From 158eefabd93d51a7bd95b7651743182d817ee00a Mon Sep 17 00:00:00 2001
From: cassiopc <cassiopc@gmail.com>
Date: Mon, 2 Sep 2013 18:17:26 +0200
Subject: bug fixes to score sync

---
 src/fextdata.php     | 62 +++++++++++++++++++++++++++++++++-------------------
 src/flog.php         |  2 +-
 src/index.php        |  9 ++++----
 src/scoretable.php   |  8 +++----
 src/site/putfile.php |  4 ++--
 5 files changed, 51 insertions(+), 34 deletions(-)

diff --git a/src/fextdata.php b/src/fextdata.php
index 48fed5b..2a9f22e 100644
--- a/src/fextdata.php
+++ b/src/fextdata.php
@@ -33,12 +33,22 @@ function scoretransfer($putname) {
 		$urldiv='/';
 		if(substr($siteurl,strlen($siteurl)-1,1) == '/')
 			$urldiv = '';
-
-		$sess = file_get_contents($siteurl . $urldiv . "index.php?getsessionid=1");
-		$user = $sitedata[1];
-		$res = myhash( myhash ($sitedata[2]) . $id);
-		$ok = file_get_contents($siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer");
-		if($ok == 'OK') {
+//		LOGError("url=" .$siteurl . $urldiv . "index.php?getsessionid=1");
+		$sess = @file_get_contents($siteurl . $urldiv . "index.php?getsessionid=1");
+//		LOGError("sess=$sess pass=" . trim($sitedata[2]) . " hash=" .  myhash(trim($sitedata[2])));
+		$user = trim($sitedata[1]);
+		$res = myhash( myhash (trim($sitedata[2])) . $sess);
+//		LOGError("url=" . $siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer");
+		$opts = array(
+			'http' => array(
+				'method' => 'GET',
+				'header' => 'Cookie: PHPSESSID=' . $sess
+				)
+			);
+		$context = stream_context_create($opts);
+		$ok = @file_get_contents($siteurl . $urldiv . "index.php?name=${user}&password=${res}&action=scoretransfer", 0, $context);
+//		LOGError("ok=" . $ok);
+		if(substr($ok,strlen($ok)-strlen('SCORETRANSFER OK'),strlen('SCORETRANSFER OK')) == 'SCORETRANSFER OK') {
 			$opts = array(
 				'http' => array(
 					'method' => 'GET',
@@ -46,23 +56,31 @@ function scoretransfer($putname) {
 					)
 				);
 			$context = stream_context_create($opts);
-			$res = file_get_contents($siteurl . $urldiv . "scoretable.php?remote=-42", 0, $context);
-			$zip = new ZipArchive;
-			if ($zip->open($privatedir . $ds . $run["inputname"]) === true) {
-				@mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp');
-				cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp');
-				@mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp');	
-				$zip->extractTo($privatedir . $ds . 'remotescores' . $ds . 'tmp');
-				foreach(glob($privatedir . $ds . 'remotescores' . $ds . 'tmp' . $ds . '*.dat') as $file) {
-					@chown($file,"www-data");
-					@chmod($file,0660);
-					@rename($file, $privatedir . $ds . 'remotescores' . $ds . basename($file));
+			$res = @file_get_contents($siteurl . $urldiv . "scoretable.php?remote=-42", 0, $context);
+			@file_put_contents($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip', $res);
+			if(is_readable($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip')) {
+				$zip = new ZipArchive;
+				if ($zip->open($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip') === true) {
+					cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp');
+					@mkdir($privatedir . $ds . 'remotescores' . $ds . 'tmp');	
+					$zip->extractTo($privatedir . $ds . 'remotescores' . $ds . 'tmp');
+					foreach(glob($privatedir . $ds . 'remotescores' . $ds . 'tmp' . $ds . '*.dat') as $file) {
+						@chown($file,"www-data");
+						@chmod($file,0660);
+						@rename($file, $privatedir . $ds . 'remotescores' . $ds . basename($file));
+					}
+					$zip->close();
+					LOGError("scoretransfer: download OK");
+				} else {
+					LOGError("scoretransfer: download failed (2)");
 				}
-				$zip->close();
+				cleardir($privatedir . $ds . 'remotescores' . $ds . 'tmp');
+				@unlink($privatedir . $ds . 'remotescores' . $ds . 'tmp.zip');
+			} else {
+				LOGError("scoretransfer: download failed (3)");
 			}
-			LOGError("scoretransfer: download OK");
 		} else {
-			LOGError("scoretransfer: download failed");
+			LOGError("scoretransfer: download failed (1)");
 		}
 
 		if(is_readable($putname)) {
@@ -77,10 +95,10 @@ function scoretransfer($putname) {
 					));
 			$context = stream_context_create($opts);
 			$s = @file_get_contents($siteurl . $urldiv . "site/putfile.php", 0, $context);
-			if(strpos($s,'FAILED') === false)
+			if(strpos($s,'SCORE UPLOADED OK') !== false)
 				LOGError("scoretransfer: upload OK");
 			else
-				LOGError("scoretransfer: upload failed");
+				LOGError("scoretransfer: upload failed (" . $s . ")");
 		}
 		break;
 	}
diff --git a/src/flog.php b/src/flog.php
index e52e167..5eea441 100644
--- a/src/flog.php
+++ b/src/flog.php
@@ -141,7 +141,7 @@ function DBLogInContest($name,$pass,$contest,$msg=true) {
 		unset($_SESSION["usertable"]);
 		return false;
 	}
-	if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge") {
+	if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
 		LOGLevel("User $name tried to login contest $contest but logins are denied.",2);
 		if($msg) MSGError("Logins are not allowed.");
 		unset($_SESSION["usertable"]);
diff --git a/src/index.php b/src/index.php
index 8ffdcd8..642e7a0 100644
--- a/src/index.php
+++ b/src/index.php
@@ -45,14 +45,13 @@ if (!isset($_GET["name"])) {
 	$_SESSION["locr"] = dirname(__FILE__);
 	if($_SESSION["locr"]=="/") $_SESSION["locr"] = "";
 }
-ob_end_flush();
-
-require_once('version.php');
-
 if(isset($_GET["getsessionid"])) {
 	echo session_id();
 	exit;
 }
+ob_end_flush();
+
+require_once('version.php');
 
 ?>
 <title>BOCA Online Contest Administrator <?php echo $BOCAVERSION; ?> - Login</title>
@@ -85,7 +84,7 @@ if(function_exists("globalconf") && function_exists("sanitizeVariables")) {
 			ForceLoad("index.php");
 		if($ct["contestlocalsite"]==$ct["contestmainsite"]) $main=true; else $main=false;
 		if(isset($_GET['action']) && $_GET['action'] == 'scoretransfer') {
-			echo "OK";
+			echo "SCORETRANSFER OK";
 		} else {
 			if($main && $_SESSION["usertable"]["usertype"] == 'site') {
 				MSGError('Direct login of this user is not allowed');
diff --git a/src/scoretable.php b/src/scoretable.php
index b63754e..2ed3df7 100644
--- a/src/scoretable.php
+++ b/src/scoretable.php
@@ -64,7 +64,7 @@ if(isset($_GET['remote']) && is_numeric($_GET['remote'])) {
 		IntrusionNotify("scoretable1");
         ForceLoad("index.php");
 	}
-	if(!isset($_SESSION['usertable']['usertype']) || $_SESSION["usertable"]["usertype"] != "score") {
+	if(!isset($_SESSION['usertable']['usertype']) || ($_SESSION["usertable"]["usertype"] != "score" && $_SESSION["usertable"]["usertype"] != "site")) {
 		IntrusionNotify("scoretable2");
         ForceLoad("index.php");
 	}
@@ -115,7 +115,7 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty
 		}
 		$ct=DBGetActiveContest();
 		$localsite=$ct['contestlocalsite'];
-		$fname = $privatedir . $ds . "score_localsite_" . $localsite . "_"; // . md5($_SERVER['HTTP_HOST']);
+		$fname = $privatedir . $ds . "score_localsite_" . $localsite . "_x"; // . md5($_SERVER['HTTP_HOST']);
 		@file_put_contents($fname . ".tmp",base64_encode(serialize($data0)));
 		@rename($fname . ".tmp",$fname . ".dat");
 
@@ -126,9 +126,10 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty
 		}
 		$ct=DBGetActiveContest();
 		$localsite=$ct['contestlocalsite'];
-		$fname = $remotedir . $ds . "score_site" . $localsite . "_" . $localsite . "_"; // . md5($_SERVER['HTTP_HOST']);
+		$fname = $remotedir . $ds . "score_site" . $localsite . "_" . $localsite . "_x"; // . md5($_SERVER['HTTP_HOST']);
 		@file_put_contents($fname . ".tmp",base64_encode(serialize($data0)));
 		@rename($fname . ".tmp",$fname . ".dat");
+		scoretransfer($fname . ".dat");
 		
 		if(@create_zip($remotedir,glob($remotedir . '/*.dat'),$fname . ".tmp") != 1) {
 			LOGError("Cannot create score zip file");
@@ -137,7 +138,6 @@ if($_SESSION["usertable"]["usertype"]=='score' || $_SESSION["usertable"]["userty
 		} else {
 			@rename($fname . ".tmp",$destination);
 		}
-		scoretransfer($destination);
 	}
 	}
 }
diff --git a/src/site/putfile.php b/src/site/putfile.php
index 6273711..761b50c 100644
--- a/src/site/putfile.php
+++ b/src/site/putfile.php
@@ -168,7 +168,7 @@ if(is_writable($_SESSION["locr"] . $remotedir)) {
 		$total=base64_encode(serialize($arr));
 	}
 
-	$fn = tempnam($_SESSION["locr"] . $remotedir,"score_");
+	$fn = tempnam($_SESSION["locr"] . $remotedir,"tmp_");
 	$fout = fopen($fn,"wb");
 	fwrite($fout,$total,10000000);
 	fclose($fout);
@@ -181,7 +181,7 @@ if(is_writable($_SESSION["locr"] . $remotedir)) {
 	} else {
 
 		if(@rename($fn, $_SESSION["locr"] . $remotedir . $ds . "score_" . $_SESSION["usertable"]["username"] . 
-				   "_" . $_SESSION["usertable"]["usericpcid"] . "_" //. md5(getIP()) 
+				   "_" . $_SESSION["usertable"]["usericpcid"] . "_x" //. md5(getIP()) 
 				   . ".dat"))
 			echo "SCORE UPLOADED OK\n";
 		else
-- 
cgit v1.2.3