: download attachment for challenge , or interact with it\n"; echo " external-flag : used for dispatching flags for external containers that cannot be changed easily\n"; exit; } if(!array_key_exists("game", $query)||gettype($query["game"])!="string"||strlen($query["game"])<=0) { gen_error_400("key \"game\" not found or is empty, or has an invalid type."); exit; } require(__DIR__."/phplib/libvar_gsec.php"); $game=$query["game"]; if(!array_key_exists($game, $gsecret_l)) { gen_error_400("game '".$game."' is not found in config file."); exit; } $ginfo=$gsecret_l[$game]; unset($gsecret_l); //do actions that do not need team_token auth //only $action and $game is set here if($action[0]=="external-flag") { require(__DIR__."/incl_external_flag.php"); exit; } if(!array_key_exists("ttoken", $query)||gettype($query["ttoken"])!="string"||strlen($query["ttoken"])<=0) { gen_error_400("key \"ttoken\" not found or is empty, or has an invalid type."); exit; } $team_token=$query["ttoken"]; //verify the [game, team-hash] pair (team_token auth) if(!verify_team_token($ginfo["gpub"], $team_token)) { gen_error_400("the team token provided is not valid: ".$team_token); exit; } $team_id=explode(":", $team_token)[0]; $team_id="team_".$team_id; //do actions (require files) depend on the request //$action, $game, $ginfo, $team_id, $team_token is set if($action[0]=="user-panel") { require(__DIR__."/incl_user_panel.php"); exit; } if($action[0]=="team-info") { require(__DIR__."/incl_get_team_info.php"); exit; } if($action[0]=="challenge-list") { require(__DIR__."/incl_challenge_list.php"); exit; } if($action[0]=="attachment-dl") { require(__DIR__."/incl_attachment_dl.php"); exit; } gen_error_400("unknown action '".$action[0]."'. use 'help' to view help"); exit;