forked from Lake-Tuggeranong-College/CyberCity
-
Notifications
You must be signed in to change notification settings - Fork 0
/
challengeDisplay.php
108 lines (88 loc) · 3.38 KB
/
challengeDisplay.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php include "template.php";
/** @var $conn */
if (!authorisedAccess(false, true, true)) {
header("Location:index.php");
}
if (isset($_GET["moduleID"])) {
$challengeToLoad = $_GET["moduleID"];
} else {
header("location:challengesList.php");
}
$sql = $conn->query("SELECT moduleID, challengeTitle, challengeText, PointsValue, HashedFlag FROM Challenges WHERE moduleID = " . $challengeToLoad . " ORDER BY ID DESC");
$result = $sql->fetch();
$moduleID = $result["moduleID"];
$title = $result["challengeTitle"];
$challengeText = $result["challengeText"];
$pointsValue = $result["PointsValue"];
$hashedFlag = $result["HashedFlag"];
?>
<html>
<head>
<title>Challenge Information</title>
<h1 class='text-primary'>Challenge - <?= $title ?></h1>
<style>
.dark-border {
border
}
</style>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-1 border border border-dark">Challenge Name</div>
<div class="col-5 border border border-dark">Challenge Description</div>
<div class="col-1 border border border-dark">Challenge Points</div>
</div>
<div class="row ">
<div class="col-1 border border border-dark "><?= $title ?></div>
<div class="col-5 border border border-dark"><?= $challengeText ?></div>
<div class="col-1 border border border-dark"><?= $pointsValue ?></div>
</div>
<div class="row">
<div class="col-12">
<!--//<form action="moduleEdit.php?ModuleID=-->
<?php //= $moduleToLoad ?><!--" method="post" enctype="multipart/form-data">-->
<form action="challengeDisplay.php?moduleID=<?= $moduleID ?>" method="post" enctype="multipart/form-data">
<p>Please enter the flag:</p>
<label>
<input type="text" name="flag" class="form-control" required="required">
</label></p>
<input type="submit" name="formSubmit" value="Submit">
</form>
</div>
</div>
</div>
</body>
</html>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$userEnteredFlag = sanitise_data($_POST['flag']);
// $challengeToLoad = $_GET["moduleID"];
// $flagList = $conn->query("SELECT HashedFlag, PointsValue, moduleID, challengeTitle, challengeText, PointsValue FROM Challenges WHERE moduleID = " . $challengeToLoad . "");
//
// while ($flagData = $flagList->fetch()) {
if (password_verify($userEnteredFlag, $hashedFlag)) {
$user = $_SESSION["user_id"];
$sql = "UPDATE Users SET Score = SCORE + '$pointsValue' WHERE ID='$user'";
$stmt = $conn->prepare($sql);
$stmt->execute();
// $userInformation = $conn->query("SELECT Score FROM Users WHERE ID='$user'");
// $userData = $userInformation->fetch();
// $addedScore = $userData["Score"] += $pointsValue;
// $sql1 = "UPDATE Users SET Score=? WHERE Username=?";
// $stmt = $conn->prepare($sql1);
// $stmt->execute([$addedScore, $user]);
echo $moduleID;
$sql = "UPDATE RegisteredModules SET CurrentOutput = 'On' WHERE ID='$moduleID'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$_SESSION["flash_message"] = "<div class='bg-success'>Success!</div>";
} else {
$_SESSION["flash_message"] = "<div class='bg-danger'>Flag failed - Try again</div>";
}
// }
}
echo outputFooter();
?>
</body>
</html>