me/ctfd-category-submit-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refine UI and bug fix challenge solving

Browse Source
This commit is contained in:
Matthew Grove
2026-01-05 22:25:31 +00:00
parent 03d5da76d0
commit 43169288b1
2 changed files with 49 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
__init__.py
View File

@@ -54,12 +54,10 @@ def load(app):
# Rate Limiting # Rate Limiting
last_sub = Submissions.query.filter_by(user_id=user.id).order_by(Submissions.date.desc()).first() last_sub = Submissions.query.filter_by(user_id=user.id).order_by(Submissions.date.desc()).first()
if last_sub and (time.time() - last_sub.date.timestamp() < cooldown): if last_sub and (time.time() - last_sub.date.timestamp() < cooldown):
return jsonify({'success': False, 'message': f'Wait {cooldown}s between tries'}) return jsonify({'success': False, 'message': f'Wait {cooldown}s'})
# Optimized Solve Check (Unified User/Team Mode) # Find unsolved challenges
solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id) solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id)
# Only query unsolved challenges in the specific category
challenges = Challenges.query.filter( challenges = Challenges.query.filter(
Challenges.category == category, Challenges.category == category,
Challenges.state == 'visible', Challenges.state == 'visible',
@@ -69,22 +67,21 @@ def load(app):
for chall in challenges: for chall in challenges:
for flag in Flags.query.filter_by(challenge_id=chall.id).all(): for flag in Flags.query.filter_by(challenge_id=chall.id).all():
try: try:
# Supports Static, Regex, and Case-Insensitive flags via CTFd internal classes
if get_flag_class(flag.type).compare(flag, provided_flag): if get_flag_class(flag.type).compare(flag, provided_flag):
solve = Solves( # USE NATIVE CTFd SOLVE LOGIC
user_id=user.id, team_id=team.id if team else None, # This handles Solves, Submissions, and Scoreboard updates correctly.
challenge_id=chall.id, ip=request.remote_addr, provided=provided_flag chal_class = get_chal_class(chall.type)
) chal_class.solve(user=user, team=team, challenge=chall, request=request)
db.session.add(solve)
db.session.add(Submissions(
user_id=user.id, team_id=team.id if team else None,
challenge_id=chall.id, ip=request.remote_addr, provided=provided_flag, type='correct'
))
db.session.commit() db.session.commit()
return jsonify({'success': True, 'message': f'Correct: {chall.name}'}) return jsonify({
'success': True,
'message': f'Correct! You solved: {chall.name}',
'challenge_id': chall.id # Pass this back to help the JS
})
except Exception: continue except Exception: continue
# Record failed attempt for audit/brute-force detection # Log incorrect submission natively
db.session.add(Submissions( db.session.add(Submissions(
user_id=user.id, team_id=team.id if team else None, user_id=user.id, team_id=team.id if team else None,
challenge_id=None, ip=request.remote_addr, provided=provided_flag, type='incorrect' challenge_id=None, ip=request.remote_addr, provided=provided_flag, type='incorrect'

71
assets/category_submit.js
View File

@@ -1,52 +1,44 @@
(function() { (function() {
if (window.location.pathname !== '/challenges') return; if (window.location.pathname !== '/challenges') return;
function injectSubmissionBoxes(config) { function injectBoxes(config) {
const enabledCategories = config.categories || []; const enabledCategories = config.categories || [];
const headers = document.querySelectorAll('.category-header'); document.querySelectorAll('.category-header').forEach(header => {
headers.forEach(header => {
const catName = header.textContent.trim(); const catName = header.textContent.trim();
const alreadyInjected = header.nextElementSibling && if (enabledCategories.includes(catName) && !header.nextElementSibling.classList.contains('cat-sub-row')) {
header.nextElementSibling.classList.contains('cat-sub-row');
if (enabledCategories.includes(catName) && !alreadyInjected) {
// Create a row container to match CTFd's grid layout
const row = document.createElement('div'); const row = document.createElement('div');
row.className = "cat-sub-row row mb-4 justify-content-center"; row.className = "cat-sub-row row mb-4 justify-content-center";
// Use col-md-8 or 10 to keep the box from being too wide
row.innerHTML = ` row.innerHTML = `
<div class="col-md-10"> <div class="col-md-10">
<div class="input-group custom-sub-group"> <div class="form-row">
<div class="col-9">
<input type="text" <input type="text"
class="form-control form-control-lg border-secondary bg-dark text-light" class="form-control form-control-lg bg-dark text-light border-secondary"
placeholder="Found a flag for ${catName}?" placeholder="Submit a flag for ${catName}..."
id="in-${catName.replace(/\s+/g, '-')}" id="in-${catName.replace(/\s+/g, '-')}"
autocomplete="off" autocomplete="off">
style="border-color: rgba(255,255,255,0.1) !important;"> </div>
<div class="input-group-append"> <div class="col-3">
<button class="btn btn-success btn-lg px-4 btn-sub" data-cat="${catName}">Submit</button> <button class="btn btn-success btn-lg btn-block" data-cat="${catName}">Submit</button>
</div> </div>
</div> </div>
<div class="status-msg mt-2" style="min-height: 24px; font-weight: bold;"></div>
</div> </div>
`; `;
header.after(row); header.after(row);
row.querySelector('button').onclick = function() { row.querySelector('button').onclick = function() {
const btn = this; const btn = this;
const input = document.getElementById(`in-${catName.replace(/\s+/g, '-')}`); const container = row.querySelector('.col-md-10');
const input = container.querySelector('input');
const msg = container.querySelector('.status-msg');
const val = input.value.trim(); const val = input.value.trim();
if (!val) return; if (!val) return;
btn.disabled = true; btn.disabled = true;
msg.innerHTML = '<span class="text-info">Checking...</span>';
const params = new URLSearchParams({ const params = new URLSearchParams({ submission: val, category: catName, nonce: init.csrfNonce });
submission: val,
category: catName,
nonce: init.csrfNonce
});
fetch('/category_submit', { fetch('/category_submit', {
method: 'POST', method: 'POST',
@@ -55,33 +47,28 @@
}) })
.then(r => r.json()) .then(r => r.json())
.then(data => { .then(data => {
alert(data.message); if (data.success) {
if (data.success) location.reload(); msg.innerHTML = `<span class="text-success">✔ ${data.message}</span>`;
btn.disabled = false; input.value = '';
}) // Delay reload slightly so the user sees the success message
.catch(() => { setTimeout(() => { window.location.reload(); }, 1200);
alert("Error submitting flag."); } else {
msg.innerHTML = `<span class="text-danger">✘ ${data.message}</span>`;
btn.disabled = false; btn.disabled = false;
}
}); });
}; };
} }
}); });
} }
fetch('/category_submit/config') fetch('/category_submit/config').then(r => r.json()).then(config => {
.then(r => r.json()) injectBoxes(config);
.then(config => {
injectSubmissionBoxes(config);
let timeout;
const observer = new MutationObserver(() => { const observer = new MutationObserver(() => {
clearTimeout(timeout);
timeout = setTimeout(() => {
observer.disconnect(); observer.disconnect();
injectSubmissionBoxes(config); injectBoxes(config);
observer.observe(document.body, { childList: true, subtree: true }); observer.observe(document.body, { childList: true, subtree: true });
}, 200);
}); });
observer.observe(document.body, { childList: true, subtree: true }); observer.observe(document.body, { childList: true, subtree: true });
}) });
.catch(err => console.error("Could not load category submission config", err));
})(); })();