Commit Graph

868 Commits (snyk-fix-832f1d103bac4fdd1438f1bd89ae932c)

Author SHA1 Message Date
Kevin Chung 683ec198c4 Merge pull request #38 from slinkymanbyday/delete-pages
Closes #32
2015-05-17 23:48:27 -04:00
Sean Meyer db687b6c25 enable max-attempts per challenge setting 2015-05-18 11:31:43 +08:00
Sean Meyer da2537ff3b Admins can delete pages 2015-05-18 10:35:10 +08:00
Kevin Chung 945e2148be Don't insert current time into graph 2015-05-16 01:45:26 -04:00
Kevin Chung be9c93adb4 Fixing odd top ten issue 2015-05-16 01:34:52 -04:00
Kevin Chung c4ed177255 Faster moving graphs 2015-05-13 18:34:14 -04:00
Kevin Chung add67db4d2 Graph looks a little better 2015-05-13 17:48:37 -04:00
Kevin Chung 65ae712c68 Accidentally still using old password hashing in forgot password 2015-05-13 13:07:46 -04:00
Kevin Chung 3a2323b0ae Fixing password changing issue 2015-05-13 13:03:48 -04:00
Kevin Chung be6430be4f Allowing admins to preview challenge board 2015-05-09 23:33:20 -04:00
CodeKevin 1e445791d1 Properly download files from admin panel 2015-05-03 17:40:18 -04:00
CodeKevin aa77e61b3f Download files from admin panel 2015-05-03 17:35:55 -04:00
CodeKevin b8518b7e26 Merge branch 'master' of https://github.com/isislab/CTFd 2015-05-03 17:26:14 -04:00
CodeKevin f63b894258 Preventing team name changes 2015-05-03 17:25:59 -04:00
Kevin Chung 44df12550a Removing extra checkbox 2015-04-19 18:39:09 -04:00
CodeKevin 5e24fba459 Closes #16 2015-04-19 04:24:48 -04:00
Kevin Chung 4319af3b0d Merge pull request #30 from bburky/installation-fixes
Update installation scripts
2015-04-01 23:13:03 -04:00
Kevin Chung 561e5a61d2 Merge pull request #31 from bburky/mailgun
Fix Mailgun from address
2015-03-21 22:38:36 -04:00
Blake Burkhart 3cc62b3103 Fix Mailgun from address
Use the app.config['ADMINS'][0] address as the from address in Mailgun messages.

TODO: This email address should probably be configurable in the admin settings.
2015-03-21 21:06:15 -05:00
Blake Burkhart 0125be9403 Update installation scripts
Install libffi-dev in prepare.sh. Bcrypt seems to depend on this.

Add exact versions for all packages in requrements.txt
2015-03-21 20:40:57 -05:00
Kevin Chung 4d62a1dbcc Update README.md 2015-03-20 03:22:32 -04:00
CodeKevin ac83c8a576 Fixing DOM XSS issues, upload issues, and usability issues 2015-03-16 16:03:58 -04:00
CodeKevin 95e015abe6 Proper custom CTF name
I should have better pushing habits
2015-03-15 15:03:16 -04:00
CodeKevin 0179fa7115 Custom CTF Name 2015-03-15 14:55:50 -04:00
CodeKevin c26d0924bf Fixing XSS issue for users 2015-03-15 14:44:47 -04:00
CodeKevin a0d3a1e640 Fixing XSS issue 2015-03-15 14:42:31 -04:00
CodeKevin a499f8c731 Adding favicon for non-admins 2015-03-15 04:23:16 -04:00
CodeKevin 8334c15f98 Adding favicon 2015-03-15 04:19:58 -04:00
CodeKevin d09d0a9678 Closes #21 2015-03-15 04:18:39 -04:00
CodeKevin eced601485 Updating logo 2015-03-15 02:39:32 -04:00
CodeKevin 5f4a670b7a Removing debug print statement 2015-03-15 00:28:12 -04:00
CodeKevin 0a27d11f45 Fixing score and place for team pages 2015-03-14 23:39:05 -04:00
CodeKevin f2484c519a Closes #15 (Thanks mwinstead3790), various fixes 2015-03-14 23:01:21 -04:00
Kevin Chung b4dd54d36a Adding score and place to team page, fixing create_app 2015-03-08 13:39:22 -04:00
CodeKevin f43c695330 Keeping ban/unban in the admin panel 2015-01-26 01:08:51 -05:00
Kevin Chung 613ed46298 Merge pull request #17 from xkjcf/master
make the ban and unban switcher work
2015-01-26 01:07:09 -05:00
CodeKevin 81ea0f8d52 Send email tested and improved 2015-01-24 20:04:58 -05:00
CodeKevin 29071a6d5c Cleaning out some leftover text 2015-01-24 19:41:34 -05:00
CodeKevin 52becebbdb Adding team emailing
Untested since I don't have a mail server on my dev environment
2015-01-24 19:40:52 -05:00
CodeKevin b1c09e832e Listing DO hosts
Swapped out API wrappers
2015-01-24 03:50:45 -05:00
CodeKevin 6b81ac4577 Merging local changes 2015-01-24 00:51:32 -05:00
CodeKevin 7642aeb1e5 Starting DO integration 2015-01-24 00:48:41 -05:00
xkjcf 6916f5f68b make the ban and unban switcher work 2015-01-20 15:05:17 +08:00
Kevin Chung 8ec79d9337 Removing hits calculation for issue #12 2015-01-18 20:25:05 -05:00
Kevin Chung 3b93a40f2b Closes #9 2015-01-18 20:07:02 -05:00
Kevin Chung 1882d8231d Properly checking for config values and setting them if they don't exist 2015-01-18 19:33:48 -05:00
Kevin Chung 4a128e83dc Adding user deletion from admin panel 2015-01-18 19:17:57 -05:00
Kevin Chung fb5e525775 Merge pull request #11 from bburky/view-challenges-unregistered
Optionally allow unregistered users to view challenges
2015-01-08 00:13:39 -05:00
CodeKevin 7bb7186f8d Preventing unnecessary requests 2015-01-08 00:13:13 -05:00
Blake Burkhart 2972cf506d Optionally allow unregistered users to view challenges
Add a Config entry `view_challenges_unregistered` to indicate whether
unregistered users can view challenges. Add the setting to the admin config
page.

Add can_view_challenges() to utils to test if a user is either authed, or the
configuration allow unauthenticated users to view the challenges.

Return a HTTP 401 Unauthorized error when the /chals/solves API can't provide
results for an unauthenticated user. This is needed because the client side
code in `chalboard.js` doesn't know if it's logged in or not and requests this
anyway. (And AJAX doesn't handle redirects very well.) Alternately the client
could actually know if they're logged in and not make needless API calls.

When an unregistered user attempts to submit a flag, it will also fail. The
user will be redirected to a login page.
2015-01-07 22:11:31 -06:00