mirror of https://github.com/JohnHammond/CTFd.git
Merging local changes
commit
6b81ac4577
|
@ -54,10 +54,10 @@ def init_admin(app):
|
|||
|
||||
try:
|
||||
view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
|
||||
prevent_registration = bool(request.form.get('prevent_registration', None))
|
||||
except (ValueError, TypeError):
|
||||
view_challenges_unregistered = None
|
||||
|
||||
print repr(start), repr(end), repr(view_challenges_unregistered)
|
||||
prevent_registration = None
|
||||
|
||||
db_start = Config.query.filter_by(key='start').first()
|
||||
db_start.value = start
|
||||
|
@ -68,16 +68,50 @@ def init_admin(app):
|
|||
db_view_challenges_unregistered = Config.query.filter_by(key='view_challenges_unregistered').first()
|
||||
db_view_challenges_unregistered.value = view_challenges_unregistered
|
||||
|
||||
db_prevent_registration = Config.query.filter_by(key='prevent_registration').first()
|
||||
db_prevent_registration.value = prevent_registration
|
||||
|
||||
db.session.add(db_start)
|
||||
db.session.add(db_end)
|
||||
db.session.add(db_view_challenges_unregistered)
|
||||
db.session.add(db_prevent_registration)
|
||||
|
||||
db.session.commit()
|
||||
return redirect('/admin/config')
|
||||
start = Config.query.filter_by(key="start").first().value
|
||||
end = Config.query.filter_by(key="end").first().value
|
||||
view_challenges_unregistered = (Config.query.filter_by(key='view_challenges_unregistered').first().value == '1')
|
||||
return render_template('admin/config.html', start=start, end=end, view_challenges_unregistered=view_challenges_unregistered)
|
||||
|
||||
start = Config.query.filter_by(key="start").first()
|
||||
if start:
|
||||
start = start.value
|
||||
else:
|
||||
start = Config('start', None)
|
||||
db.session.add(start)
|
||||
|
||||
end = Config.query.filter_by(key="end").first()
|
||||
if end:
|
||||
end = end.value
|
||||
else:
|
||||
end = Config('end', None)
|
||||
db.session.add(end)
|
||||
|
||||
view_challenges_unregistered = Config.query.filter_by(key='view_challenges_unregistered').first()
|
||||
if view_challenges_unregistered:
|
||||
view_challenges_unregistered = (view_challenges_unregistered.value == '1')
|
||||
else:
|
||||
view_challenges_unregistered = Config('view_challenges_unregistered', None)
|
||||
db.session.add(view_challenges_unregistered)
|
||||
|
||||
prevent_registration = Config.query.filter_by(key='prevent_registration').first()
|
||||
if prevent_registration:
|
||||
prevent_registration = (prevent_registration.value == '1')
|
||||
else:
|
||||
prevent_registration = Config('prevent_registration', None)
|
||||
db.session.add(prevent_registration)
|
||||
|
||||
db.session.commit()
|
||||
db.session.close()
|
||||
|
||||
return render_template('admin/config.html', start=start, end=end, view_challenges_unregistered=view_challenges_unregistered,
|
||||
prevent_registration=prevent_registration)
|
||||
|
||||
@app.route('/admin/pages', defaults={'route': None}, methods=['GET', 'POST'])
|
||||
@app.route('/admin/pages/<route>', methods=['GET', 'POST'])
|
||||
|
@ -291,6 +325,14 @@ def init_admin(app):
|
|||
db.session.commit()
|
||||
return redirect('/scoreboard')
|
||||
|
||||
@app.route('/admin/team/<teamid>/delete', methods=['POST'])
|
||||
@admins_only
|
||||
def delete_team(teamid):
|
||||
user = Teams.query.filter_by(id=teamid).first()
|
||||
db.session.delete(user)
|
||||
db.session.commit()
|
||||
return '1'
|
||||
|
||||
|
||||
@app.route('/admin/graphs/<graph_type>')
|
||||
@admins_only
|
||||
|
@ -348,7 +390,6 @@ def init_admin(app):
|
|||
db.session.commit()
|
||||
|
||||
teams_registered = db.session.query(db.func.count(Teams.id)).first()[0]
|
||||
site_hits = db.session.query(db.func.count(Tracking.id)).first()[0]
|
||||
wrong_count = db.session.query(db.func.count(WrongKeys.id)).first()[0]
|
||||
solve_count = db.session.query(db.func.count(Solves.id)).first()[0]
|
||||
challenge_count = db.session.query(db.func.count(Challenges.id)).first()[0]
|
||||
|
@ -358,7 +399,6 @@ def init_admin(app):
|
|||
db.session.close()
|
||||
|
||||
return render_template('admin/statistics.html', team_count=teams_registered,
|
||||
hit_count=site_hits,
|
||||
wrong_count=wrong_count,
|
||||
solve_count=solve_count,
|
||||
challenge_count=challenge_count,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
from flask import render_template, request, redirect, abort, jsonify, url_for, session
|
||||
from CTFd.utils import sha512, is_safe_url, authed, mailserver, sendmail
|
||||
from CTFd.utils import sha512, is_safe_url, authed, mailserver, sendmail, can_register
|
||||
from CTFd.models import db, Teams
|
||||
|
||||
from itsdangerous import TimedSerializer, BadTimeSignature
|
||||
|
@ -56,6 +56,8 @@ Did you initiate a password reset?
|
|||
|
||||
@app.route('/register', methods=['POST', 'GET'])
|
||||
def register():
|
||||
if not can_register():
|
||||
return redirect('/login')
|
||||
if request.method == 'POST':
|
||||
errors = []
|
||||
name_len = len(request.form['name']) == 0
|
||||
|
|
|
@ -18,18 +18,14 @@ def init_utils(app):
|
|||
app.jinja_env.filters['unix_time_millis'] = unix_time_millis
|
||||
app.jinja_env.filters['long2ip'] = long2ip
|
||||
app.jinja_env.globals.update(pages=pages)
|
||||
app.jinja_env.globals.update(can_register=can_register)
|
||||
|
||||
def pages():
|
||||
pages = Pages.query.filter(Pages.route!="index").all()
|
||||
return pages
|
||||
|
||||
def authed():
|
||||
try:
|
||||
if session['id']:
|
||||
return True
|
||||
except KeyError:
|
||||
pass
|
||||
return False
|
||||
return bool(session.get('id', False))
|
||||
|
||||
def is_setup():
|
||||
setup = Config.query.filter_by(key='setup').first()
|
||||
|
@ -44,6 +40,13 @@ def is_admin():
|
|||
else:
|
||||
return False
|
||||
|
||||
def can_register():
|
||||
config = Config.query.filter_by(key='prevent_registration').first()
|
||||
if config:
|
||||
return config.value != '1'
|
||||
else:
|
||||
return True
|
||||
|
||||
def admins_only(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
|
@ -84,7 +87,11 @@ def ctftime():
|
|||
return False
|
||||
|
||||
def can_view_challenges():
|
||||
return authed() or (Config.query.filter_by(key="view_challenges_unregistered").first().value == '1');
|
||||
config = Config.query.filter_by(key="view_challenges_unregistered").first()
|
||||
if config:
|
||||
return authed() or config.value == '1'
|
||||
else:
|
||||
return authed()
|
||||
|
||||
def unix_time(dt):
|
||||
epoch = datetime.datetime.utcfromtimestamp(0)
|
||||
|
|
|
@ -66,6 +66,9 @@ def init_views(app):
|
|||
## Challenges cannot be viewed by unregistered users
|
||||
view_challenges_unregistered = Config('view_challenges_unregistered', None)
|
||||
|
||||
## Allow/Disallow registration
|
||||
prevent_registration = Config('prevent_registration', None)
|
||||
|
||||
setup = Config('setup', True)
|
||||
|
||||
db.session.add(admin)
|
||||
|
@ -73,6 +76,7 @@ def init_views(app):
|
|||
db.session.add(start)
|
||||
db.session.add(end)
|
||||
db.session.add(view_challenges_unregistered)
|
||||
db.session.add(prevent_registration)
|
||||
db.session.add(setup)
|
||||
db.session.commit()
|
||||
app.setup = False
|
||||
|
|
|
@ -27,7 +27,12 @@
|
|||
<label for="view_challenges_unregistered">Unregistered users can view challenges</label>
|
||||
</div>
|
||||
|
||||
<button class="radius" type='submit'>Submit</button>
|
||||
<div class="row">
|
||||
<input id="prevent_registration" name="prevent_registration" type="checkbox" {% if prevent_registration %}checked{% endif %}>
|
||||
<label for="prevent_registration">Prevent public registration</label>
|
||||
</div>
|
||||
|
||||
<button class="radius" type='submit'>Update</button>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
<h1>Statistics</h1>
|
||||
|
||||
<h3><b>{{ team_count }}</b> teams registered</h3>
|
||||
<h3><b>{{ hit_count}}</b> hits</h3>
|
||||
<h3><b>{{ wrong_count }}</b> wrong keys submitted</h3>
|
||||
<h3><b>{{ solve_count }}</b> right keys submitted</h3>
|
||||
<h3><b>{{ challenge_count }}</b> challenges</h3>
|
||||
|
|
|
@ -5,8 +5,20 @@
|
|||
|
||||
<div class="row">
|
||||
<br>
|
||||
<div id="confirm" class="reveal-modal" data-reveal>
|
||||
<h2 class="text-center">Delete User</h2>
|
||||
<form method="POST">
|
||||
<input type="hidden" name="id">
|
||||
<input type="hidden" name="nonce" value="{{ nonce }}">
|
||||
<div class="small-6 small-centered text-center columns">
|
||||
<p>Are you sure you want to delete <strong id="confirm-team-name"></strong>?</p>
|
||||
<button type="button" class="button alert radius" onclick="$('#confirm').foundation('reveal', 'close');">No</button>
|
||||
<button type="button" id="delete-user" class="button success radius">Yes</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div id="user" class="reveal-modal" data-reveal>
|
||||
<h2>Edit User</h2>
|
||||
<h2 class="text-center">Edit User</h2>
|
||||
<form method="POST" action="/admin/teams/">
|
||||
<div class="row">
|
||||
<input type="hidden" name="nonce" value="{{ nonce }}">
|
||||
|
@ -97,7 +109,7 @@
|
|||
{% block scripts %}
|
||||
<script>
|
||||
|
||||
function load_modal(id, name, email, website, affiliation, country){
|
||||
function load_update_modal(id, name, email, website, affiliation, country){
|
||||
var modal_form = $('#user form');
|
||||
|
||||
modal_form.find('input[name=name]').val(name)
|
||||
|
@ -132,7 +144,19 @@ $('#update-user').click(function(e){
|
|||
}
|
||||
};
|
||||
})
|
||||
});
|
||||
|
||||
$('#delete-user').click(function(e){
|
||||
e.preventDefault();
|
||||
var id = $('#confirm input[name="id"]').val()
|
||||
var user_data = $('#confirm form').serializeArray()
|
||||
$.post($('#confirm form').attr('action'), $('#confirm form').serialize(), function(data){
|
||||
var data = $.parseJSON(JSON.stringify(data))
|
||||
if (data == "1"){
|
||||
location.reload()
|
||||
}
|
||||
})
|
||||
});
|
||||
|
||||
$('.fa-pencil-square-o').click(function(){
|
||||
var elem = $(this).parent().parent().parent();
|
||||
|
@ -143,7 +167,23 @@ $('.fa-pencil-square-o').click(function(){
|
|||
var affiliation = elem.find('.team-affiliation').text().trim();
|
||||
var country = elem.find('.team-country').text().trim();
|
||||
|
||||
load_modal(id, name, email, website, affiliation, country);
|
||||
load_update_modal(id, name, email, website, affiliation, country);
|
||||
})
|
||||
|
||||
function load_confirm_modal(id, name){
|
||||
var modal = $('#confirm')
|
||||
modal.find('input[name=id]').val(id)
|
||||
modal.find('#confirm-team-name').text(name)
|
||||
$('#confirm form').attr('action', '/admin/team/'+id+'/delete');
|
||||
$('#confirm').foundation('reveal', 'open');
|
||||
}
|
||||
|
||||
$('.fa-times').click(function(){
|
||||
var elem = $(this).parent().parent().parent();
|
||||
var id = elem.find('.team-id').text().trim();
|
||||
var name = elem.find('.team-name').text().trim();
|
||||
load_confirm_modal(id, name)
|
||||
})
|
||||
|
||||
</script>
|
||||
{% endblock %}
|
|
@ -37,6 +37,7 @@
|
|||
</li>
|
||||
{%else %}
|
||||
<li class="has-form">
|
||||
{% if can_register() %}
|
||||
<li class="has-dropdown">
|
||||
<a href="/register">Register</a>
|
||||
<ul class="dropdown">
|
||||
|
@ -48,7 +49,7 @@
|
|||
</form>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
{% endif %}
|
||||
<li class="has-dropdown">
|
||||
<a href="/login">Login</a>
|
||||
<ul class="dropdown">
|
||||
|
|
Loading…
Reference in New Issue