Closes #61, #85

Whitelist localhost

CTFd/challenges.py

@@ -1,6 +1,6 @@
 from flask import current_app as app, render_template, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint
 
-from CTFd.utils import ctftime, view_after_ctf, authed, unix_time, get_kpm, can_view_challenges, is_admin, get_config
+from CTFd.utils import ctftime, view_after_ctf, authed, unix_time, get_kpm, can_view_challenges, is_admin, get_config, get_ip
 from CTFd.models import db, Challenges, Files, Solves, WrongKeys, Keys, Tags
 
 import time
@@ -140,7 +140,7 @@ def chal(chalid):
                 if x['type'] == 0: #static key
                     print(x['flag'], key.strip().lower())
                     if x['flag'] and x['flag'].strip().lower() == key.strip().lower():
-                        solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key)
+                        solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
                         db.session.add(solve)
                         db.session.commit()
                         db.session.close()
@@ -149,7 +149,7 @@ def chal(chalid):
                 elif x['type'] == 1: #regex
                     res = re.match(str(x['flag']), key, re.IGNORECASE)
                     if res and res.group() == key:
-                        solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key)
+                        solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
                         db.session.add(solve)
                         db.session.commit()
                         db.session.close()

CTFd/views.py

@@ -1,5 +1,5 @@
 from flask import current_app as app, render_template, render_template_string, request, redirect, abort, jsonify, json as json_mod, url_for, session, Blueprint, Response
-from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url, get_config, sha512
+from CTFd.utils import authed, ip2long, long2ip, is_setup, validate_url, get_config, sha512, get_ip
 from CTFd.models import db, Teams, Solves, Challenges, WrongKeys, Keys, Tags, Files, Tracking, Pages, Config
 
 from jinja2.exceptions import TemplateNotFound
@@ -12,6 +12,7 @@ import re
 import sys
 import json
 import os
+import datetime
 
 views = Blueprint('views', __name__)
 
@@ -19,10 +20,14 @@ views = Blueprint('views', __name__)
 @views.before_request
 def tracker():
     if authed():
-        if not Tracking.query.filter_by(ip=ip2long(request.remote_addr)).first():
-            visit = Tracking(request.remote_addr, session['id'])
+        track = Tracking.query.filter_by(ip=ip2long(get_ip()), team=session['id']).first()
+        if not track:
+            visit = Tracking(ip=get_ip(), team=session['id'])
             db.session.add(visit)
             db.session.commit()
+        else:
+            track.date = datetime.datetime.utcnow()
+            db.session.commit()
         db.session.close()