import time from flask import Blueprint, request, jsonify, render_template from CTFd.models import db, Challenges, Flags, Solves, Submissions from CTFd.utils.user import get_current_user, get_current_team from CTFd.utils.decorators import authed_only, admins_only, during_ctf_time_only from CTFd.utils.decorators.visibility import check_challenge_visibility from CTFd.plugins.flags import get_flag_class from CTFd.plugins.challenges import get_chal_class from CTFd.utils import get_config, set_config from CTFd.cache import clear_challenges, clear_standings def load(app): plugin_bp = Blueprint('category_submission', __name__, template_folder='templates', static_folder='assets') @plugin_bp.route('/admin/category_submission', methods=['GET', 'POST']) @admins_only def admin_settings(): if request.method == 'POST': set_config('cat_sub_categories', request.form.get('categories')) set_config('cat_sub_cooldown', request.form.get('cooldown')) return render_template('category_submit_settings.html', success=True, categories=request.form.get('categories'), cooldown=request.form.get('cooldown')) return render_template('category_submit_settings.html', categories=get_config('cat_sub_categories') or "", cooldown=get_config('cat_sub_cooldown') or "3" ) @plugin_bp.route('/category_submit/config', methods=['GET']) @check_challenge_visibility @during_ctf_time_only def get_plugin_config(): return jsonify({ 'categories': [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()], 'cooldown': int(get_config('cat_sub_cooldown') or 3) }) @plugin_bp.route('/category_submit', methods=['POST']) @authed_only @check_challenge_visibility @during_ctf_time_only def category_submit(): user = get_current_user() team = get_current_team() category = request.form.get('category') provided = request.form.get('submission', '').strip() enabled_cats = [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()] cooldown = int(get_config('cat_sub_cooldown') or 3) if category not in enabled_cats: return jsonify({'success': False, 'message': 'Invalid category'}) # 1. Rate Limiting last_sub = Submissions.query.filter_by(user_id=user.id).order_by(Submissions.date.desc()).first() if last_sub and (time.time() - last_sub.date.timestamp() < cooldown): return jsonify({'success': False, 'message': f'Wait {cooldown}s'}) # 2. Search unsolved challenges in this category solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id) challenges = Challenges.query.filter( Challenges.category == category, Challenges.state == 'visible', ~Challenges.id.in_(db.session.query(Solves.challenge_id).filter(solve_filter)) ).all() for chall in challenges: flags = Flags.query.filter_by(challenge_id=chall.id).all() for flag in flags: try: # Perform comparison in-memory to avoid cluttering logs with incorrects if get_flag_class(flag.type).compare(flag, provided): # 3. Match Found: Log the correct submission sub = Submissions( user_id=user.id, team_id=team.id if team else None, challenge_id=chall.id, ip=request.remote_addr, provided=provided, type='correct' ) db.session.add(sub) # 4. Native Solve Logic (Handles points and Solves table) chal_class = get_chal_class(chall.type) chal_class.solve(user=user, team=team, challenge=chall, request=request) # 5. Clear Caches so UI reflects changes immediately clear_challenges() clear_standings() db.session.commit() return jsonify({ 'success': True, 'message': f'Correct: {chall.name}', 'challenge_id': chall.id }) except Exception: continue # 6. No Match: Log exactly one incorrect attempt globally if (len(challenges) > 0): db.session.add(Submissions( user_id=user.id, team_id=team.id if team else None, challenge_id=challenges[0].id, ip=request.remote_addr, provided=provided, type='incorrect' )) db.session.commit() return jsonify({'success': False, 'message': 'Incorrect Flag'}) app.register_blueprint(plugin_bp) from CTFd.utils.plugins import register_script register_script('/assets/category_submit.js')