S2OJ/web/app/libs/uoj-security-lib.php

<?php

function getPasswordToStore($password, $username) {
	return md5($username . $password);
}
function checkPassword($user, $password) {
	return $user['password'] == md5($user['username'] . $password);
}
function getPasswordClientSalt() {
	return UOJConfig::$data['security']['user']['client_salt'];
}

function crsf_token() {
	if (!isset($_SESSION['_token'])) {
		$_SESSION['_token'] = uojRandString(60);
	}
	return $_SESSION['_token'];
}
function crsf_check() {
	if (isset($_POST['_token'])) {
		$_token = $_POST['_token'];
	} elseif (isset($_GET['_token'])) {
		$_token = $_GET['_token'];
	} else {
		return false;
	}
	return $_token === $_SESSION['_token'];
}
function crsf_defend() {
	if (!crsf_check()) {
		UOJResponse::page403('页面已过期（可能页面真的过期了，也可能是刚才你访问的网页没有完全加载，也可能是你的浏览器版本太老）');
	}
}

function submission_frequency_check() {
	$recent = clone UOJTime::$time_now;
	$recent->sub(new DateInterval("PT1S"));
	$num = DB::selectCount([
		"select count(*) from submissions",
		"where", [
			"submitter" => Auth::id(),
			["submit_time", ">=", $recent->format('Y-m-d H:i:s')]
		]
	]);
	if ($num >= 1) {
		return false;
	}

	// use the implementation below if OJ is under attack
	/*
	// 1
	$recent = clone UOJTime::$time_now;
	$recent->sub(new DateInterval("PT3S"));
	$num = DB::selectCount([
		"select count(*) from submissions",
		"where", [
			"submitter" => Auth::id(),
			["submit_time", ">=", $recent->format('Y-m-d H:i:s')]
		]
	]);
	if ($num >= 1) {
		return false;
	}
	
	// 2
	$recent = clone UOJTime::$time_now;
	$recent->sub(new DateInterval("PT1M"));
	$num = DB::selectCount([
		"select count(*) from submissions",
		"where", [
			"submitter" => Auth::id(),
			["submit_time", ">=", $recent->format('Y-m-d H:i:s')]
		]
	]);
	if ($num >= 6) {
		return false;
	}
	
	// 3
	$recent = clone UOJTime::$time_now;
	$recent->sub(new DateInterval("PT30M"));
	$num = DB::selectCount([
		"select count(*) from submissions",
		"where", [
			"submitter" => Auth::id(),
			["submit_time", ">=", $recent->format('Y-m-d H:i:s')]
		]
	]);
	if ($num >= 30) {
		return false;
	}
	*/
	
	return true;
}
Initial commit 2016-07-18 16:39:37 +00:00			`<?php`

			`function getPasswordToStore($password, $username) {`
			`return md5($username . $password);`
			`}`
			`function checkPassword($user, $password) {`
Reformated with php-cs-fixer 2020-06-25 12:41:16 +00:00			`return $user['password'] == md5($user['username'] . $password);`
Initial commit 2016-07-18 16:39:37 +00:00			`}`
			`function getPasswordClientSalt() {`
			`return UOJConfig::$data['security']['user']['client_salt'];`
			`}`

			`function crsf_token() {`
			`if (!isset($_SESSION['_token'])) {`
			`$_SESSION['_token'] = uojRandString(60);`
			`}`
			`return $_SESSION['_token'];`
			`}`
			`function crsf_check() {`
			`if (isset($_POST['_token'])) {`
			`$_token = $_POST['_token'];`
Reformated with php-cs-fixer 2020-06-25 12:41:16 +00:00			`} elseif (isset($_GET['_token'])) {`
Initial commit 2016-07-18 16:39:37 +00:00			`$_token = $_GET['_token'];`
			`} else {`
			`return false;`
			`}`
			`return $_token === $_SESSION['_token'];`
			`}`
			`function crsf_defend() {`
			`if (!crsf_check()) {`
refactor: sync code from uoj.ac 2022-11-06 02:26:21 +00:00			`UOJResponse::page403('页面已过期（可能页面真的过期了，也可能是刚才你访问的网页没有完全加载，也可能是你的浏览器版本太老）');`
Initial commit 2016-07-18 16:39:37 +00:00			`}`
			`}`
refactor: sync code from uoj.ac 2022-11-06 02:26:21 +00:00
			`function submission_frequency_check() {`
			`$recent = clone UOJTime::$time_now;`
			`$recent->sub(new DateInterval("PT1S"));`
			`$num = DB::selectCount([`
			`"select count(*) from submissions",`
			`"where", [`
			`"submitter" => Auth::id(),`
			`["submit_time", ">=", $recent->format('Y-m-d H:i:s')]`
			`]`
			`]);`
			`if ($num >= 1) {`
			`return false;`
			`}`

			`// use the implementation below if OJ is under attack`
			`/*`
			`// 1`
			`$recent = clone UOJTime::$time_now;`
			`$recent->sub(new DateInterval("PT3S"));`
			`$num = DB::selectCount([`
			`"select count(*) from submissions",`
			`"where", [`
			`"submitter" => Auth::id(),`
			`["submit_time", ">=", $recent->format('Y-m-d H:i:s')]`
			`]`
			`]);`
			`if ($num >= 1) {`
			`return false;`
			`}`

			`// 2`
			`$recent = clone UOJTime::$time_now;`
			`$recent->sub(new DateInterval("PT1M"));`
			`$num = DB::selectCount([`
			`"select count(*) from submissions",`
			`"where", [`
			`"submitter" => Auth::id(),`
			`["submit_time", ">=", $recent->format('Y-m-d H:i:s')]`
			`]`
			`]);`
			`if ($num >= 6) {`
			`return false;`
			`}`

			`// 3`
			`$recent = clone UOJTime::$time_now;`
			`$recent->sub(new DateInterval("PT30M"));`
			`$num = DB::selectCount([`
			`"select count(*) from submissions",`
			`"where", [`
			`"submitter" => Auth::id(),`
			`["submit_time", ">=", $recent->format('Y-m-d H:i:s')]`
			`]`
			`]);`
			`if ($num >= 30) {`
			`return false;`
			`}`
			`*/`

			`return true;`
			`}`