From cfc413f7825326f97e4b82bd91dda1c570136976 Mon Sep 17 00:00:00 2001 From: James Wang Date: Wed, 23 Dec 2015 23:31:50 -0500 Subject: [PATCH 1/5] Validate recaptcha for registration --- scripts/requirements.txt | 3 ++- server/api/user.py | 14 ++++++++++++++ web/js/register.js | 9 ++++++--- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/scripts/requirements.txt b/scripts/requirements.txt index 08461f8..e0f3b60 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -2,4 +2,5 @@ Flask mysql-python Flask-SQLAlchemy SQLAlchemy -gunicorn \ No newline at end of file +gunicorn +requests \ No newline at end of file diff --git a/server/api/user.py b/server/api/user.py index 53bfe13..be8bf1f 100644 --- a/server/api/user.py +++ b/server/api/user.py @@ -4,6 +4,7 @@ from flask import current_app as app from models import db, Users from utils import api_wrapper +import requests import utils blueprint = Blueprint("user", __name__) @@ -11,6 +12,9 @@ blueprint = Blueprint("user", __name__) @blueprint.route("/register", methods=["POST"]) @api_wrapper def user_register(): + if not validate_captcha(request.form): + return { "success": 0, "message": "Please do the captcha." } + name = request.form["name"] username = request.form["username"] password = request.form["password"] @@ -59,3 +63,13 @@ def add_user(name, username, email, password): user = Users(name, username, email, password) db.session.add(user) db.session.commit() + +def validate_captcha(form): + if "captcha_response" not in form: + return False + captcha_response = form["captcha_response"] + data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response} + response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data) + if response.json()["success"]: + return True + return False diff --git a/web/js/register.js b/web/js/register.js index 7a59132..be3fb03 100644 --- a/web/js/register.js +++ b/web/js/register.js @@ -1,19 +1,22 @@ $("#registration-form").on("submit", function(e) { e.preventDefault(); - register($("#name").val(), $("#username").val(), $("#password").val(), $("#password_confirm").val(), $("#email").val()); + register($("#name").val(), $("#username").val(), $("#password").val(), $("#password_confirm").val(), $("#email").val(), $("#g-recaptcha-response").val()); }); -function register(name, username, password, password_confirm, email) { +function register(name, username, password, password_confirm, email, captcha_response) { $.post("/api/user/register", { name: name, username: username, password: password, password_confirm: password_confirm, - email: email + email: email, + captcha_response: captcha_response }, function(data) { $("#status").text(data.message); if (data.success == 1) { // wait then redirect or whatever + } else { + grecaptcha.reset(); } }); } From 5e38e44aa0c5c5054945a4a8d36044fe973b0c55 Mon Sep 17 00:00:00 2001 From: CommanderStrax Date: Wed, 23 Dec 2015 22:39:30 -0600 Subject: [PATCH 2/5] Rebulked the About page --- web/about.html | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/web/about.html b/web/about.html index ea58eb1..58c0fbe 100644 --- a/web/about.html +++ b/web/about.html @@ -22,16 +22,18 @@ - -

No, we're not running around in a gym, tagging other players. Capture the flag contests, or CTFs for short, are intense cybersecurity contests where participants try to capture a piece of information. To do this, they must use skills to capture a virtual flag, usually taking the form of a string, like this: flag{this_is_a_flag}. There are two common types of CTF competitions: jeopardy, and attack-defense.

-

CTFs are different from the hacking you may hear from the news. While hacking is commonly associated with stealing and destruction, CTFs are all about learning and community.

- +

Capture the Flag? Hope you brought your gym clothes! Just kidding. This time we promise no one will end up with a floor burn. Capture the flag contests, or CTFs for short, are intense cybersecurity contests that take place all over the world. To hit the top of the scoreboard, participants (and their teammates) must capture a piece of information, known as a flag. All of our problems will, after a little bit of this and that, will provide you with a flag which you can submit for points. Harder problems are worth more points. With most CTFs, it can be hard to determine whether or not you have the flag. Sometimes it's a long string of numbers or letters and it's hard to distinguish from the sorrounding code. Here at EasyCTF, our flags -- when you find them -- will look something like this: flag{this_is_a_flag}. Simply enter in the data between the curly braces (case-insensative) and you'll get your due points. The more flags you find, and the harder flags you find, the easier it will be for you to move up the scoreboard. If you are in one of the highest scoring teams at the end of the competition, your team will win bragging rights, and some pretty cool prizes.

- -

EasyCTF is a CTF that's tailored for the high school level. Started by high school students, it was created with a passion for learning. The following events have passed, but the site will remain online for historical purposes.

+

Yes and no. Despite the connotation "hacking" has recieved in contemporary culture and media, hacking is more or less split up into two categorizations, Black Hat and White Hat. Black Hat hackers are the ones you hear about on the news; attacking websites and their accounts to steal information or money. They attack without warning, all for their own benefit. Black Hat hackers go to prison. White Hat hackers, while rarely in the news, are the men and women who, with permission, attack a website or service in order to find holes in the security and report them to the owners for patching. The types of hacking you will be doing in the competition are created by the EasyCTF team just for you. Take part in EasyCTF to show off your skills as a white hat hacker.

+ +

EasyCTF is a CTF that's tailored for the high school level. Started by high school students, it was created with a passion for learning. With computer science related fields doubling in size over the next decade, The United States, and the world are short on programmers. The world has started to focus in on the youth of the world, from teenagers all the way down to five and six year olds. Being the future of the world, it is imperative a large enough percentage of the population is trained and educated to handle the constant progession of technology. We, the EasyCTF team, have put in countless hours to provide you with a fun, inviting experiance for you and your friends to gang up and hack away. Our challenges range cover significant topics in contemporary computer science such cryptography, web, programming, binary and even more. Here at EasyCTF, we hope to provide you with a fun, competetive, educational, and safe enviroment where you, your friends, or your peers can show off your skills behind the keyboard for the world to see. Good luck, see you soon!

+ +
+
From 564a44ef61c69435cd673ca9e896b4dad3a00a02 Mon Sep 17 00:00:00 2001 From: CommanderStrax Date: Wed, 23 Dec 2015 22:48:41 -0600 Subject: [PATCH 3/5] Reworded registration options --- web/register.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/web/register.html b/web/register.html index 60bf1d0..60ece5e 100644 --- a/web/register.html +++ b/web/register.html @@ -22,16 +22,16 @@

+ +



- -

From 63dddf24889642934907d6388570b0178cb8ccd5 Mon Sep 17 00:00:00 2001 From: CommanderStrax Date: Wed, 23 Dec 2015 22:51:21 -0600 Subject: [PATCH 4/5] Added notice to registration page --- web/register.html | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/web/register.html b/web/register.html index 60ece5e..042e78b 100644 --- a/web/register.html +++ b/web/register.html @@ -49,10 +49,9 @@

-

- +
+

Don't worry, you can make or join a team after you register.

+
From 31365a72520a0ba622c0aeb60659770ab285033f Mon Sep 17 00:00:00 2001 From: CommanderStrax Date: Wed, 23 Dec 2015 22:53:27 -0600 Subject: [PATCH 5/5] Note about reCAPTCHA Error --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f0ffa5b..5f9d11d 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ If you have any issues during installation, file an issue. ## Notes ####reCAPTCHA + +Do not worry if you see "ERROR: Invalid domain for site key", the reCAPTCHA expects to be hosted on the domain "easyctf.com" and will not function properly until it is. Site Key: *6Lc4xhMTAAAAAIaiF3yEWGbHRaGgMg4FHor61p1G* Secret Key: *6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu*