<?php function getPasswordToStore($password, $username) { return md5($username . $password); } function checkPassword($user, $password) { return $user['password'] == md5($user['username'] . $password); } function getPasswordClientSalt() { return UOJConfig::$data['security']['user']['client_salt']; } function crsf_token() { if (!isset($_SESSION['_token'])) { $_SESSION['_token'] = uojRandString(60); } return $_SESSION['_token']; } function crsf_check() { if (isset($_POST['_token'])) { $_token = $_POST['_token']; } elseif (isset($_GET['_token'])) { $_token = $_GET['_token']; } else { return false; } return $_token === $_SESSION['_token']; } function crsf_defend() { if (!crsf_check()) { UOJResponse::page403('页面已过期(可能页面真的过期了,也可能是刚才你访问的网页没有完全加载,也可能是你的浏览器版本太老)'); } } function submission_frequency_check() { $recent = clone UOJTime::$time_now; $recent->sub(new DateInterval("PT1S")); $num = DB::selectCount([ "select count(*) from submissions", "where", [ "submitter" => Auth::id(), ["submit_time", ">=", $recent->format('Y-m-d H:i:s')] ] ]); if ($num >= 1) { return false; } // use the implementation below if OJ is under attack /* // 1 $recent = clone UOJTime::$time_now; $recent->sub(new DateInterval("PT3S")); $num = DB::selectCount([ "select count(*) from submissions", "where", [ "submitter" => Auth::id(), ["submit_time", ">=", $recent->format('Y-m-d H:i:s')] ] ]); if ($num >= 1) { return false; } // 2 $recent = clone UOJTime::$time_now; $recent->sub(new DateInterval("PT1M")); $num = DB::selectCount([ "select count(*) from submissions", "where", [ "submitter" => Auth::id(), ["submit_time", ">=", $recent->format('Y-m-d H:i:s')] ] ]); if ($num >= 6) { return false; } // 3 $recent = clone UOJTime::$time_now; $recent->sub(new DateInterval("PT30M")); $num = DB::selectCount([ "select count(*) from submissions", "where", [ "submitter" => Auth::id(), ["submit_time", ">=", $recent->format('Y-m-d H:i:s')] ] ]); if ($num >= 30) { return false; } */ return true; }