From af925fb218e7a333759eb49c667bfb22eb71196d Mon Sep 17 00:00:00 2001
From: Cassio de Campos <cassiopc@gmail.com>
Date: Fri, 4 Aug 2017 14:20:51 +0100
Subject: bug fixes

---
 old/.htaccess                         |   1 +
 src/admin/problem.php                 |   2 +-
 src/admin/report/stat.php             |   4 +-
 src/admin/user.php                    |   2 +-
 src/flog.php                          |   2 +-
 src/freport.php                       |   4 +
 src/frun.php                          |   9 ++-
 src/fscore.php                        |  20 +++++
 src/globals.php                       |  13 +++-
 src/private/autojudging.php           |  21 ++++--
 src/private/remotescores/otherservers |   1 +
 src/scoretable.php                    |  14 ++--
 src/staff/header.php                  |   6 ++
 src/staff/task.php                    |   5 +-
 src/team/run.php                      | 136 ++++++++++++++++++++++++++--------
 15 files changed, 184 insertions(+), 56 deletions(-)
 create mode 100644 old/.htaccess

diff --git a/old/.htaccess b/old/.htaccess
new file mode 100644
index 0000000..3a42882
--- /dev/null
+++ b/old/.htaccess
@@ -0,0 +1 @@
+Deny from all
diff --git a/src/admin/problem.php b/src/admin/problem.php
index 4228d05..d0ed636 100644
--- a/src/admin/problem.php
+++ b/src/admin/problem.php
@@ -16,7 +16,7 @@
 //    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ////////////////////////////////////////////////////////////////////////////////
 // Last modified 08/aug/2015 by cassio@ime.usp.br
-if ($_POST["confirmation"] != "confirm")
+if (!isset($_POST["confirmation"]) || $_POST["confirmation"] != "confirm")
 	unset($_POST['noflush']);
 
 require('header.php');
diff --git a/src/admin/report/stat.php b/src/admin/report/stat.php
index 1abfa71..8a706e4 100644
--- a/src/admin/report/stat.php
+++ b/src/admin/report/stat.php
@@ -300,7 +300,7 @@ while (list($keya, $val) = each($d['timestamp'])) {
 $str="Runs by Time Period" . chr(1) . $m;
 $atual=0;
 for($pos=0; $pos<$vezes; $pos++) {
-  if($res[$pos]=="") $res[$pos] = 0;
+  if(!isset($res[$pos]) || $res[$pos]=="") $res[$pos] = 0;
   $q = (int) ($atual/60);
   $atual += $passo;
   $qq = (int) ($atual/60);
@@ -330,7 +330,7 @@ while (list($keya, $val) = each($d['timestampyes'])) {
 $str="Accepted Runs by Time Period" . chr(1) . $m;
 $atual=0;
 for($pos=0; $pos<$vezes; $pos++) {
-  if($res[$pos]=="") $res[$pos] = 0;
+  if(!isset($res[$pos]) || $res[$pos]=="") $res[$pos] = 0;
   $q = (int) ($atual/60);
   $atual += $passo;
   $qq = (int) ($atual/60);
diff --git a/src/admin/user.php b/src/admin/user.php
index 0e15e9a..9085e45 100644
--- a/src/admin/user.php
+++ b/src/admin/user.php
@@ -410,7 +410,7 @@ if (isset($u)) {
 		<option <?php if(isset($u)) if($u["usertype"] == "admin") echo "selected"; ?> value="admin">Admin</option>
 		<option <?php if(isset($u)) if($u["usertype"] == "staff") echo "selected"; ?> value="staff">Staff</option>
 		<option <?php if(isset($u)) if($u["usertype"] == "score") echo "selected"; ?> value="score">Score</option>
-		<?php if($main) { ?>
+		<?php if(1 || $main) { ?>
         <option <?php if(isset($u)) if($u["usertype"] == "site") echo "selected"; ?> value="site">Site</option>
         <?php } ?>
 		</select>
diff --git a/src/flog.php b/src/flog.php
index 0024727..7227ed6 100644
--- a/src/flog.php
+++ b/src/flog.php
@@ -138,7 +138,7 @@ function DBLogInContest($name,$pass,$contest,$msg=true) {
 
 	$p = myhash($a["userpassword"] . session_id());
 	$_SESSION['usertable']['userpassword'] = $p;
-	if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
+	if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site" && $a["usertype"] != "staff") {
 		LOGLevel("User $name tried to login contest $contest but logins are denied.",2);
 		if($msg) MSGError("Logins are not allowed.");
 		unset($_SESSION["usertable"]);
diff --git a/src/freport.php b/src/freport.php
index 2cbef4c..cded59b 100644
--- a/src/freport.php
+++ b/src/freport.php
@@ -44,6 +44,8 @@ function DBRunReport($contest,$site) {
 	$n = DBnlines($r);
 	for ($i=0;$i<$n;$i++) {
 		$a = DBRow($r,$i);
+		//cassiopc: staff users should see only same site, so checking of teamYYYY and staffXXXX have YYYY=XXXX
+		if($_SESSION["usertable"]["usertype"] != "admin" && substr($a['name'],4,4) != substr($_SESSION["usertable"]["username"],5,4)) continue;
 		$xusername[$a['un']] = $a['name'];
 		$xuserfull[$a['name']] = $a['fullname'];
 	}
@@ -67,6 +69,8 @@ function DBRunReport($contest,$site) {
 
 	for ($i=0;$i<$n;$i++) {
 		$a = DBRow($r,$i);
+		//cassiopc: staff users should see only same site, so checking of teamYYYY and staffXXXX have YYYY=XXXX
+		if($_SESSION["usertable"]["usertype"] != "admin" && substr($a['user'],4,4) != substr($_SESSION["usertable"]["username"],5,4)) continue;
 		$xdados[$i] = $a;
 		// # of runs by team
 		if(isset($xuser[$a['user']]))
diff --git a/src/frun.php b/src/frun.php
index 359b395..34bfd83 100644
--- a/src/frun.php
+++ b/src/frun.php
@@ -481,7 +481,7 @@ function DBUpdateRunAutojudging($contest, $site, $number, $ip, $answer, $stdout,
 
 	$b = DBSiteInfo($contest, $site, $c);
 
-	if($b["siteautojudge"]!="t") {
+	if($b["siteautojudge"]!="t") { // && $retval != 1 && $retval != 6) { //cassiopc incluir automatic judging of some codes 1:YES WA:6
 		DBExec($c, "commit work", "DBUpdateRunAutojudging(commit)");
 		LOGLevel("Autojudging answered a run (run=$number, site=$site, contest=$contest, answer='$answer', retval=$retval)", 3);
 		return true;
@@ -753,7 +753,14 @@ function DBNewRun($param,$c=null) {
 			return 0;
 		}
 	} else {
+		$b = DBSiteInfo($contest, $site, $c);
 		$dif = $rundatediff;
+                if ($dif >= $b['siteduration']) {
+                        DBExec($c, "rollback work", "DBNewRun(rollback-over)");
+                        LOGError("Tried to submit a run but the contest is over. SQL=(" . $sql . ")");
+                        MSGError("The contest is over!");
+                        return 0;
+                }
 	}
 
 	if($updatetime > $t || $insert) {
diff --git a/src/fscore.php b/src/fscore.php
index d87f1bd..1e6dba0 100644
--- a/src/fscore.php
+++ b/src/fscore.php
@@ -157,6 +157,26 @@ function DBScore($contest, $verifylastmile, $hor=-1, $globalsite='0') {
 		}
 	      }
 	    }
+
+                                                if(true) {
+                                                $arrori = $arr;
+                                                reset($arrori);  //cassio cassiopc
+                                                $pname = array('A','B','C','D','E','F','G','H','I','J','K');
+                                                while(list($ee,$cc) = each($arrori)) {
+                                                  for($pi=0; $pi < 11; $pi++) unset($arr[$ee]['problem'][$pi+1]);
+                                                  reset($arrori[$ee]["problem"]);
+                                                  while(list($e2,$c2) = each($arrori[$ee]["problem"])) {
+                                                        for($pi=0; $pi < 11; $pi++)
+                                                          if(isset($arrori[$ee]['problem'][$e2]['name']) && trim($arrori[$ee]['problem'][$e2]['name']) == $pname[$pi]) break;
+                                                        if($pi < 11) {
+                                                          $arr[$ee]['problem'][$pi+1] = $arrori[$ee]['problem'][$e2];
+                                                        }
+                                                  }
+                                                }
+                                                }
+
+
+
 	    $resp = array_merge($resp, $arr);
 	  }
 	} else {
diff --git a/src/globals.php b/src/globals.php
index 1936ad1..ed04bd7 100755
--- a/src/globals.php
+++ b/src/globals.php
@@ -222,14 +222,19 @@ function IntrusionNotify($where) {
 function ValidSession() {
 	if (!isset($_SESSION["usertable"])) return(FALSE);
 	$gip = getIP();
-	if ($_SESSION["usertable"]["userip"] != $gip ||
-		$_SESSION["usertable"]["usersession"] != session_id()) return(FALSE);
+	// cassiopc: sites that use multiple IP addresses to go out create a serious problem to check IPs...
+//	if(substr($_SESSION["usertable"]["userip"],0,6) != '157.92') {
+//	if ($_SESSION["usertable"]["userip"] != $gip ||
+//		$_SESSION["usertable"]["usersession"] != session_id()) return(FALSE);
+  //      } else {
+	if($_SESSION["usertable"]["usersession"] != session_id()) return(FALSE);
+    //    }
 	if($_SESSION["usertable"]["usermultilogin"] == 't') return(TRUE);
 	
 	$tmp = DBUserInfo($_SESSION["usertable"]["contestnumber"], 
 					  $_SESSION["usertable"]["usersitenumber"], 
 					  $_SESSION["usertable"]["usernumber"]);
-	if ($tmp["userip"] != $gip) return(FALSE);
+	if ($tmp["userip"] != $gip) return(FALSE); //cassiopc: they may create a problem here too...
 	return(TRUE);
 }
 // grava erro no arquivo de log
@@ -350,7 +355,7 @@ function match_network ($nets, $ip) {
 
         $ip_arr   = explode('/', $net);
         $net_long = ip2long(trim($ip_arr[0]));
-		if(trim($ip_arr[1]) != '') {
+		if(count($ip_arr) > 1 && trim($ip_arr[1]) != '') {
 			$x        = ip2long(trim($ip_arr[1]));
 			$mask     = long2ip($x) == ((int) trim($ip_arr[1])) ? $x : 0xffffffff << (32 - ((int) trim($ip_arr[1])));
         } else { 
diff --git a/src/private/autojudging.php b/src/private/autojudging.php
index 2c5fdfc..5bd45cc 100755
--- a/src/private/autojudging.php
+++ b/src/private/autojudging.php
@@ -387,7 +387,7 @@ if($retval != 0) {
 		DBGiveUpRunAutojudging($contest, $site, $number, $ip, "warning: problem package has no input files");
 		continue;
 	} else {
-		$errp=0; $ncor=0;
+	  $errp=0; $ncor=0; $showcor=false;
 		foreach($inputlist as $file) {
 			$file = basename($file);
 			if(is_file($dir . $ds . "input" . $ds . $file)) {
@@ -484,28 +484,33 @@ if($retval != 0) {
 					if($localretval < 4 || $localretval > 6) {
 						// contact staff
 						$retval = 7;
-						$answer='(Contact staff)' . $answertmp . ' (' . $ncor . '/' . $ninputlist . ' OKs)';
+						$answer='(Contact staff)' . $answertmp;
+						if($showcor) $answertmp .= ' (' . $ncor . '/' . $ninputlist . ' OKs)';
 						break;
 					}
 					if($localretval == 6) {
 						$retval=$localretval;
-						$answer='(Wrong answer)'. $answertmp . ' (' . $ncor . '/' . $ninputlist . ' OKs)';
+						$answer='(Wrong answer)'. $answertmp;
+						if($showcor) $answertmp .= ' (' . $ncor . '/' . $ninputlist . ' OKs)';
 						break;
 					}
 					if($localretval == 5) {
 						$retval=$localretval;
-						$answer='(Presentation error)'. $answertmp . ' (' . $ncor . '/' . $ninputlist . ' OKs)';
+						$answer='(Presentation error)'. $answertmp;
+						if($showcor) $answertmp .= ' (' . $ncor . '/' . $ninputlist . ' OKs)';
 					} else {
 						if($localretval != 4) {
 							$retval = 7;
-							$answer='(Contact staff)' . $answertmp . ' (' . $ncor . '/' . $ninputlist . ' OKs)';
+							$answer='(Contact staff)' . $answertmp;
+							if($showcor) $answertmp .= ' (' . $ncor . '/' . $ninputlist . ' OKs)';
 							break;
 						}
 						$ncor++;
 						if($retval == 0 || $retval == 1) {
-							// YES!
-							$answer='(YES)' . $answertmp . ' (' . $ncor . '/' . $ninputlist . ' OKs)';
-							$retval = 1;
+						  // YES!
+						  $answer='(YES)' . $answertmp;
+						  if($showcor) $answertmp .= ' (' . $ncor . '/' . $ninputlist . ' OKs)';
+						  $retval = 1;
 						}
 					}
 				} else {
diff --git a/src/private/remotescores/otherservers b/src/private/remotescores/otherservers
index e69de29..1fa415c 100644
--- a/src/private/remotescores/otherservers
+++ b/src/private/remotescores/otherservers
@@ -0,0 +1 @@
+#http://bombonera.org/boca siteX password
diff --git a/src/scoretable.php b/src/scoretable.php
index e81b0d2..855b66c 100644
--- a/src/scoretable.php
+++ b/src/scoretable.php
@@ -78,10 +78,10 @@ if(!ValidSession()) {
 $loc = $_SESSION["loc"];
 if(!isset($detail)) $detail=true;
 if(!isset($final)) $final=false;
-$scoredelay["admin"] = 3;
-$scoredelay["score"] = 30;
-$scoredelay["team"] = 10;
-$scoredelay["judge"] = 5;
+$scoredelay["admin"] = 10;
+$scoredelay["score"] = 60;
+$scoredelay["team"] = 30;
+$scoredelay["judge"] = 20;
 $scoredelay["staff"] = 30;
 $actualdelay = 60;
 if(isset($scoredelay[$_SESSION["usertable"]["usertype"]])) $actualdelay = $scoredelay[$_SESSION["usertable"]["usertype"]];
@@ -237,17 +237,18 @@ if($redo) {
 	}
 	if(is_readable($_SESSION["locr"] . $ds . 'private' . $ds . 'score.sep')) {
 		$rf=file($_SESSION["locr"] . $ds . 'private' . $ds . 'score.sep');
-		$strtmp .= "<br><img src=\"$loc/images/smallballoontransp.png\" alt=\"\" onload=\"javascript:toggleGroup(1)\"> <b>Available scores:</b> \n";
+		$fta=true;
 		for($rfi=1;$rfi<=count($rf);$rfi++) {
 			$lin = explode('#',trim($rf[$rfi-1]));
 			if(isset($lin[1]) && $_SESSION["usertable"]["usertype"]!='admin') {
 				$arr=explode(' ',trim($lin[1]));
 				for($arri=0;$arri<count($arr);$arri++)
-					if(preg_match($arr[$arri],$_SESSION["usertable"]["username"])) break;
+					if($arr[$arri] != '' && preg_match($arr[$arri],$_SESSION["usertable"]["username"])) break;
 				if($arri>=count($arr)) continue;
 			}
 			$lin = trim($lin[0]);
 			if($lin=='') continue;
+		if($fta) { $fta=false; $strtmp .= "<br><img src=\"$loc/images/smallballoontransp.png\" alt=\"\" onload=\"javascript:toggleGroup($rfi)\"> <b>Available scores:</b> \n"; }
             $grname=explode(' ',$lin);
 			$class=1;
 			reset($score);
@@ -296,6 +297,7 @@ if($redo) {
 	$n=0;
 	reset($score);
 	while(list($e, $c) = each($score)) {
+	if(!isset($score[$e]['classingroup'])) continue;  
 	  reset($score[$e]['classingroup']);
  	  while(list($cg1,$cg2) = each($score[$e]['classingroup'])) {
   	    $strtmp .= " <tr class=\"";
diff --git a/src/staff/header.php b/src/staff/header.php
index ca820bc..c841733 100644
--- a/src/staff/header.php
+++ b/src/staff/header.php
@@ -68,6 +68,12 @@ echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\"
 echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\" href=score.php>Score</a></td>\n";
 echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\" href=run.php>Runs</a></td>\n";
 echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\" href=option.php>Options</a></td>\n";
+
+echo " <td align=center width=\"20%\"><a href=\"#\" class=menu style=\"font-weight:bold\" onClick=\"window.open('report/stat.php', ".
+                "'Problem Statistics','width=800,height=600,scrollbars=yes,toolbar=yes,menubar=yes,".
+                "resizable=yes')\">Statistics</a></td>\n";
+
+//echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\" href=option.php>Options</a></td>\n";
 echo "  <td align=center width=\"20%\"><a class=menu style=\"font-weight:bold\" href=../index.php>Logout</a></td>\n";
 echo " </tr>\n"; 
 echo "</table>\n";
diff --git a/src/staff/task.php b/src/staff/task.php
index a447429..52d9665 100644
--- a/src/staff/task.php
+++ b/src/staff/task.php
@@ -65,7 +65,8 @@ if (isset($_GET["done"]) && is_numeric($_GET["done"]) && isset($_GET["site"]) &&
 if (($s=DBSiteInfo($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usersitenumber"])) == null)
         ForceLoad("../index.php");
 
-$task = DBOpenTasksInSites($_SESSION["usertable"]["contestnumber"], $s["sitetasking"]);
+//$task = DBOpenTasksInSites($_SESSION["usertable"]["contestnumber"], $s["sitetasking"]);
+$task = DBAllTasksInSites($_SESSION["usertable"]["contestnumber"], $s["sitetasking"], 'task');
 
 $ds = DIRECTORY_SEPARATOR;
 if($ds=="") $ds = "/";
@@ -78,7 +79,7 @@ if(is_readable($_SESSION["locr"] . $ds . 'private' . $ds . 'score.sep')) {
 		if(isset($lin[1]) && $_SESSION["usertable"]["usertype"]!='admin') {
 			$arr=explode(' ',trim($lin[1]));
 			for($arri=0;$arri<count($arr);$arri++)
-				if(preg_match($arr[$arri],$_SESSION["usertable"]["username"])) break;
+				if($arr[$arri] != '' && preg_match($arr[$arri],$_SESSION["usertable"]["username"])) break;
 			if($arri>=count($arr)) continue;
 		}
 		$lin = trim($lin[0]);
diff --git a/src/team/run.php b/src/team/run.php
index a5f9993..1ed736d 100644
--- a/src/team/run.php
+++ b/src/team/run.php
@@ -22,7 +22,7 @@ if($ds=="") $ds = "/";
 
 if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 	((isset($_FILES["sourcefile"]) && isset($_POST["Submit"]) && $_FILES["sourcefile"]["name"]!="") || (isset($_POST["data"]) && isset($_POST["name"])))) {
-	if ($_POST["confirmation"] == "confirm" || (isset($_POST["data"]) && isset($_POST["name"]))) {
+	if ((isset($_POST["confirmation"]) && $_POST["confirmation"] == "confirm") || (isset($_POST["data"]) && isset($_POST["name"]))) {
 		if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) {
 			if(isset($_POST['name']) && $_POST['name'] != '') {
 				echo "\nRESULT: CONTEST NOT FOUND";
@@ -65,6 +65,15 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 				exit;
 			}
 		}
+		$linesubmission = @file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-using-command.config');
+		if(trim($linesubmission) =='1') {
+			if(!isset($_POST['name']) || $_POST['name'] == '') {
+				echo "\nINVALID REQUEST";
+				ForceLoad("../index.php");
+				exit;
+			}
+
+		}
 		if(isset($_POST['name']) && $_POST['name'] != '') {
 			$temp = tempnam("/tmp","bkp-");
 			$fout = fopen($temp,"wb");
@@ -103,7 +112,9 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 			MSGError("File name cannot contain spaces.");
 			ForceLoad($runteam);		
 		}
-
+		if(isset($_POST['pastcode']) && $_POST['pastcode'] != '')
+                        $shaf = myhtmlspecialchars($_POST["pastcode"]);
+		else $shaf = @sha1_file($temp);
 		$ac=array('contest','site','user','problem','lang','filename','filepath');
 		$ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite',
 			   'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2',
@@ -115,6 +126,46 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 					   'lang'=>$lang,
 					   'filename'=>$name,
 					   'filepath'=>$temp);
+		$compv = "errorseed-5847245-errorseed";
+//		if(isset($_POST['comp']) && $_POST['comp'] != '') $compv=trim(myhtmlspecialchars($_POST['comp']));
+//		else {
+			echo "\nRESULT: ERROR COMPUTER KEY";
+			exit;
+//		}
+ 		$verify = $compv . '-'. $shaf . '-' . $name . '-'. $prob . '-' . $lang . '-' . 
+			$_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
+
+$pasthash=""; if(isset($_POST["pasthash"])) $pasthash=myhtmlspecialchars($_POST["pasthash"]);
+$pastvalhash=''; if(isset($_POST["pastvalhash"])) $pastvalhash=myhtmlspecialchars($_POST["pastvalhash"]);
+$pastval=''; if(isset($_POST["pastval"])) $pastval=myhtmlspecialchars($_POST["pastval"]);
+$pastabs=''; if(isset($_POST["pastabs"])) $pastabs=myhtmlspecialchars($_POST["pastabs"]);
+ $verify1 = $pasthash . '-' . $pastvalhash .'-'. $pastval .'-'. $pastabs .'-'. $compv . '-'. $shaf . '-' . $name . '-'. $prob . '-' . $lang . '-' .
+                        $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
+
+                $fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'runs-submitted-' . $_SESSION["usertable"]["contestnumber"].'-'.
+                                $_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
+		$fcnamex = $_SESSION["locr"] . $ds . "private" . $ds . 'comp' . $ds . md5($compv) . ".comp";
+		$prevcomp = @file_get_contents($fcnamex);
+		
+		if($prevcomp === false || trim($prevcomp) == '') {
+			@file_put_contents($fcnamex, $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"], LOCK_EX);
+		} else {
+			if(strlen($compv) != 32 || trim($prevcomp) != $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]) {
+				echo "\nRESULT: UNAUTHORIZED COMPUTER";
+				exit;
+			}
+		}
+
+		//@file_put_contents($fcname . ".try", $verify1 . "\n", FILE_APPEND | LOCK_EX);
+                        $codes = @file($fcname . ".txt",FILE_IGNORE_NEW_LINES);
+                        if(is_array($codes) && in_array($verify,$codes)) {
+@file_put_contents($fcname . ".try", $verify1 . "-ALREADY\n", FILE_APPEND | LOCK_EX);
+					if(isset($_POST['name']) && $_POST['name'] != '') {
+                               		 echo "\nRESULT: SAME FILE ALREADY SUBMITTED FOR THIS PROB/LANG";
+					exit;
+					}
+					MSGError("Same file already submitted for this problem and language"); ForceLoad($runteam);
+                        } 
 
 		if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') {
 			$pastcode = myhtmlspecialchars($_POST["pastcode"]);
@@ -124,25 +175,30 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 				$pastval = myhtmlspecialchars($_POST["pastval"]);
 				$pastabs = myhtmlspecialchars($_POST["pastabs"]);
 				if(is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) {
-					$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval);
-					if($pastsubmission != $pastvalhash) {
-						$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs);
-						if($pastsubmission != $pasthash) {
-							echo "\nRESULT: INVALID SUBMISSION CODE";
+					$pcodes = @file($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config');
+					$pastsubmission = array_map(function($element){ $sp=explode(' ',$element,4); return trim($sp[2]); }, $pcodes);
+					$key=-1;
+					
+				        for($hh=0; $hh < count($pastsubmission); $hh++) 
+						if(myhash($pastsubmission[$hh] . $pastcode . $compv . $pastval) == $pastvalhash) { $key = $hh; break; }
+					if($key < 0) {
+					//if(($key=array_search($pastvalhash, $pastsubmission))===false) {
+					//	$pastsubmission = array_map(function($element){ $sp=explode(' ',$element,4); return myhash(trim($sp[2]) . trim($pastcode) . trim($pastabs)); }, $pcodes);
+					//	if(($key=array_search($pasthash, $pastsubmission))===false) {
+							echo "\nRESULT: INVALID SUBMISSION CODE (0)";
 							exit;
-						}
+					//	}
 					}
-				} else $pastval = 0;
+				} else {
+@file_put_contents($fcname . ".try", $verify1 . "-BADCODE1\n", FILE_APPEND | LOCK_EX);
+					echo "\nRESULT: INVALID SUBMISSION CODE (1)";
+                                                        exit;
+				}
 			} else {
-				$pastval = 0;
+@file_put_contents($fcname . ".try", $verify1 . "-BADCODE2\n", FILE_APPEND | LOCK_EX);
+				echo "\nRESULT: INVALID SUBMISSION CODE (2)";
+                                                        exit;
 			}
-			$verify = $pastcode . '-' .$name . '-'. $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
-			$fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"].'-'.
-				$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"].'.txt';
-			$codes = @file($fcname,FILE_IGNORE_NEW_LINES);
-			if(in_array($verify,$codes)) {
-				echo "\nRESULT: RUN ALREADY SUBMITTED";
-			} else {
 				if($pastval > 0) {
 					$param['rundate']=time() - $pastval;
 					$b = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"]);
@@ -150,36 +206,57 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 					$param['rundatediff']=$dif - $pastval;
 				}
 
+				$tardes = array_map(function($element){ $sp=explode(' ',$element,4); if(count($sp)>3) return 60*trim($sp[3]); return 0; }, $pcodes);
+
 				///////CASO DE COMECAR MAIS TARDE NO CENTRALIZADO
-				if(false && substr($_SESSION["usertable"]["username"],0,3) == 'XXX') {
-					$param['rundate']=$param['rundate'] - 60*10; // 10 minutos
-					$param['rundatediff']=$param['rundatediff'] - 60*10;
+				if($key >= 0 && $tardes[$key] > 0) { //substr($_SESSION["usertable"]["username"],0,3) == 'XXX') {
+					$param['rundate']=$param['rundate'] - $tardes[$key]; // 60*10 = 10 minutos
+					$param['rundatediff']=$param['rundatediff'] - $tardes[$key];
 				}
 				$retv = DBNewRun ($param);
 				if($retv == 2) {
-					@file_put_contents($fcname, $verify . "\n", FILE_APPEND | LOCK_EX);
+@file_put_contents($fcname . ".try", $verify1 . "-OK-" . $param['rundatediff'] . "-" . $param['rundate'] . "-" . $b["currenttime"] . "\n", FILE_APPEND | LOCK_EX);
+					@file_put_contents($fcname . ".txt", $verify . "\n", FILE_APPEND | LOCK_EX);
 					echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY ($pastval)";
 				} else {
-					if($retv == 0) echo "\nRESULT: CONTEST NOT RUNNING";
-					else
+					if($retv == 0) {
+						echo "\nRESULT: CONTEST NOT RUNNING";
+@file_put_contents($fcname . ".try", $verify1 . "-NOTRUNNING\n", FILE_APPEND | LOCK_EX);
+		}			else {
 						echo "\nRESULT: UNKNOWN PROBLEM";
+@file_put_contents($fcname . ".try", $verify1 . "-UNKNOWN\n", FILE_APPEND | LOCK_EX);
+					}
 				}
-			}
 			exit;
-		}
+		} 
+			if(trim($linesubmission) =='1') {
+@file_put_contents($fcname . ".try", $verify1 . "-BADCALL\n", FILE_APPEND | LOCK_EX);
+				echo "\nINVALID REQUEST";
+				exit;
+			}
+		
 		///////CASO DE COMECAR MAIS TARDE NO CENTRALIZADO
-		if(false && substr($_SESSION["usertable"]["username"],0,3) == 'XXX') {
+		if(substr($_SESSION["usertable"]["username"],0,3) == 'XXX') {
 			$param['rundate']=$param['rundate'] - 60*10; // 10 minutos
 			$param['rundatediff']=$param['rundatediff'] - 60*10;
 		}
 		$retv = DBNewRun ($param);
+		if($retv==2)
+			@file_put_contents($fcname . ".txt", $verify . "\n", FILE_APPEND | LOCK_EX);
 		if(isset($_POST['name']) && $_POST['name'] != '') {
-			if($retv == 2)
+			if($retv == 2) {
+@file_put_contents($fcname . ".try", $verify1 . "-OK\n", FILE_APPEND | LOCK_EX); 
 				echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY";
+			}			
 			else {
-				if($retv == 0) echo "\nRESULT: CONTEST NOT RUNNING";
-				else
+				if($retv == 0) {
+@file_put_contents($fcname . ".try", $verify1 . "-NOTRUNNING2\n", FILE_APPEND | LOCK_EX);
+					echo "\nRESULT: CONTEST NOT RUNNING"; 
+				}
+				else {
+@file_put_contents($fcname . ".try", $verify1 . "-UNKNOWN\n", FILE_APPEND | LOCK_EX);
 					echo "\nRESULT: UNKNOWN PROBLEM";
+				}
 			}
 			exit;
 		}
@@ -253,7 +330,6 @@ if($redo) {
 	}
 $strtmp .= "</table>";
 if (count($run) == 0) $strtmp .= "<br><center><b><font color=\"#ff0000\">NO RUNS AVAILABLE</font></b></center>";
-
 $linesubmission = @file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-using-command.config');
 if(trim($linesubmission) == '1') {
 $strtmp .= "<br><br><center><b>To submit a program, use the command-line tool:</b>\n<br>".
-- 
cgit v1.2.3