JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Admins can edit users from the admin interface

selenium-screenshot-testing
Kevin Chung 2015-01-07 21:03:37 -05:00
parent 7c7632301f
commit a1f30547d2
5 changed files with 163 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CTFd/admin.py
View File

@ -224,15 +224,41 @@ def init_admin(app):
user = Teams.query.filter_by(id=teamid).first() user = Teams.query.filter_by(id=teamid).first()
solves = Solves.query.filter_by(teamid=teamid).all() solves = Solves.query.filter_by(teamid=teamid).all()
addrs = Tracking.query.filter_by(team=teamid).group_by(Tracking.ip).all() addrs = Tracking.query.filter_by(team=teamid).group_by(Tracking.ip).all()
db.session.close()
if request.method == 'GET': if request.method == 'GET':
return render_template('admin/team.html', solves=solves, team=user, addrs=addrs) return render_template('admin/team.html', solves=solves, team=user, addrs=addrs)
elif request.method == 'POST': elif request.method == 'POST':
json = {'solves':[]} name = request.form.get('name', None)
for x in solves: password = request.form.get('password', None)
json['solves'].append({'id':x.id, 'chal':x.chalid, 'team':x.teamid}) email = request.form.get('email', None)
return jsonify(json) website = request.form.get('website', None)
affiliation = request.form.get('affiliation', None)
country = request.form.get('country', None)
errors = []
name_used = Teams.query.filter(Teams.name == name).first()
if name_used and int(name_used.id) != int(teamid):
errors.append('That name is taken')
email_used = Teams.query.filter(Teams.email == email).first()
if email_used and int(email_used.id) != int(teamid):
errors.append('That email is taken')
if errors:
db.session.close()
return jsonify({'data':errors})
else:
user.name = name
user.email = email
if password:
user.password = bcrypt_sha256(password)
user.website = website
user.affiliation = affiliation
user.country = country
db.session.commit()
db.session.close()
return jsonify({'data':['success']})
@app.route('/admin/team/<teamid>/ban', methods=['POST']) @app.route('/admin/team/<teamid>/ban', methods=['POST'])
@admins_only @admins_only

2
templates/admin/scoreboard.html
View File

@ -2,7 +2,7 @@
{% block content %} {% block content %}
<div class="row"> <div class="row">
<p></p> <br>
<table id="scoreboard"> <table id="scoreboard">
<thead> <thead>
<tr> <tr>

132
templates/admin/teams.html
View File

@ -4,22 +4,146 @@
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css"> <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
<div class="row"> <div class="row">
<p></p> <br>
<div id="user" class="reveal-modal" data-reveal>
<h2>Edit User</h2>
<form method="POST" action="/admin/teams/">
<div class="row">
<input type="hidden" name="nonce" value="{{ nonce }}">
<input type="hidden" name="id">
<div class="large-12 columns">
<label>Team Name
<input type="text" name="name" placeholder="Enter new team name" />
</label>
</div>
<div class="large-12 columns">
<label>Email
<input type="text" name="email" placeholder="Enter new email" />
</label>
</div>
<div class="large-12 columns">
<label>Password
<input type="password" name="password" placeholder="Enter new password" />
</label>
</div>
<div class="large-12 columns">
<label>Website
<input type="text" name="website" placeholder="Enter Website" />
</label>
</div>
<div class="large-6 columns">
<label>Affiliation
<input type="text" name="affiliation" placeholder="Enter Affiliation" />
</label>
</div>
<div class="large-6 columns">
<label>Country
<input type="text" name="country" placeholder="Enter Country" />
</label>
</div>
<div id="results">
</div>
<button id="update-user" class="radius" type="submit">Update</button>
</div>
</form>
<a class="close-reveal-modal">&#215;</a>
</div>
<table id="teamsboard"> <table id="teamsboard">
<thead> <thead>
<tr> <tr>
<td><b>ID</b>
</td>
<td><b>Team</b> <td><b>Team</b>
</td> </td>
<td><b>Email</b>
</td>
<td><b>Website</b>
</td>
<td><b>Affiliation</b>
</td>
<td><b>Country</b>
</td>
<td><b>Settings</b>
</td>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{% for team in teams %} {% for team in teams %}
<tr><td><a href="/admin/team/{{ team.id }}">{{ team.name }}</a></td></tr> <tr name="{{ team.id }}">
{% endfor %} <td class="team-id">{{ team.id }}</td>
<td class="team-name"><a href="/team/{{ team.id }}">{{ team.name }}</a>
</td>
<td class="team-email">{{ team.email }}</td>
<td class="team-website"><a href="{{ team.website }}">{% if team.website %}{{ team.website }}{% endif %}</a>
</td>
<td class="team-affiliation"><span>{% if team.affiliation %}{{ team.affiliation }}{% endif %}</span>
</td>
<td class="team-country"><span>{% if team.country %}{{ team.country }}{% endif %}</span>
</td>
<td><span>
<i class="fa fa-pencil-square-o"></i>
<i class="fa fa-envelope"></i>
<i class="fa fa-times"></i>
</span>
</td>
</tr>
{% endfor %}
</tbody> </tbody>
</table> </table>
</div> </div>
{% endblock %} {% endblock %}
{% block scripts %} {% block scripts %}
<script>
function load_modal(id, name, email, website, affiliation, country){
var modal_form = $('#user form');
modal_form.find('input[name=name]').val(name)
modal_form.find('input[name=id]').val(id)
modal_form.find('input[name=email]').val(email)
modal_form.find('input[name=website]').val(website)
modal_form.find('input[name=affiliation]').val(affiliation)
modal_form.find('input[name=country]').val(country)
console.log(modal_form);
$('#user form').attr('action', '/admin/team/'+id)
$('#user').foundation('reveal', 'open');
}
$('#update-user').click(function(e){
e.preventDefault();
var id = $('#user input[name="id"]').val()
var user_data = $('#user form').serializeArray()
$.post($('#user form').attr('action'), $('#user form').serialize(), function(data){
var data = $.parseJSON(JSON.stringify(data))
for (var i = 0; i < data['data'].length; i++) {
if (data['data'][i] == 'success'){
var row = $('tr[name='+id+']')
row.find('.team-name').text( $.grep(user_data, function(e){ return e.name == 'name'; })[0]['value'] )
row.find('.team-email').text( $.grep(user_data, function(e){ return e.name == 'email'; })[0]['value'] )
row.find('.team-website').attr('href', $.grep(user_data, function(e){ return e.name == 'website'; })[0]['value'] )
row.find('.team-affiliation').text( $.grep(user_data, function(e){ return e.name == 'affiliation'; })[0]['value'] )
row.find('.team-country').text( $.grep(user_data, function(e){ return e.name == 'country'; })[0]['value'] )
$('#user').foundation('reveal', 'close');
}
else{
$('#results').append($('p').text( data['data'][i] ))
}
};
})
})
$('.fa-pencil-square-o').click(function(){
var elem = $(this).parent().parent().parent();
var id = elem.find('.team-id').text();
var name = elem.find('.team-name').text();
var email = elem.find('.team-email').text();
var website = elem.find('.team-website').text();
var affiliation = elem.find('.team-affiliation').text();
var country = elem.find('.team-country').text();
load_modal(id, name, email, website, affiliation, country);
})
</script>
{% endblock %} {% endblock %}

4
templates/scoreboard.html
View File

@ -4,9 +4,9 @@
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css"> <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
<div class="row"> <div class="row">
<p></p> <br>
<div id="score-graph"></div> <div id="score-graph"></div>
<p></p> <br>
<table id="scoreboard"> <table id="scoreboard">
<thead> <thead>

2
templates/teams.html
View File

@ -4,7 +4,7 @@
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css"> <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
<div class="row"> <div class="row">
<p></p> <br>
<table id="teamsboard"> <table id="teamsboard">
<thead> <thead>
<tr> <tr>