-
Notifications
You must be signed in to change notification settings - Fork 2
/
scoreboard.rb
206 lines (172 loc) · 4.82 KB
/
scoreboard.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
require 'rubygems'
require 'bundler'
require 'rake'
Bundler.require
enable :sessions
DataMapper.setup(:default, ENV['DATABASE_URL'] || "sqlite3://#{Dir.pwd}/blog.db")
class Competitor
include DataMapper::Resource
property :name, String, :key => true
property :score, Integer, :default => 0
property :correct, Text, :default => "[]"
property :created_at, DateTime
property :updated_at, DateTime
end
class Question
include DataMapper::Resource
property :question, String, :key => true
property :answer, String
property :points, Integer, :default => 5
end
class Competition
include DataMapper::Resource
property :id, Serial
property :active, Boolean, :default => false;
property :site1, String, :default => "http://vulnerable-1.com";
property :site2, String, :default => "http://vulnerable-2.com";
property :site3, String, :default => "http://vulnerable-3.com";
property :site4, String, :default => "http://vulnerable-4.com";
end
DataMapper.auto_upgrade!
def get_user
return nil if session["user"].nil?
@user = @user || Competitor.get(session["user"])
end
def get_site
site_count = 4
raise "no competition" unless active!
if get_user.nil?
Competition.first["site#{rand(1..site_count)}"]
else
Competition.first["site#{@user.name.to_s.sum% site_count+1}"]
end
end
get "/slides" do
erb :slides
end
get "/logout" do
session["user"] = nil
redirect "/"
end
get "/login" do
redirect "/" if params[:name].nil?
user = Competitor.get( params[:name] )
if user.nil?
session['message'] = "No Such User"
redirect '/'
else
session["user"]= user.name
session['message'] = "Click 'TARGET To Explore the Target Site'"
end
redirect "/"
end
get "/" do
if active!
@user = get_user
puts @user.score.to_s if [email protected]?
@message = session["message"]
session["message"] = nil
@completed = []
if not @user.nil?
@completed = JSON.load @user.correct
end
@site = get_site
@points = Question.all.reduce({}){ |dict,q| dict[q.question]=q.points; dict }
@competitors = Competitor.all
@total = 100
erb :index
else
redirect "/slides"
end
end
get '/tutorial' do
erb :tutorial
end
get '/answer' do
@title = session["title"] || "Error!"
@body = session["message"]
erb :answer
end
post '/answer' do
to_answer_page = '/answer'
user = get_user
if user.nil?
session["message"]="Invalid User"
redirect to_answer_page
end
qid=params[:question]
ans=params[:answer]
if (qid.nil? or ans.nil? or user.nil?)
session["message"] = "Bad Parameters, expected a Question and Answer"
redirect to_answer_page
end
question = Question.get(qid)
if question.nil?
session["message"] = "Bad Question"
redirect to_answer_page
end
answered = JSON.load( user.correct )
if answered.include?(qid)
session["message"] = "You Already Answered This Question!"
redirect to_answer_page
end
if ans.downcase == question.answer.downcase
logger.info "The Score was #{user.score}"
user.score = user.score + question.points
user.correct = JSON.dump(answered.push(qid)).to_s
logger.info "Errors on Score? #{user.errors.on(:score)}"
logger.info "Errors on Correct? #{user.errors.on(:correct)}"
logger.info "User is valid? #{user.valid?}"
success = user.save
logger.info "Save was sucessful? #{success}"
puts "The Score is now #{user.score}"
session["title"] = "CORRECT"
session["message"] = "Correct! Your Score is #{user.score.to_s}"
else
session["title"] = "INCORRECT"
session["message"] = "That is not correct, your score is still #{user.score.to_s}"
end
redirect to_answer_page
end
get '/admin' do
protected!
@competitors = Competitor.all
@total = @competitors.size
@questions = Question.all
@answered = @questions.reduce({}){|count,qq| count[ qq.question ]||=0; count }
@answered = Competitor.all.reduce(@answered) do |count,user|
(JSON.load(user.correct)).map{ |item| count[item] += 1 }
count
end
@active = active!
erb :admin
end
get '/admin/disable' do
protected!
Competition.all.each{|c| c.active=false; c.save}
redirect "/admin"
end
get '/admin/start' do
protected!
comp = Competition.first_or_create({ :id => 1 })
comp.active = true;
comp.save;
redirect "/admin"
end
get '/admin/rake/:task' do
end
helpers do
def protected!
unless authorized?
response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
throw(:halt, [401, "Not authorized\n"])
end
end
def authorized?
@auth ||= Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == [ENV["ADMIN_USERNAME"] || 'admin', ENV["ADMIN_PASSWORD"] || 'admin' ]
end
end
def active!
Competition.all.map{|c| c.active }.any?
end