"] != "f") echo "selected"; ?> value="t">Yes</option> - <option <?php if(isset($u) && $u["userenabled"] == "f") echo "selected"; ?> value="f">No</option> - </select> - </td> - </tr> - <tr> - <td width="35%" align=right>MultiLogins (local teams should be set to <b>No</b>):</td> - <td width="65%"> - <select name="usermultilogin"> - <option <?php if(isset($u) && $u["usermultilogin"] == "t") echo "selected"; ?> value="t">Yes</option> - <option <?php if(!isset($u) || $u["usermultilogin"] != "t") echo "selected"; ?> value="f">No</option> - </select> - </td> - </tr> - <tr> - <td width="35%" align=right>User Full Name:</td> - <td width="65%"> - <input type="text" name="userfullname" value="<?php if(isset($u)) echo $u["userfullname"]; ?>" size="50" maxlength="200" /> - </td> - </tr> - <tr> - <td width="35%" align=right>User Description:</td> - <td width="65%"> - <input type="text" name="userdesc" value="<?php if(isset($u)) echo $u["userdesc"]; ?>" size="50" maxlength="300" /> - </td> - </tr> - <tr> - <td width="35%" align=right>User IP:</td> - <td width="65%"> - <input type="text" name="userip" value="<?php if(isset($u)) echo $u["userpermitip"]; ?>" size="20" maxlength="20" /> - </td> - </tr> - <tr> - <td width="35%" align=right>Password:</td> - <td width="65%"> - <input type="password" name="passwordn1" value="" size="20" maxlength="200" /> - </td> - </tr> - <tr> - <td width="35%" align=right>Retype Password:</td> - <td width="65%"> - <input type="password" name="passwordn2" value="" size="20" maxlength="200" /> - </td> - </tr> - <tr> - <td width="35%" align=right>Admin (this user) Password:</td> - <td width="65%"> - <input type="password" name="passwordo" value="" size="20" maxlength="200" /> - </td> - </tr> - </table> - </center> - <center> - <input type="submit" name="Submit" value="Send" onClick="conf3()"> -<?php if(isset($u)) { ?> - <input type="submit" name="Delete" value="Delete" onClick="conf4()"> -<?php } ?> - <input type="submit" name="Cancel" value="Cancel" onClick="conf5()"> -<?php if(isset($u)) { ?> -<br><br><b>WARNING: deleting a user will completely remove EVERYTHING related to it (including runs, clarifications, etc).<b><br> -<?php } ?> - </center> -</form> - -</body> -</html> |