codejudge/eval.php at master · jerinisready/codejudge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/*
 * Codejudge
 * Copyright 2012, Sankha Narayan Guria (sankha93@gmail.com)
 * Licensed under MIT License.
 *
 * Compiler PHP Script
 */
	require_once('functions.php');
	include('dbinfo.php');
	$link = connectdb();
	$query = "SELECT * FROM prefs"	;
        $result = mysqli_query($link, $query);
        $accept = mysqli_fetch_array($result,MYSQLI_BOTH);
        $query = "SELECT status FROM users WHERE username='".$_SESSION['username']."'";
        $result = mysqli_query($link, $query);
        $status = mysqli_fetch_array($result,MYSQLI_BOTH);


		if (!preg_match("/^[^\\/?* :;{}\\\\]+\\.[^\\/?*: ;{}\\\\]{1,4}$/", $_POST['filename']))
		header("Location: solve.php?ferror=1&id=".$_POST['id']); // invalid filename
        // check if the user is banned or allowed to submit and SQL Injection checks
        else if($accept['accept'] == 1 and $status['status'] == 1 and is_numeric($_POST['id'])) {
        	$soln = mysqli_real_escape_string($link, $_POST['soln']);
        	$filename = mysqli_real_escape_string($link, $_POST['filename']);
        	$lang = mysqli_real_escape_string($link, $_POST['lang']);
        	//check if entries are empty
        	if(trim($soln) == "" or trim($filename) == "" or trim($lang) == "")
        		header("Location: solve.php?derror=1&id=".$_POST['id']);
        	else {
			if($_POST['ctype']=='new')
				// add to database if it is a new submission
				$query = "INSERT INTO `solve` ( `problem_id` , `username`, `soln`, `filename`, `lang`) VALUES ('".$_POST['id']."', '".$_SESSION['username']."', '".$soln."', '".$filename."', '".$lang."')";
			else {
				// update database if it is a re-submission
				$tmp = "SELECT attempts FROM solve WHERE (problem_id='".$_POST['id']."' AND username='".$_SESSION['username']."')";
				$result = mysqli_query($link, $tmp);
				$fields = mysqli_fetch_array($result, MYSQLI_BOTH);
				$query = "UPDATE solve SET lang='".$lang."', attempts='".($fields['attempts']+1)."', soln='".$soln."', filename='".$filename."', points=0 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
			}
			mysqli_query($link, $query);
			// connect to the java compiler server to compile the file and fetch the results
			$socket = fsockopen($compilerhost, $compilerport);

			if($socket) {
				fwrite($socket, $_POST['filename']."\n");
				$query = "SELECT * FROM problems WHERE sl='".$_POST['id']."'";
				$result = mysqli_query($link, $query);
				$fields = mysqli_fetch_array($result,MYSQLI_BOTH);
				fwrite($socket, $fields['time']."\n");
				$soln = str_replace("\n", '$_n_$', treat($_POST['ssoln']));
				fwrite($socket, $soln."\n");
				$input = str_replace("\n", '$_n_$', treat($fields['input']));
				fwrite($socket, $input."\n");
				fwrite($socket, $lang."\n");
				$status = fgets($socket);
				$contents = "";
				while(!feof($socket))
					$contents = $contents.fgets($socket);
				if($status == 0) {
					// oops! compile error
					$query = "UPDATE solve SET status=1 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
					mysqli_query($link, $query);
					$_SESSION['cerror'] = trim($contents);
					header("Location: solve.php?cerror=1&id=".$_POST['id']);
				}


				else if($status == 1) {
					if(trim($contents) == trim(treat($fields['output']))) {					/////
						// holla! problem solved											/////
						$query = "SELECT points FROM problems WHERE  sl='".$_POST['id']."'";/////
						$res = mysqli_query($link, $query);
						$field = mysqli_fetch_array($res,  MYSQLI_BOTH);
						$query = "UPDATE solve SET status=2, points=".$field['points']." WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
						mysqli_query($link, $query);
						header("Location: index.php?success=1");
					} else {
						// duh! wrong output
						$query = "UPDATE solve SET status=1, points=0 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
						mysqli_query($link, $query);
						header("Location: solve.php?oerror=1&id=".$_POST['id']);
					}
				}

				else if($status == 2) {
					$query = "UPDATE solve SET status=1, points=0 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
					mysqli_query($link, $query);
					header("Location: solve.php?terror=1&id=".$_POST['id']);
				}
			} else
				header("Location: solve.php?serror=1&id=".$_POST['id']); // compiler server not running
		}
	}
?>