UI improvements and more robust flag checks & submission
This commit is contained in:
32
__init__.py
32
__init__.py
@@ -5,6 +5,7 @@ from CTFd.utils.user import get_current_user, get_current_team
|
|||||||
from CTFd.utils.decorators import authed_only, admins_only, during_ctf_time_only
|
from CTFd.utils.decorators import authed_only, admins_only, during_ctf_time_only
|
||||||
from CTFd.utils.decorators.visibility import check_challenge_visibility
|
from CTFd.utils.decorators.visibility import check_challenge_visibility
|
||||||
from CTFd.plugins.flags import get_flag_class
|
from CTFd.plugins.flags import get_flag_class
|
||||||
|
from CTFd.plugins.challenges import get_chal_class
|
||||||
from CTFd.utils import get_config, set_config
|
from CTFd.utils import get_config, set_config
|
||||||
|
|
||||||
def load(app):
|
def load(app):
|
||||||
@@ -20,14 +21,13 @@ def load(app):
|
|||||||
return render_template('category_submit_settings.html', success=True,
|
return render_template('category_submit_settings.html', success=True,
|
||||||
categories=request.form.get('categories'),
|
categories=request.form.get('categories'),
|
||||||
cooldown=request.form.get('cooldown'))
|
cooldown=request.form.get('cooldown'))
|
||||||
|
|
||||||
return render_template('category_submit_settings.html',
|
return render_template('category_submit_settings.html',
|
||||||
categories=get_config('cat_sub_categories') or "",
|
categories=get_config('cat_sub_categories') or "",
|
||||||
cooldown=get_config('cat_sub_cooldown') or "3"
|
cooldown=get_config('cat_sub_cooldown') or "3"
|
||||||
)
|
)
|
||||||
|
|
||||||
@plugin_bp.route('/category_submit/config', methods=['GET'])
|
@plugin_bp.route('/category_submit/config', methods=['GET'])
|
||||||
@check_challenge_visibility # Matches challenge page visibility settings
|
@check_challenge_visibility
|
||||||
@during_ctf_time_only
|
@during_ctf_time_only
|
||||||
def get_plugin_config():
|
def get_plugin_config():
|
||||||
return jsonify({
|
return jsonify({
|
||||||
@@ -43,7 +43,7 @@ def load(app):
|
|||||||
user = get_current_user()
|
user = get_current_user()
|
||||||
team = get_current_team()
|
team = get_current_team()
|
||||||
category = request.form.get('category')
|
category = request.form.get('category')
|
||||||
provided_flag = request.form.get('submission', '').strip()
|
provided = request.form.get('submission', '').strip()
|
||||||
|
|
||||||
enabled_cats = [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()]
|
enabled_cats = [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()]
|
||||||
cooldown = int(get_config('cat_sub_cooldown') or 3)
|
cooldown = int(get_config('cat_sub_cooldown') or 3)
|
||||||
@@ -56,7 +56,7 @@ def load(app):
|
|||||||
if last_sub and (time.time() - last_sub.date.timestamp() < cooldown):
|
if last_sub and (time.time() - last_sub.date.timestamp() < cooldown):
|
||||||
return jsonify({'success': False, 'message': f'Wait {cooldown}s'})
|
return jsonify({'success': False, 'message': f'Wait {cooldown}s'})
|
||||||
|
|
||||||
# Find unsolved challenges
|
# Search unsolved challenges in this category
|
||||||
solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id)
|
solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id)
|
||||||
challenges = Challenges.query.filter(
|
challenges = Challenges.query.filter(
|
||||||
Challenges.category == category,
|
Challenges.category == category,
|
||||||
@@ -65,26 +65,28 @@ def load(app):
|
|||||||
).all()
|
).all()
|
||||||
|
|
||||||
for chall in challenges:
|
for chall in challenges:
|
||||||
for flag in Flags.query.filter_by(challenge_id=chall.id).all():
|
# 1. Manual check (no DB write)
|
||||||
|
flags = Flags.query.filter_by(challenge_id=chall.id).all()
|
||||||
|
for flag in flags:
|
||||||
try:
|
try:
|
||||||
if get_flag_class(flag.type).compare(flag, provided_flag):
|
if get_flag_class(flag.type).compare(flag, provided):
|
||||||
# USE NATIVE CTFd SOLVE LOGIC
|
# 2. Match found! Now use built-in CTFd methods.
|
||||||
# This handles Solves, Submissions, and Scoreboard updates correctly.
|
|
||||||
chal_class = get_chal_class(chall.type)
|
chal_class = get_chal_class(chall.type)
|
||||||
|
|
||||||
|
# attempt() creates the 'correct' Submission record
|
||||||
|
chal_class.attempt(chall, request)
|
||||||
|
|
||||||
|
# solve() creates the Solve record and awards points
|
||||||
chal_class.solve(user=user, team=team, challenge=chall, request=request)
|
chal_class.solve(user=user, team=team, challenge=chall, request=request)
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify({
|
return jsonify({'success': True, 'message': f'Correct! Solved: {chall.name}'})
|
||||||
'success': True,
|
|
||||||
'message': f'Correct! You solved: {chall.name}',
|
|
||||||
'challenge_id': chall.id # Pass this back to help the JS
|
|
||||||
})
|
|
||||||
except Exception: continue
|
except Exception: continue
|
||||||
|
|
||||||
# Log incorrect submission natively
|
# 3. No match: Log ONE incorrect attempt globally
|
||||||
db.session.add(Submissions(
|
db.session.add(Submissions(
|
||||||
user_id=user.id, team_id=team.id if team else None,
|
user_id=user.id, team_id=team.id if team else None,
|
||||||
challenge_id=None, ip=request.remote_addr, provided=provided_flag, type='incorrect'
|
challenge_id=None, ip=request.remote_addr, provided=provided, type='incorrect'
|
||||||
))
|
))
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify({'success': False, 'message': 'Incorrect Flag'})
|
return jsonify({'success': False, 'message': 'Incorrect Flag'})
|
||||||
|
|||||||
@@ -5,21 +5,21 @@
|
|||||||
const enabledCategories = config.categories || [];
|
const enabledCategories = config.categories || [];
|
||||||
document.querySelectorAll('.category-header').forEach(header => {
|
document.querySelectorAll('.category-header').forEach(header => {
|
||||||
const catName = header.textContent.trim();
|
const catName = header.textContent.trim();
|
||||||
if (enabledCategories.includes(catName) && !header.nextElementSibling.classList.contains('cat-sub-row')) {
|
|
||||||
|
// Check if already injected to prevent duplicates
|
||||||
|
if (enabledCategories.includes(catName) && !header.nextElementSibling?.classList.contains('cat-sub-row')) {
|
||||||
const row = document.createElement('div');
|
const row = document.createElement('div');
|
||||||
row.className = "cat-sub-row row mb-4 justify-content-center";
|
row.className = "cat-sub-row row mb-4 justify-content-center";
|
||||||
row.innerHTML = `
|
row.innerHTML = `
|
||||||
<div class="col-md-10">
|
<div class="col-md-10">
|
||||||
<div class="form-row">
|
<div class="input-group input-group-lg">
|
||||||
<div class="col-9">
|
<input type="text"
|
||||||
<input type="text"
|
class="form-control bg-dark text-light border-secondary"
|
||||||
class="form-control form-control-lg bg-dark text-light border-secondary"
|
placeholder="Submit ${catName} flag..."
|
||||||
placeholder="Submit a flag for ${catName}..."
|
id="in-${catName.replace(/\s+/g, '-')}"
|
||||||
id="in-${catName.replace(/\s+/g, '-')}"
|
autocomplete="off">
|
||||||
autocomplete="off">
|
<div class="input-group-append">
|
||||||
</div>
|
<button class="btn btn-success px-4" type="button">Submit</button>
|
||||||
<div class="col-3">
|
|
||||||
<button class="btn btn-success btn-lg btn-block" data-cat="${catName}">Submit</button>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="status-msg mt-2" style="min-height: 24px; font-weight: bold;"></div>
|
<div class="status-msg mt-2" style="min-height: 24px; font-weight: bold;"></div>
|
||||||
@@ -27,13 +27,13 @@
|
|||||||
`;
|
`;
|
||||||
header.after(row);
|
header.after(row);
|
||||||
|
|
||||||
row.querySelector('button').onclick = function() {
|
const input = row.querySelector('input');
|
||||||
const btn = this;
|
const btn = row.querySelector('button');
|
||||||
const container = row.querySelector('.col-md-10');
|
const msg = row.querySelector('.status-msg');
|
||||||
const input = container.querySelector('input');
|
|
||||||
const msg = container.querySelector('.status-msg');
|
const submitFlag = () => {
|
||||||
const val = input.value.trim();
|
const val = input.value.trim();
|
||||||
if (!val) return;
|
if (!val || btn.disabled) return;
|
||||||
|
|
||||||
btn.disabled = true;
|
btn.disabled = true;
|
||||||
msg.innerHTML = '<span class="text-info">Checking...</span>';
|
msg.innerHTML = '<span class="text-info">Checking...</span>';
|
||||||
@@ -50,14 +50,20 @@
|
|||||||
if (data.success) {
|
if (data.success) {
|
||||||
msg.innerHTML = `<span class="text-success">✔ ${data.message}</span>`;
|
msg.innerHTML = `<span class="text-success">✔ ${data.message}</span>`;
|
||||||
input.value = '';
|
input.value = '';
|
||||||
// Delay reload slightly so the user sees the success message
|
setTimeout(() => { window.location.reload(); }, 1000);
|
||||||
setTimeout(() => { window.location.reload(); }, 1200);
|
|
||||||
} else {
|
} else {
|
||||||
msg.innerHTML = `<span class="text-danger">✘ ${data.message}</span>`;
|
msg.innerHTML = `<span class="text-danger">✘ ${data.message}</span>`;
|
||||||
btn.disabled = false;
|
btn.disabled = false;
|
||||||
}
|
}
|
||||||
|
})
|
||||||
|
.catch(() => {
|
||||||
|
msg.innerHTML = '<span class="text-danger">Submission error</span>';
|
||||||
|
btn.disabled = false;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
btn.onclick = submitFlag;
|
||||||
|
input.onkeypress = (e) => { if (e.key === 'Enter') submitFlag(); };
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user