127 lines
3.5 KiB
PHP
127 lines
3.5 KiB
PHP
<?php
|
|
|
|
set_time_limit(0);
|
|
ob_implicit_flush(true);
|
|
ignore_user_abort(true);
|
|
@ini_set("expose_php", "off");
|
|
header_remove();
|
|
date_default_timezone_set("Asia/Shanghai");
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Content-type: text/plain; charset=utf-8");
|
|
header("Content-Encoding: none");
|
|
header("Cache-Control: no-store, max-age=0, must-revalidate");
|
|
header("X-Accel-Buffering: no");
|
|
|
|
//error_reporting(0);
|
|
error_reporting(E_ALL);
|
|
|
|
require_once(__DIR__."/phplib/libutil.php");
|
|
require_once(__DIR__."/phplib/libcustomerrorgen.php");
|
|
require_once(__DIR__."/phplib/libteamtokenverifier.php");
|
|
require_once(__DIR__."/phplib/libteaminfo.php");
|
|
require_once(__DIR__."/phplib/libteamhashgen.php");
|
|
require_once(__DIR__."/phplib/libchallengelist.php");
|
|
require_once(__DIR__."/phplib/libattachmentmaker.php");
|
|
require_once(__DIR__."/phplib/libtemplate_replace_anchor.php");
|
|
|
|
$query=query2param();
|
|
|
|
if($query===false) {
|
|
gen_error_400("query string not found.");
|
|
exit;
|
|
}
|
|
|
|
if(!array_key_exists("action", $query)||gettype($query["action"])!="string") {
|
|
gen_error_400("key \"action\" not found or has an invalid type. use 'help' to view help");
|
|
exit;
|
|
}
|
|
|
|
$action=$query["action"];
|
|
$action=explode(",", $action);
|
|
|
|
|
|
//check if requested to show the help info before parsing game param
|
|
|
|
if($action[0]=="help") {
|
|
echo "notice: use comma(',') to split args\n";
|
|
echo "all available commands:\n";
|
|
echo " user-panel: display a interactive content for user\n";
|
|
echo " team-info: show your team info as json\n";
|
|
echo " challenge-list: list all challenges as json which are defined internally\n";
|
|
echo " attachment-dl <cid or alias>: download attachment for challenge <cid>, or interact with it\n";
|
|
echo " external-flag <cid or alias>: used for dispatching flags for external containers that cannot be changed easily\n";
|
|
exit;
|
|
}
|
|
|
|
|
|
if(!array_key_exists("game", $query)||gettype($query["game"])!="string"||strlen($query["game"])<=0) {
|
|
gen_error_400("key \"game\" not found or is empty, or has an invalid type.");
|
|
exit;
|
|
}
|
|
|
|
require(__DIR__."/phplib/libvar_gsec.php");
|
|
|
|
$game=$query["game"];
|
|
|
|
if(!array_key_exists($game, $gsecret_l)) {
|
|
gen_error_400("game '".$game."' is not found in config file.");
|
|
exit;
|
|
}
|
|
|
|
$ginfo=$gsecret_l[$game];
|
|
unset($gsecret_l);
|
|
|
|
//do actions that do not need team_token auth
|
|
//only $action and $game is set here
|
|
|
|
if($action[0]=="external-flag") {
|
|
require(__DIR__."/incl_external_flag.php");
|
|
exit;
|
|
}
|
|
|
|
if(!array_key_exists("ttoken", $query)||gettype($query["ttoken"])!="string"||strlen($query["ttoken"])<=0) {
|
|
gen_error_400("key \"ttoken\" not found or is empty, or has an invalid type.");
|
|
exit;
|
|
}
|
|
|
|
$team_token=$query["ttoken"];
|
|
|
|
//verify the [game, team-hash] pair (team_token auth)
|
|
|
|
if(!verify_team_token($ginfo["gpub"], $team_token)) {
|
|
gen_error_400("the team token provided is not valid: ".$team_token);
|
|
exit;
|
|
}
|
|
|
|
$team_id=explode(":", $team_token)[0];
|
|
$team_id="team_".$team_id;
|
|
|
|
|
|
//do actions (require files) depend on the request
|
|
//$action, $game, $ginfo, $team_id, $team_token is set
|
|
|
|
if($action[0]=="user-panel") {
|
|
require(__DIR__."/incl_user_panel.php");
|
|
exit;
|
|
}
|
|
|
|
if($action[0]=="team-info") {
|
|
require(__DIR__."/incl_get_team_info.php");
|
|
exit;
|
|
}
|
|
|
|
if($action[0]=="challenge-list") {
|
|
require(__DIR__."/incl_challenge_list.php");
|
|
exit;
|
|
}
|
|
|
|
if($action[0]=="attachment-dl") {
|
|
require(__DIR__."/incl_attachment_dl.php");
|
|
exit;
|
|
}
|
|
|
|
|
|
|
|
gen_error_400("unknown action '".$action[0]."'. use 'help' to view help");
|
|
exit;
|