diff options
Diffstat (limited to 'src/flog.php')
| -rw-r--r-- | src/flog.php | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/flog.php b/src/flog.php index ed5afbd..0134b1c 100644 --- a/src/flog.php +++ b/src/flog.php @@ -156,6 +156,37 @@ function DBLogInContest($name,$pass,$contest,$msg=true) { unset($_SESSION["usertable"]); return false; } + + if(!ctype_alnum($name)) { + LOGLevel("User $name tried to log in contest $contest but username is not alphanum.",2); + if($msg) MSGError("Username must be alpha numeric."); + unset($_SESSION["usertable"]); + return false; + } + $ccode = explode(' ',trim($_SERVER['HTTP_USER_AGENT']),100); + $ccode = $ccode[count($ccode)-1]; + $ds = DIRECTORY_SEPARATOR; + if($ds=="") $ds = "/"; + $dircode=$_SESSION["locr"] . $ds . "private" . $ds . "agentcode"; + @mkdir($dircode); + $dircode .= $ds . $contest . '-' . $name; + if(@file_exists($dircode)) { + if(($prevuser = @file_get_contents($dircode)) === false) { + LOGLevel("User $name tried to log in contest $contest but computer file cannot be read.",2); + if($msg) MSGError("Invalid computer (2)."); + unset($_SESSION["usertable"]); + return false; + } + if($prevuser != $ccode) { + LOGLevel("User $name tried to log in contest $contest but computer is invalid.",2); + if($msg) MSGError("Invalid computer (3)."); + unset($_SESSION["usertable"]); + return false; + } + } else { + @file_put_contents($dircode, $ccode); + } + $gip=getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User $name is using two different IPs: " . $a["userip"] . |