From 16733cc00a43ced7c9a18ea821e70be922029763 Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sat, 2 Jan 2016 13:20:12 -0500
Subject: [PATCH 1/3] Use better method for displaying messages

---
 web/js/admin/problem.js | 11 +++++
 web/js/easyctf.js       | 99 ++++++++++++++++++++++-------------------
 web/js/login.js         |  5 ++-
 web/js/register.js      |  3 ++
 web/pages/login.html    |  2 +-
 web/pages/register.html |  4 +-
 6 files changed, 75 insertions(+), 49 deletions(-)
 create mode 100644 web/js/admin/problem.js

diff --git a/web/js/admin/problem.js b/web/js/admin/problem.js
new file mode 100644
index 0000000..2adbfb1
--- /dev/null
+++ b/web/js/admin/problem.js
@@ -0,0 +1,11 @@
+function add_problem(name, category, description, hint, flag, value) {
+    $.post("/api/problem/add", {
+        name: name,
+        category: category,
+        hint: hint,
+        flag: flag,
+        value: value
+    }, function(data) {
+
+    })
+}
diff --git a/web/js/easyctf.js b/web/js/easyctf.js
index 3f42a83..1237680 100644
--- a/web/js/easyctf.js
+++ b/web/js/easyctf.js
@@ -1,51 +1,60 @@
 var app = angular.module("easyctf", [ "ngRoute" ]);
 app.config(function($routeProvider, $locationProvider) {
-	$routeProvider.when("/", {
-		templateUrl: "pages/home.html",
-		controller: "mainController"
-	})
-	.when("/about", {
-		templateUrl: "pages/about.html",
-		controller: "mainController"
-	})
-	.when("/register", {
-		templateUrl: "pages/register.html",
-		controller: "mainController"
-	})
-	.when("/login", {
-		templateUrl: "pages/login.html",
-		controller: "mainController"
-	})
-	.when("/chat", {
-		templateUrl: "pages/chat.html",
-		controller: "mainController"
-	})
-	.when("/updates", {
-		templateUrl: "pages/updates.html",
-		controller: "mainController"
-	})
-	.when("/problems", {
-		templateUrl: "pages/problems.html",
-		controller: "mainController"
-	})
-	.when("/programming", {
-		templateUrl: "pages/programming.html",
-		controller: "mainController"
-	})
-	.when("/shell", {
-		templateUrl: "pages/shell.html",
-		controller: "mainController"
-	})
-	.when("/rules", {
-		templateUrl: "pages/rules.html",
-		controller: "mainController"
-	})
-	.when("/scoreboard", {
-		templateUrl: "pages/scoreboard.html",
-		controller: "mainController"
-	});
-	$locationProvider.html5Mode(true);
+    $routeProvider.when("/", {
+        templateUrl: "pages/home.html",
+        controller: "mainController"
+    })
+    .when("/about", {
+        templateUrl: "pages/about.html",
+        controller: "mainController"
+    })
+    .when("/register", {
+        templateUrl: "pages/register.html",
+        controller: "mainController"
+    })
+    .when("/login", {
+        templateUrl: "pages/login.html",
+        controller: "mainController"
+    })
+    .when("/chat", {
+        templateUrl: "pages/chat.html",
+        controller: "mainController"
+    })
+    .when("/updates", {
+        templateUrl: "pages/updates.html",
+        controller: "mainController"
+    })
+    .when("/problems", {
+        templateUrl: "pages/problems.html",
+        controller: "mainController"
+    })
+    .when("/programming", {
+        templateUrl: "pages/programming.html",
+        controller: "mainController"
+    })
+    .when("/shell", {
+        templateUrl: "pages/shell.html",
+        controller: "mainController"
+    })
+    .when("/rules", {
+        templateUrl: "pages/rules.html",
+        controller: "mainController"
+    })
+    .when("/scoreboard", {
+        templateUrl: "pages/scoreboard.html",
+        controller: "mainController"
+    });
+    $locationProvider.html5Mode(true);
 });
 app.controller("mainController", function($scope) {
 
 });
+
+function display_message(containerId, alertType, message, callback) {
+    $("#" + containerId).html('<div class="alert alert-' + alertType + '">' + message + '</div>');
+    $("#" + containerId).hide().slideDown("fast", "swing", function() {
+        window.setTimeout(function () {
+            $("#" + containerId).slideUp("fast", "swing", callback);
+        });
+    }, 2000);
+}
diff --git a/web/js/login.js b/web/js/login.js
index f0335cb..74a7c97 100644
--- a/web/js/login.js
+++ b/web/js/login.js
@@ -4,13 +4,16 @@ $("#login-form").on("submit", function(e) {
 });
 
 function login(email, password) {
+    $("#login").attr("disabled", "disabled");
     $.post("/api/user/login", {
         email: email,
         password: password
     }, function(data) {
-        $("#status").text(data.message);
         if (data.success == 1) {
+            display_message("status", "success", "Success!", function() {$("#login").removeAttr("disabled");});
             // wait then redirect or whatever
+        } else {
+            display_message("status", "warning", data.message, function() {$("#login").removeAttr("disabled");});
         }
     });
 }
diff --git a/web/js/register.js b/web/js/register.js
index be3fb03..d6bc090 100644
--- a/web/js/register.js
+++ b/web/js/register.js
@@ -4,6 +4,7 @@ $("#registration-form").on("submit", function(e) {
 });
 
 function register(name, username, password, password_confirm, email, captcha_response) {
+    $("#register").attr("disabled", "disabled");
     $.post("/api/user/register", {
         name: name,
         username: username,
@@ -14,8 +15,10 @@ function register(name, username, password, password_confirm, email, captcha_res
     }, function(data) {
         $("#status").text(data.message);
         if (data.success == 1) {
+            display_message("status", "success", "Success!", function() {$("#register").removeAttr("disabled")});
             // wait then redirect or whatever
         } else {
+            display_message("status", "warning", data.message, function() {$("#register").removeAttr("disabled")});
             grecaptcha.reset();
         }
     });
diff --git a/web/pages/login.html b/web/pages/login.html
index 388e6a6..d968590 100644
--- a/web/pages/login.html
+++ b/web/pages/login.html
@@ -4,7 +4,7 @@
 		<form id="login-form">
 			<input type="text" class="form-control" placeholder="Email" id="email">
 			<input type="password" id="password" name="password" placeholder="Password" class="form-control">
-			<input type="submit" class="btn btn-lg btn-success" value="Login">
+			<input id="login" type="submit" class="btn btn-lg btn-success" value="Login">
 		</form>
 	</div>
 	<div id="status"></div>
diff --git a/web/pages/register.html b/web/pages/register.html
index 8556dae..a991da4 100644
--- a/web/pages/register.html
+++ b/web/pages/register.html
@@ -51,14 +51,14 @@
 					<br>
 				</div>
 
-				<div id="status"></div>
 				<label>I have read and I agree to <a href="/rules" target="_blank">EasyCTF Rules</a>.</label>
 				<br>
 				<br>
 				<input class="style2" type="checkbox" class="form-control" value="didRead">
 				<br>
-				<input class="style3" type="submit" class="btn btn-lg btn-success" value="Register">
+				<input id="register" class="style3" type="submit" class="btn btn-lg btn-success" value="Register">
 			</div>
 		</form>
+		<div id="status"></div>
 	</div>
 </div>

From 9b50731b9bfbe3a15e29ff4707cb4d490ff5dcdb Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sat, 2 Jan 2016 13:26:02 -0500
Subject: [PATCH 2/3] Use "danger" class instead of "warning" for error
 messages

---
 web/js/login.js    | 2 +-
 web/js/register.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/js/login.js b/web/js/login.js
index 74a7c97..fc6e65e 100644
--- a/web/js/login.js
+++ b/web/js/login.js
@@ -13,7 +13,7 @@ function login(email, password) {
             display_message("status", "success", "Success!", function() {$("#login").removeAttr("disabled");});
             // wait then redirect or whatever
         } else {
-            display_message("status", "warning", data.message, function() {$("#login").removeAttr("disabled");});
+            display_message("status", "danger", data.message, function() {$("#login").removeAttr("disabled");});
         }
     });
 }
diff --git a/web/js/register.js b/web/js/register.js
index d6bc090..bf1fcf4 100644
--- a/web/js/register.js
+++ b/web/js/register.js
@@ -18,7 +18,7 @@ function register(name, username, password, password_confirm, email, captcha_res
             display_message("status", "success", "Success!", function() {$("#register").removeAttr("disabled")});
             // wait then redirect or whatever
         } else {
-            display_message("status", "warning", data.message, function() {$("#register").removeAttr("disabled")});
+            display_message("status", "danger", data.message, function() {$("#register").removeAttr("disabled")});
             grecaptcha.reset();
         }
     });

From 3fd098226f258ae7897652217758d344302e3753 Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sat, 2 Jan 2016 13:40:56 -0500
Subject: [PATCH 3/3] Implement the admins_only decorator

---
 server/api/decorators.py | 15 ++-------------
 server/api/problem.py    |  3 +--
 server/api/user.py       |  3 ++-
 3 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/server/api/decorators.py b/server/api/decorators.py
index 546ff55..44552cf 100644
--- a/server/api/decorators.py
+++ b/server/api/decorators.py
@@ -6,25 +6,14 @@ from flask import session
 
 class WebException(Exception): pass
 
-def login_required(f):
-    @wraps(f)
-    def decorated_function(*args, **kwargs):
-        return f(*args, **kwargs)
-    return decorated_function
-
 def admins_only(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
+        if "admin" not in session and not session["admin"]:
+            return { "success": 0, "message": "Not authorized." }
         return f(*args, **kwargs)
     return decorated_function
 
-def check_csrf(f):
-    @wraps(f)
-    @login_required
-    def wrapper(*args, **kwds):
-        return f(*args, **kwds)
-    return wrapper
-
 def api_wrapper(f):
     @wraps(f)
     def wrapper(*args, **kwds):
diff --git a/server/api/problem.py b/server/api/problem.py
index d55a1f5..5aa9820 100644
--- a/server/api/problem.py
+++ b/server/api/problem.py
@@ -4,7 +4,7 @@ from flask import Blueprint, session, request
 from flask import current_app as app
 
 from models import db, Problems, Solves, Teams
-from decorators import admins_only, api_wrapper, login_required
+from decorators import admins_only, api_wrapper
 
 blueprint = Blueprint("problem", __name__)
 
@@ -72,7 +72,6 @@ def problem_update():
 
 @blueprint.route("/submit", methods=["POST"])
 @api_wrapper
-@login_required
 def problem_submit():
     pid = request.form["pid"]
     flag = request.form["flag"]
diff --git a/server/api/user.py b/server/api/user.py
index 1cdbe45..9a07f05 100644
--- a/server/api/user.py
+++ b/server/api/user.py
@@ -59,7 +59,8 @@ def user_login():
 
     if utils.check_password(user.password, password):
         session["username"] = user.username
-        session["admin"] = user.admin
+        if user.admin:
+            session["admin"] = True
         session["logged_in"] = True
         return { "success": 1, "message": "Success!" }
     else: