aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 14:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Closes #61, #85

Browse Source 
Whitelist localhost
This commit is contained in:
CodeKevin
2016-02-06 15:05:49 -05:00
parent 0c9a4f0283
commit 85e8a9d271
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CTFd/challenges.py
View File

@@ -1,6 +1,6 @@
from flask import current_app as app, render_template, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint from flask import current_app as app, render_template, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint
from CTFd.utils import ctftime, view_after_ctf, authed, unix_time, get_kpm, can_view_challenges, is_admin, get_config from CTFd.utils import ctftime, view_after_ctf, authed, unix_time, get_kpm, can_view_challenges, is_admin, get_config, get_ip
from CTFd.models import db, Challenges, Files, Solves, WrongKeys, Keys, Tags from CTFd.models import db, Challenges, Files, Solves, WrongKeys, Keys, Tags
import time import time
@@ -140,7 +140,7 @@ def chal(chalid):
if x['type'] == 0: #static key if x['type'] == 0: #static key
print(x['flag'], key.strip().lower()) print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip().lower(): if x['flag'] and x['flag'].strip().lower() == key.strip().lower():
solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key) solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve) db.session.add(solve)
db.session.commit() db.session.commit()
db.session.close() db.session.close()
@@ -149,7 +149,7 @@ def chal(chalid):
elif x['type'] == 1: #regex elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE) res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key: if res and res.group() == key:
solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key) solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve) db.session.add(solve)
db.session.commit() db.session.commit()
db.session.close() db.session.close()

11
CTFd/views.py
View File

@@ -1,5 +1,5 @@
from flask import current_app as app, render_template, render_template_string, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint, Response from flask import current_app as app, render_template, render_template_string, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint, Response
from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url, get_config, sha512 from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url, get_config, sha512, get_ip
from CTFd.models import db, Teams, Solves, Challenges, WrongKeys, Keys, Tags, Files, Tracking, Pages, Config from CTFd.models import db, Teams, Solves, Challenges, WrongKeys, Keys, Tags, Files, Tracking, Pages, Config
from jinja2.exceptions import TemplateNotFound from jinja2.exceptions import TemplateNotFound
@@ -12,6 +12,7 @@ import re
import sys import sys
import json import json
import os import os
import datetime
views = Blueprint('views', __name__) views = Blueprint('views', __name__)
@@ -19,10 +20,14 @@ views = Blueprint('views', __name__)
@views.before_request @views.before_request
def tracker(): def tracker():
if authed(): if authed():
if not Tracking.query.filter_by(ip=ip2long(request.remote_addr)).first(): track = Tracking.query.filter_by(ip=ip2long(get_ip()), team=session['id']).first()
visit = Tracking(request.remote_addr, session['id']) if not track:
visit = Tracking(ip=get_ip(), team=session['id'])
db.session.add(visit) db.session.add(visit)
db.session.commit() db.session.commit()
else:
track.date = datetime.datetime.utcnow()
db.session.commit()
db.session.close() db.session.close()