diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/fextdata.php | 62 | ||||
| -rw-r--r-- | src/flog.php | 2 | ||||
| -rw-r--r-- | src/index.php | 9 | ||||
| -rw-r--r-- | src/scoretable.php | 8 | ||||
| -rw-r--r-- | src/site/putfile.php | 4 |
5 files changed, 51 insertions, 34 deletions
diff --git a/src/fextdata.php b/src/fextdata.php index 48fed5b..2a9f22e 100644 --- a/src/fextdata.php +++ b/src/fextdata.php @@ -33,12 +33,22 @@ function scoretransfer($putname) { $urldiv='/'; if(substr($siteurl,strlen($siteurl)-1,1) == '/') $urldiv = ''; - - $sess = file_get_contents($siteurl . $urldiv . "index.php?getsessionid=1"); - $user = $sitedata[1]; - $res = myhash( myhash ($sitedata[2]) . $id); - $ok = file_get_contents($siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer"); - if($ok == 'OK') { +// LOGError("url=" .$siteurl . $urldiv . "index.php?getsessionid=1"); + $sess = @file_get_contents($siteurl . $urldiv . "index.php?getsessionid=1"); +// LOGError("sess=$sess pass=" . trim($sitedata[2]) . " hash=" . myhash(trim($sitedata[2]))); + $user = trim($sitedata[1]); + $res = myhash( myhash (trim($sitedata[2])) . $sess); +// LOGError("url=" . $siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer"); + $opts = array( + 'http' => array( + 'method' => 'GET', + 'header' => 'Cookie: PHPSESSID=' . $sess + ) + ); + $context = stream_context_create($opts); + $ok = @file_get_contents($siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer", 0, $context); +// LOGError("ok=" . $ok); + if(substr($ok,strlen($ok)-strlen('SCORETRANSFER OK'),strlen('SCORETRANSFER OK')) == 'SCORETRANSFER OK') { $opts = array( 'http' => array( 'method' => 'GET', @@ -46,23 +56,31 @@ function scoretransfer($putname) { ) ); $context = stream_context_create($opts); - $res = file_get_contents($siteurl . $urldiv . "scoretable.php?remote=-42", 0, $context); - $zip = new ZipArchive; - if ($zip->open($privatedir . $ds . $run["inputname"]) === true) { - @mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); - cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); - @mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); - $zip->extractTo($privatedir . $ds . 'remotescores' . $ds . 'tmp'); - foreach(glob($privatedir . $ds . 'remotescores' . $ds . 'tmp' . $ds . '*.dat') as $file) { - @chown($file,"www-data"); - @chmod($file,0660); - @rename($file, $privatedir . $ds . 'remotescores' . $ds . basename($file)); + $res = @file_get_contents($siteurl . $urldiv . "scoretable.php?remote=-42", 0, $context); + @file_put_contents($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip', $res); + if(is_readable($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip')) { + $zip = new ZipArchive; + if ($zip->open($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip') === true) { + cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); + @mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); + $zip->extractTo($privatedir . $ds . 'remotescores' . $ds . 'tmp'); + foreach(glob($privatedir . $ds . 'remotescores' . $ds . 'tmp' . $ds . '*.dat') as $file) { + @chown($file,"www-data"); + @chmod($file,0660); + @rename($file, $privatedir . $ds . 'remotescores' . $ds . basename($file)); + } + $zip->close(); + LOGError("scoretransfer: download OK"); + } else { + LOGError("scoretransfer: download failed (2)"); } - $zip->close(); + cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp'); + @unlink($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip'); + } else { + LOGError("scoretransfer: download failed (3)"); } - LOGError("scoretransfer: download OK"); } else { - LOGError("scoretransfer: download failed"); + LOGError("scoretransfer: download failed (1)"); } if(is_readable($putname)) { @@ -77,10 +95,10 @@ function scoretransfer($putname) { )); $context = stream_context_create($opts); $s = @file_get_contents($siteurl . $urldiv . "site/putfile.php", 0, $context); - if(strpos($s,'FAILED') === false) + if(strpos($s,'SCORE UPLOADED OK') !== false) LOGError("scoretransfer: upload OK"); else - LOGError("scoretransfer: upload failed"); + LOGError("scoretransfer: upload failed (" . $s . ")"); } break; } diff --git a/src/flog.php b/src/flog.php index e52e167..5eea441 100644 --- a/src/flog.php +++ b/src/flog.php @@ -141,7 +141,7 @@ function DBLogInContest($name,$pass,$contest,$msg=true) { unset($_SESSION["usertable"]); return false; } - if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge") { + if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User $name tried to login contest $contest but logins are denied.",2); if($msg) MSGError("Logins are not allowed."); unset($_SESSION["usertable"]); diff --git a/src/index.php b/src/index.php index 8ffdcd8..642e7a0 100644 --- a/src/index.php +++ b/src/index.php @@ -45,14 +45,13 @@ if (!isset($_GET["name"])) { $_SESSION["locr"] = dirname(__FILE__); if($_SESSION["locr"]=="/") $_SESSION["locr"] = ""; } -ob_end_flush(); - -require_once('version.php'); - if(isset($_GET["getsessionid"])) { echo session_id(); exit; } +ob_end_flush(); + +require_once('version.php'); ?> <title>BOCA Online Contest Administrator <?php echo $BOCAVERSION; ?> - Login</title> @@ -85,7 +84,7 @@ if(function_exists("globalconf") && function_exists("sanitizeVariables")) { ForceLoad("index.php"); if($ct["contestlocalsite"]==$ct["contestmainsite"]) $main=true; else $main=false; if(isset($_GET['action']) && $_GET['action'] == 'scoretransfer') { - echo "OK"; + echo "SCORETRANSFER OK"; } else { if($main && $_SESSION["usertable"]["usertype"] == 'site') { MSGError('Direct login of this user is not allowed'); diff --git a/src/scoretable.php b/src/scoretable.php index b63754e..2ed3df7 100644 --- a/src/scoretable.php +++ b/src/scoretable.php @@ -64,7 +64,7 @@ if(isset($_GET['remote']) && is_numeric($_GET['remote'])) { IntrusionNotify("scoretable1"); ForceLoad("index.php"); } - if(!isset($_SESSION['usertable']['usertype']) || $_SESSION["usertable"]["usertype"] != "score") { + if(!isset($_SESSION['usertable']['usertype']) || ($_SESSION["usertable"]["usertype"] != "score" && $_SESSION["usertable"]["usertype"] != "site")) { IntrusionNotify("scoretable2"); ForceLoad("index.php"); } @@ -115,7 +115,7 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty } $ct=DBGetActiveContest(); $localsite=$ct['contestlocalsite']; - $fname = $privatedir . $ds . "score_localsite_" . $localsite . "_"; // . md5($_SERVER['HTTP_HOST']); + $fname = $privatedir . $ds . "score_localsite_" . $localsite . "_x"; // . md5($_SERVER['HTTP_HOST']); @file_put_contents($fname . ".tmp",base64_encode(serialize($data0))); @rename($fname . ".tmp",$fname . ".dat"); @@ -126,9 +126,10 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty } $ct=DBGetActiveContest(); $localsite=$ct['contestlocalsite']; - $fname = $remotedir . $ds . "score_site" . $localsite . "_" . $localsite . "_"; // . md5($_SERVER['HTTP_HOST']); + $fname = $remotedir . $ds . "score_site" . $localsite . "_" . $localsite . "_x"; // . md5($_SERVER['HTTP_HOST']); @file_put_contents($fname . ".tmp",base64_encode(serialize($data0))); @rename($fname . ".tmp",$fname . ".dat"); + scoretransfer($fname . ".dat"); if(@create_zip($remotedir,glob($remotedir . '/*.dat'),$fname . ".tmp") != 1) { LOGError("Cannot create score zip file"); @@ -137,7 +138,6 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty } else { @rename($fname . ".tmp",$destination); } - scoretransfer($destination); } } } diff --git a/src/site/putfile.php b/src/site/putfile.php index 6273711..761b50c 100644 --- a/src/site/putfile.php +++ b/src/site/putfile.php @@ -168,7 +168,7 @@ if(is_writable($_SESSION["locr"] . $remotedir)) { $total=base64_encode(serialize($arr)); } - $fn = tempnam($_SESSION["locr"] . $remotedir,"score_"); + $fn = tempnam($_SESSION["locr"] . $remotedir,"tmp_"); $fout = fopen($fn,"wb"); fwrite($fout,$total,10000000); fclose($fout); @@ -181,7 +181,7 @@ if(is_writable($_SESSION["locr"] . $remotedir)) { } else { if(@rename($fn, $_SESSION["locr"] . $remotedir . $ds . "score_" . $_SESSION["usertable"]["username"] . - "_" . $_SESSION["usertable"]["usericpcid"] . "_" //. md5(getIP()) + "_" . $_SESSION["usertable"]["usericpcid"] . "_x" //. md5(getIP()) . ".dat")) echo "SCORE UPLOADED OK\n"; else |