From 958b203cdce65c2bcc97282dfbe6e60e0feb1a7d Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 12 Jan 2026 10:43:32 +0200 Subject: [PATCH 01/71] fix typo in path name --- ansible/runonce/mui.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml index b3c247965..068b0df82 100755 --- a/ansible/runonce/mui.yml +++ b/ansible/runonce/mui.yml @@ -272,7 +272,7 @@ dest: "{{item.dest}}" with_items: - { src: '{{playbook_dir}}/../templates/httpd.conf.j2', dest: '/etc/httpd.conf', domain: '{{hostname}}' } - - { src: '{{playbook_dir}}/../templates/acme-client.conf.j2', dest: '/etc/acme-client.conf', domain: '{{hostname}}', challenge_dir: "/home/moderatortUI/acme/.well-known/acme-challenge/" } + - { src: '{{playbook_dir}}/../templates/acme-client.conf.j2', dest: '/etc/acme-client.conf', domain: '{{hostname}}', challenge_dir: "/home/moderatorUI/acme/.well-known/acme-challenge/" } - name: Generate pf tables files command: "{{item.cmd}}" From e22be841106af2f4a5657dfedd4de1f9abfb8adf Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 12 Jan 2026 10:43:53 +0200 Subject: [PATCH 02/71] allow us to perform acme requests even when in DT mode --- ansible/templates/dt.conf.j2 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ansible/templates/dt.conf.j2 b/ansible/templates/dt.conf.j2 index 17f7650b4..5a3699bdc 100644 --- a/ansible/templates/dt.conf.j2 +++ b/ansible/templates/dt.conf.j2 @@ -43,7 +43,15 @@ http { ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/private/dhparam.pem; - return 503; + # ACME challenge must bypass maintenance + location ^~ /.well-known/acme-challenge/ { + root /acme; + try_files $uri =404; + } + + location / { + return 503; + } error_page 503 @maintenance; location @maintenance { add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; From e1461fdde93fb83faae8b1362f9543482f4f5731 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 12 Jan 2026 10:44:15 +0200 Subject: [PATCH 03/71] a simple playbook to add new ssh keys to a host/user --- ansible/maintenance/authorized_keys.yml | 33 +++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 ansible/maintenance/authorized_keys.yml diff --git a/ansible/maintenance/authorized_keys.yml b/ansible/maintenance/authorized_keys.yml new file mode 100644 index 000000000..cda89202b --- /dev/null +++ b/ansible/maintenance/authorized_keys.yml @@ -0,0 +1,33 @@ +--- +- name: Update authorized SSH keys for a user + hosts: all + become: true + + vars: + target_user: root + + pre_tasks: + - name: Ensure ssh_keys_source is provided + ansible.builtin.fail: + msg: "You must provide ssh_keys_source (file path or URL)" + when: ssh_keys_source is not defined + + - name: Load SSH public keys from file or URL + ansible.builtin.set_fact: + ssh_public_keys: >- + {{ + lookup( + ssh_keys_source is match('^https?://') + | ternary('url', 'file'), + ssh_keys_source + ) + }} + + tasks: + - name: Update authorized_keys for user + ansible.posix.authorized_key: + user: "{{ target_user }}" + key: "{{ ssh_public_keys }}" + manage_dir: true + state: present + # exclusive: true # uncomment to replace all existing keys From fd4fd17021abed9ae9ad9ecf0b6829d7f8b56199 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 12 Jan 2026 10:44:54 +0200 Subject: [PATCH 04/71] sync composer lock with json --- .github/update-composer-json.php | 137 +++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 .github/update-composer-json.php diff --git a/.github/update-composer-json.php b/.github/update-composer-json.php new file mode 100644 index 000000000..2144c54fb --- /dev/null +++ b/.github/update-composer-json.php @@ -0,0 +1,137 @@ + 'package', // The type is at the root level of the repository entry + 'package' => [ + 'name' => $packageName, + 'version' => $packageVersionRange, + 'type' => 'library', // Default type, you can adjust this if needed + 'dist' => [ + 'url' => $repositoryUrl, + 'type' => $distType, // Use the dynamically derived dist type + 'reference' => $packageHash // Adding the hash (reference) if available + ] + ] + ]; + // Track pinned package + $pinnedPackages[] = $packageName; + } +} + +// Write the updated composer.json back to the file +if (file_put_contents($composerJsonPath, json_encode($composerJson, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . PHP_EOL)) { + echo "composer.json has been updated with the versions from composer.lock.\n"; + if (count($pinnedPackages) > 0) { + echo "The following packages were pinned to repositories:\n"; + foreach ($pinnedPackages as $packageName) { + echo " - $packageName\n"; + } + } +} else { + echo "Failed to update composer.json.\n"; + exit(1); +} From 5164b74ced76d62bfe7475c350aac7f480b41747 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 14:17:15 +0200 Subject: [PATCH 05/71] add auto-assign pr --- .github/workflows/auto-assign-pr.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/auto-assign-pr.yml diff --git a/.github/workflows/auto-assign-pr.yml b/.github/workflows/auto-assign-pr.yml new file mode 100644 index 000000000..dcc6fb843 --- /dev/null +++ b/.github/workflows/auto-assign-pr.yml @@ -0,0 +1,21 @@ +name: Auto-Assign PR + +on: + pull_request: + types: [opened] + +jobs: + assign: + runs-on: ubuntu-latest + steps: + - name: Assign PR to repo owner + uses: actions/github-script@v8 + with: + github-token: ${{ secrets.GH_ADMIN_TOKEN }} + script: | + await github.rest.issues.addAssignees({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + assignees: ["proditis"] + }); From 0151a10a67fac092c501ba979cdbda3fd73af72d Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 14:17:31 +0200 Subject: [PATCH 06/71] create docker-servers bootstrap and normal ops --- ansible/runonce/docker-servers.yml | 121 ++++++++++++++++------------- 1 file changed, 66 insertions(+), 55 deletions(-) diff --git a/ansible/runonce/docker-servers.yml b/ansible/runonce/docker-servers.yml index af2024e10..1b9d3e404 100755 --- a/ansible/runonce/docker-servers.yml +++ b/ansible/runonce/docker-servers.yml @@ -1,40 +1,17 @@ #!/usr/bin/env ansible-playbook --- -- name: Configure docker servers for echoCTF +- name: Bootstrap docker servers for echoCTF hosts: all gather_facts: true become: true become_method: su + remote_user: sysadmin tasks: + - name: Set timezone to UTC timezone: name: UTC - - name: Kill any running pm2 - shell: pm2 kill - no_log: true - ignore_errors: true - - - name: Ensure docker services are stopped - command: service docker stop - no_log: true - ignore_errors: true - - - name: Ensure existing docker service overrides are removed - ansible.builtin.file: - path: "{{item}}" - state: absent - with_items: - - /etc/systemd/system/docker.service.d/dockerd-service-override.conf - - /etc/systemd/system/docker.service.d/override.conf - - /etc/systemd/system/pm2-root.service.d/pm2-root-service-override.conf - - /etc/systemd/system/pm2-root.service.d/override.conf - - - name: Remove any existing /etc/docker/daemon.json - ansible.builtin.file: - path: /etc/docker/daemon.json - state: absent - - name: Set hostname based on host_var hostname: name: "{{fqdn}}" @@ -61,29 +38,6 @@ pkg: "{{pre_apt}}" when: pre_apt is defined and pre_apt|length > 0 - - name: Add apt keys - when: aptKeys is defined - apt_key: - url: "{{item.key}}" - state: "{{item.state}}" - with_items: "{{aptKeys}}" - - - name: Add apt repositories - when: aptRepos is defined - apt_repository: - repo: "{{item.repo}}" - state: "{{item.state}}" - with_items: "{{aptRepos}}" - - - name: Update package cache - apt: - update_cache: yes - - - name: Update all packages to the latest version - no_log: "{{DEBUG|default(true)}}" - apt: - upgrade: dist - - name: Adding defined users (optional) when: users is defined user: @@ -109,16 +63,73 @@ key: "https://github.com/{{item}}.keys" with_items: "{{sshkeys}}" - - name: Make sure sysadmin has sudo access - lineinfile: - path: /etc/sudoers.d/90_sysadmin - line: 'sysadmin ALL=(ALL) NOPASSWD:ALL' - create: yes - - name: Ensure /home/sysadmin is owned by sysadmin user (recursive) shell: chown -R sysadmin /home/sysadmin when: users is defined + - name: Allow user to have passwordless sudo + copy: + dest: "/etc/sudoers.d/90_sysadmin" + content: "sysadmin ALL=(ALL) NOPASSWD:ALL\n" + owner: root + group: root + mode: '0440' + +- name: Configure docker servers for echoCTF + hosts: all + gather_facts: true + become: false + remote_user: root + tasks: + + - name: Kill any running pm2 + shell: pm2 kill + no_log: true + ignore_errors: true + + - name: Ensure docker services are stopped + command: service docker stop + no_log: true + ignore_errors: true + + - name: Ensure existing docker service overrides are removed + ansible.builtin.file: + path: "{{item}}" + state: absent + with_items: + - /etc/systemd/system/docker.service.d/dockerd-service-override.conf + - /etc/systemd/system/docker.service.d/override.conf + - /etc/systemd/system/pm2-root.service.d/pm2-root-service-override.conf + - /etc/systemd/system/pm2-root.service.d/override.conf + + - name: Remove any existing /etc/docker/daemon.json + ansible.builtin.file: + path: /etc/docker/daemon.json + state: absent + + - name: Add apt keys + when: aptKeys is defined + apt_key: + url: "{{item.key}}" + state: "{{item.state}}" + with_items: "{{aptKeys}}" + + - name: Add apt repositories + when: aptRepos is defined + apt_repository: + repo: "{{item.repo}}" + state: "{{item.state}}" + with_items: "{{aptRepos}}" + + - name: Update package cache + apt: + update_cache: yes + + - name: Update all packages to the latest version + no_log: "{{DEBUG|default(true)}}" + apt: + upgrade: dist + - name: Install post install packages apt: state: latest From a2b7d7447a7b5655c32b2fe717bcc4b6425fb55d Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 14:17:51 +0200 Subject: [PATCH 07/71] dont show personal stats on team events --- frontend/components/Img.php | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/frontend/components/Img.php b/frontend/components/Img.php index f4371ad72..75126b2e1 100644 --- a/frontend/components/Img.php +++ b/frontend/components/Img.php @@ -55,12 +55,22 @@ public static function profile($profile) imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"root@%s:/# ./userinfo --profile %d"),\Yii::$app->sys->offense_domain,$profile->id),$textcolor); imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"username.....: %s"),$profile->owner->username),$greencolor); imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"joined.......: %s"),date("d.m.Y", strtotime($profile->owner->created))),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"points.......: %s"),number_format($profile->owner->playerScore->points)),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"rank.........: %s"),$profile->owner->playerScore->points == 0 ? "-":$profile->rank->ordinalPlace),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"level........: %d / %s"),$profile->experience->id, $profile->experience->name),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"flags........: %d"), $profile->totalTreasures),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"challenges...: %d / %d first"),$profile->challengesSolverCount, $profile->firstChallengeSolversCount),$greencolor); - imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"headshots....: %d / %d first"),$profile->headshotsCount, $profile->firstHeadshotsCount),$greencolor); + if (\Yii::$app->sys->team_only_leaderboards !== true) + { + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"points.......: %s"),number_format($profile->owner->playerScore->points)),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"rank.........: %s"),$profile->owner->playerScore->points == 0 ? "-":$profile->rank->ordinalPlace),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"level........: %d / %s"),$profile->experience->id, $profile->experience->name),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"flags........: %d"), $profile->totalTreasures),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"challenges...: %d / %d first"),$profile->challengesSolverCount, $profile->firstChallengeSolversCount),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, sprintf(\Yii::t('app',"headshots....: %d / %d first"),$profile->headshotsCount, $profile->firstHeadshotsCount),$greencolor); + } + else if($profile->owner->teamPlayer) + { + imagestring($image, 6, 200, $lineheight*$i++, \Yii::t('app',"team.........: {team}",['team'=>$profile->owner->team->name]),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, \Yii::t('app',"team rank....: {rank}",['rank'=>($profile->owner->team->rank !== null ? $profile->owner->team->rank->ordinalPlace : 'empty')]),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, \Yii::t('app',"team points..: {points,plural,=0{0 pts} =1{# pts} other{# pts}}",['points'=>($profile->owner->team->score !== null ? $profile->owner->team->score->points : 0)]),$greencolor); + imagestring($image, 6, 200, $lineheight*$i++, \Yii::t('app',"contributed..: {points,plural,=0{0 pts} =1{# pts} other{# pts}}",['points'=>($profile->owner->teamStreamPoints->points ?? 0)]),$greencolor); + } imagedestroy($avatar); imagedestroy($cover); imagedestroy($src); From 426c95db281136f88cd2c2df9eaa8659a0ccc819 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 14:18:30 +0200 Subject: [PATCH 08/71] dont show leaderboards on guest view profile on team only events --- frontend/themes/material/profile/guest/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frontend/themes/material/profile/guest/index.php b/frontend/themes/material/profile/guest/index.php index ac6ab237d..468b9cf8c 100644 --- a/frontend/themes/material/profile/guest/index.php +++ b/frontend/themes/material/profile/guest/index.php @@ -61,6 +61,7 @@ render('../_profile_tabs',['profile'=>$profile,'game'=>$game,'headshots'=>$headshots]);?> +sys->team_only_leaderboards!==true):?>
+ From 201a4f7a4f2e79fe509fe90111bbd269d80ac5d4 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 14:18:57 +0200 Subject: [PATCH 09/71] team module required for badge generation on team events --- frontend/config/console.php | 105 +++++++++++++++++++----------------- 1 file changed, 55 insertions(+), 50 deletions(-) diff --git a/frontend/config/console.php b/frontend/config/console.php index 4b146d6c7..61ad81f0e 100644 --- a/frontend/config/console.php +++ b/frontend/config/console.php @@ -1,54 +1,60 @@ 'basic-console', -// 'language' => 'el-GR', - 'sourceLanguage' => 'en-US', - 'basePath' => dirname(__DIR__), - 'bootstrap' => ['log'], - 'controllerNamespace' => 'app\commands', - 'aliases' => [ - '@bower' => '@vendor/bower-asset', - '@npm' => '@vendor/npm-asset', - '@tests' => '@app/tests', +$config = [ + 'id' => 'basic-console', + // 'language' => 'el-GR', + 'sourceLanguage' => 'en-US', + 'basePath' => dirname(__DIR__), + 'bootstrap' => ['log'], + 'controllerNamespace' => 'app\commands', + 'aliases' => [ + '@bower' => '@vendor/bower-asset', + '@npm' => '@vendor/npm-asset', + '@tests' => '@app/tests', + ], + 'modules' => [ + 'team' => [ + 'class' => 'app\modules\team\Module', ], - 'components' => [ - 'i18n' => [ - 'translations' => [ - 'yii' => [ - 'class' => 'yii\i18n\PhpMessageSource', - ], - 'app*' => [ - 'class' => 'yii\i18n\PhpMessageSource', - 'basePath' => '@app/messages', - 'sourceLanguage' => 'en-US', - 'fileMap' => [ - 'app' => 'app.php', - 'app/error' => 'error.php', - ], - ], - ], + ], + + 'components' => [ + 'i18n' => [ + 'translations' => [ + 'yii' => [ + 'class' => 'yii\i18n\PhpMessageSource', ], - 'sys'=> [ - 'class' => 'app\components\Sysconfig', + 'app*' => [ + 'class' => 'yii\i18n\PhpMessageSource', + 'basePath' => '@app/messages', + 'sourceLanguage' => 'en-US', + 'fileMap' => [ + 'app' => 'app.php', + 'app/error' => 'error.php', + ], ], - 'cache' => $cache, - 'log' => [ - 'targets' => [ - [ - 'class' => 'yii\log\FileTarget', - 'levels' => ['error', 'warning'], - ], - ], + ], + ], + 'sys' => [ + 'class' => 'app\components\Sysconfig', + ], + 'cache' => $cache, + 'log' => [ + 'targets' => [ + [ + 'class' => 'yii\log\FileTarget', + 'levels' => ['error', 'warning'], ], - 'db' => $db, + ], ], - 'params' => $params, - /* + 'db' => $db, + ], + 'params' => $params, + /* 'controllerMap' => [ 'fixture' => [ // Fixture generation command line. 'class' => 'yii\faker\FixtureController', @@ -57,13 +63,12 @@ */ ]; -if(YII_ENV_DEV) -{ - // configuration adjustments for 'dev' environment - $config['bootstrap'][]='gii'; - $config['modules']['gii']=[ - 'class' => 'yii\gii\Module', - ]; +if (YII_ENV_DEV) { + // configuration adjustments for 'dev' environment + $config['bootstrap'][] = 'gii'; + $config['modules']['gii'] = [ + 'class' => 'yii\gii\Module', + ]; } return $config; From 2338b8b4e9aa253a26b77b78cafc41e8936e72f5 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 19:17:48 +0200 Subject: [PATCH 10/71] add missing pass from admins --- ansible/runonce/docker-registry.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/runonce/docker-registry.yml b/ansible/runonce/docker-registry.yml index 547330003..49b150e46 100755 --- a/ansible/runonce/docker-registry.yml +++ b/ansible/runonce/docker-registry.yml @@ -137,7 +137,7 @@ content: "{{item.content|default(omit)}}" with_items: - { dest: "/etc/pf.conf", src: "../files/pf.conf"} - - { dest: "/etc/service.pf.conf", content: "anchor \"dynamic\"\npass quick inet proto tcp from to port {{registry_bind_port}} label \"service_clients\"\n"} + - { dest: "/etc/service.pf.conf", content: "pass quick from label \"administrators\"\nanchor \"dynamic\"\npass quick inet proto tcp from to port {{registry_bind_port}} label \"service_clients\"\n"} - { dest: "/etc/service_clients.conf", content: "{{registry_targets_cidr}}\n"} - name: Dump administrators PF table (if exists) From ce1ed68ec5ad667f63b016066b2e3dc2a183c127 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Wed, 14 Jan 2026 19:20:02 +0200 Subject: [PATCH 11/71] fix the typo in targets_cidr --- ansible/inventories/servers/host_vars/registry.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/inventories/servers/host_vars/registry.yml b/ansible/inventories/servers/host_vars/registry.yml index 87ad4d3cc..37fa85f1e 100644 --- a/ansible/inventories/servers/host_vars/registry.yml +++ b/ansible/inventories/servers/host_vars/registry.yml @@ -5,7 +5,7 @@ registry_storage: "/storage" registry_bind_ip: "0.0.0.0" registry_bind_port: "5000" registry_targets_if: if0 -registry_targets_cidr: 10.0.100.0/24 +registry_targets_cidr: 10.0.0.100/24 backups: - { tgz: "/altroot/root.tgz", src: '/root' } - { tgz: "/altroot/etc.tgz", src: '/etc' } From 5b0400a032b25c8b110ecd2bc212054a94d4b612 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Thu, 15 Jan 2026 10:30:16 +0200 Subject: [PATCH 12/71] disable dynamic treasures for sanitycheck --- ansible/Dockerfiles/sanitycheck/variables.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/Dockerfiles/sanitycheck/variables.yml b/ansible/Dockerfiles/sanitycheck/variables.yml index 9766edd51..1762de0cb 100644 --- a/ansible/Dockerfiles/sanitycheck/variables.yml +++ b/ansible/Dockerfiles/sanitycheck/variables.yml @@ -12,6 +12,7 @@ writeup_allowed: 0 headshot_spin: 0 instance_allowed: 0 TargetOndemand: false +dynamic_treasures: 0 container: name: "{{hostname}}" hostname: "{{fqdn}}" From e5f69418cb94de0b059ee9161658001af7eb21d1 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 18 Jan 2026 13:55:59 +0200 Subject: [PATCH 13/71] support expire, typecast params, catch Throwable instead of exceptions --- backend/commands/CronController.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/commands/CronController.php b/backend/commands/CronController.php index ec16a5bc0..9a4b0e5dd 100644 --- a/backend/commands/CronController.php +++ b/backend/commands/CronController.php @@ -225,7 +225,7 @@ public function actionInstancePfTables($dopf = false) /** * Process player private instances */ - public function actionInstances($pfonly = false) + public function actionInstances(bool $pfonly = false,int $expire = 40) { if (file_exists("/tmp/cron-instances.lock")) { echo date("Y-m-d H:i:s ") . "Instances: /tmp/cron-instances.lock exists, skipping execution\n"; @@ -242,7 +242,7 @@ public function actionInstances($pfonly = false) } } - $t = TargetInstance::find()->pending_action(40); + $t = TargetInstance::find()->pending_action($expire); foreach ($t->all() as $val) { try { $ips = []; @@ -298,7 +298,7 @@ public function actionInstances($pfonly = false) if ($pfonly === false) { try { $dc->destroy(); - } catch (\Exception $e) { + } catch (\Throwable $e) { } $dc->pull(); $dc->spin(); @@ -337,7 +337,7 @@ public function actionInstances($pfonly = false) default: printf("Error: Unknown action\n"); } - } catch (\Exception $e) { + } catch (\Throwable $e) { if (method_exists($e, 'getErrorResponse')) echo "Instances:", $e->getErrorResponse()->getMessage(), "\n"; else From 71e42f21510a0b3df2950f3b75dd144fc91465c9 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 18 Jan 2026 13:56:49 +0200 Subject: [PATCH 14/71] avoid filtering on 0 minutes_ago --- .../modules/infrastructure/models/TargetInstanceQuery.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/modules/infrastructure/models/TargetInstanceQuery.php b/backend/modules/infrastructure/models/TargetInstanceQuery.php index b2551b250..7af994882 100644 --- a/backend/modules/infrastructure/models/TargetInstanceQuery.php +++ b/backend/modules/infrastructure/models/TargetInstanceQuery.php @@ -14,9 +14,11 @@ public function active() return $this->andWhere('[[ip]] IS NOT NULL')->andWhere('[[reboot]]!=2'); } - public function pending_action($minutes_ago = 60) + public function pending_action(int $minutes_ago = 60) { - return $this->andWhere('[[ip]] IS NULL')->orWhere(['>', 'reboot', 0])->orWhere(['<', 'updated_at', new \yii\db\Expression("NOW() - INTERVAL $minutes_ago MINUTE")]); + if($minutes_ago !== 0) + return $this->andWhere('[[ip]] IS NULL')->orWhere(['>', 'reboot', 0])->orWhere(['<', 'updated_at', new \yii\db\Expression("NOW() - INTERVAL $minutes_ago MINUTE")]); + return $this->andWhere('[[ip]] IS NULL')->orWhere(['>', 'reboot', 0]); } From 264df81d1b8d24408bbc56b856233c04798a10bc Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 18 Jan 2026 13:57:10 +0200 Subject: [PATCH 15/71] only allow mui to fetch identificationFiles --- ansible/templates/nginx.conf.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ansible/templates/nginx.conf.j2 b/ansible/templates/nginx.conf.j2 index f2584dcc6..fc537052e 100644 --- a/ansible/templates/nginx.conf.j2 +++ b/ansible/templates/nginx.conf.j2 @@ -252,6 +252,15 @@ http { set $yii_bootstrap "/index.php"; {% if "mui" not in inventory_hostname %} + {% if mui_ext_ip is defined %} + location /identificationFiles/ { + allow {{ mui_ext_ip }}; + deny all; + + try_files $uri $uri/ =404; + } + {% endif %} + # Rate limit /api to 10 requests/sec # This is way too loose location /api { From 904841d3b4ae53a7b3c38bb4c81fddd8ee32f0c0 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:15:07 +0200 Subject: [PATCH 16/71] fix permissions and allow run from outside PR --- .github/workflows/auto-assign-pr.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign-pr.yml b/.github/workflows/auto-assign-pr.yml index dcc6fb843..fecb812bc 100644 --- a/.github/workflows/auto-assign-pr.yml +++ b/.github/workflows/auto-assign-pr.yml @@ -1,9 +1,12 @@ name: Auto-Assign PR on: - pull_request: + pull_request_target: types: [opened] +permissions: + issues: write + jobs: assign: runs-on: ubuntu-latest From 10dc3a16d5e7c299240e2de5ac962bc59edc00aa Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:15:31 +0200 Subject: [PATCH 17/71] no need for everyone to have access to the WS --- ansible/files/pui.service.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/files/pui.service.conf b/ansible/files/pui.service.conf index fb1fa8ea0..9dd62ce24 100644 --- a/ansible/files/pui.service.conf +++ b/ansible/files/pui.service.conf @@ -1,6 +1,8 @@ # Allow users to connect to port 80/443 pass in quick on egress inet proto tcp from {, } to (egress:0) port 8888 rdr-to 127.0.0.1 +pass in quick on interconnect inet proto tcp from (interconnect:network) to (interconnect:0) port 8888 rdr-to 127.0.0.1 + pass quick from label "administrators" pass quick inet proto tcp from to (egress:0) port { 80 , 443 } label "www-moderators" @@ -8,9 +10,7 @@ pass quick inet proto tcp from to (egress:0) port { 80 , 443 } labe # FOR DT OPERATIONS pass in quick inet proto tcp from to port 80 rdr-to 127.0.0.1 port 8080 label "maintenance" pass in quick inet proto tcp from to port 443 rdr-to 127.0.0.1 port 8443 label "maintenance" -block in quick on egress inet proto tcp from to (egress:0) port 8888 pass in on egress inet proto tcp from to port { 80, 443 } label "www-normal" pass in on egress inet proto tcp to port { 80, 443 } label "www-normal" -pass in quick on egress inet proto tcp to (egress:0) port 8888 rdr-to 127.0.0.1 From 924e911f2d7725146eebe29f69ce96d9b35c0e4d Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:16:15 +0200 Subject: [PATCH 18/71] sync with github repo playbook --- ansible/maintenance/sync-github.yml | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 ansible/maintenance/sync-github.yml diff --git a/ansible/maintenance/sync-github.yml b/ansible/maintenance/sync-github.yml new file mode 100644 index 000000000..e413658f2 --- /dev/null +++ b/ansible/maintenance/sync-github.yml @@ -0,0 +1,32 @@ +#!/usr/bin/env ansible-playbook +--- +- name: Update deployed application from Git + hosts: all + tasks: + - name: Ensure repository is up to date + git: + repo: "{{ GITHUB_REPO }}" + dest: "{{ REPO }}" + version: "{{ GITHUB_REPO_BRANCH }}" + force: yes + accept_hostkey: yes + update: yes + notify: restart applications + register: git_result + + - name: Clean untracked files (preserving paths) + shell: git clean -fd {{ '-n' if ansible_check_mode else '' }} {% for p in PRESERVE_PATHS %}-e {{ p }} {% endfor %} + args: + chdir: "{{ REPO }}" + register: clean_result + changed_when: clean_result.stdout != "" + when: git_result.changed and PRESERVE_PATHS is defined + notify: restart applications + + handlers: + - name: restart applications + when: APP_SERVICES is defined + service: + name: "{{ item }}" + state: restarted + loop: "{{ APP_SERVICES }}" From 42167589a4ebbc4fe6d646209b8668e6e4c95a79 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:17:08 +0200 Subject: [PATCH 19/71] use install -d instead to limit the number of command from mkdir/chown --- ansible/runonce/mui.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml index 068b0df82..4f27b56e5 100755 --- a/ansible/runonce/mui.yml +++ b/ansible/runonce/mui.yml @@ -425,8 +425,8 @@ - name: configure folders and perms command: "{{item}}" with_items: - - "mkdir -p /home/moderatorUI/{{domain_name}}/backend/web/assets" - - "chown -R moderatorUI /home/moderatorUI/{{domain_name}}/backend/web/assets" + - "install -d -o moderatorUI /home/moderatorUI/{{domain_name}}/backend/web/assets" + - "install -d -o moderatorUI /home/moderatorUI/{{domain_name}}/backend/web/identifcationFiles" - "mkdir -p /var/log/cron" - "ln -sf /home/moderatorUI/{{domain_name}}/backend/yii /usr/local/bin/backend" From 22c44083f9c4fce78e3c1619efdbd14975a6c8a0 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:18:04 +0200 Subject: [PATCH 20/71] use the proper ws socket for live installs and use the same user for dt.conf --- ansible/runonce/pui.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ansible/runonce/pui.yml b/ansible/runonce/pui.yml index 9a1ed2bf4..c23f90dd2 100755 --- a/ansible/runonce/pui.yml +++ b/ansible/runonce/pui.yml @@ -417,7 +417,7 @@ src: ../templates/dt.conf.j2 dest: /etc/nginx/dt.conf with_items: - - { user: 'www', domain: '{{domain_name}}', root: "/htdocs" } + - { user: 'participantUI', domain: '{{domain_name}}', root: "/htdocs" } tags: - nginx @@ -466,6 +466,7 @@ - { section: PHP, option: "error_reporting", value: "E_NONE" } - { section: PHP, option: "post_max_size", value: "180M" } - { section: PHP, option: "upload_max_filesize", value: "120M" } + - { section: PHP, option: "allow_url_fopen", value: "On"} - { section: Session, option: "session.save_handler", value: "memcached"} - { section: Session, option: "session.save_path", value: "{{db_ip}}:11211"} - { section: Session, option: "session.gc_maxlifetime", value: "43200" } @@ -487,13 +488,10 @@ - name: configure folders and permissions command: "{{item}}" with_items: - - mkdir -p /home/participantUI/{{domain_name}}/frontend/web/assets - - mkdir -p /home/participantUI/{{domain_name}}/frontend/web/identificationFiles - - mkdir -p /home/participantUI/{{domain_name}}/frontend/web/images/avatars/team + - install -d -o participantUI /home/participantUI/{{domain_name}}/frontend/web/assets + - install -d -o participantUI /home/participantUI/{{domain_name}}/frontend/web/identificationFiles + - install -d -o participantUI /home/participantUI/{{domain_name}}/frontend/web/images/avatars/team - mkdir -p /var/log/cron - - chown -R participantUI /home/participantUI/{{domain_name}}/frontend/web/assets - - chown -R participantUI /home/participantUI/{{domain_name}}/frontend/web/images/avatars/ - - chown -R participantUI /home/participantUI/{{domain_name}}/frontend/web/identificationFiles - ln -sf /home/participantUI/{{domain_name}}/frontend/yii /usr/local/bin/frontend - name: configure participant rc.d @@ -635,10 +633,12 @@ redirect_stderr=true - name: "Update frontend/config/params.php" - replace: - path: "/home/participantUI/{{domain_name}}/frontend/config/params.php" - regexp: 'ws://localhost:8888/ws' - replace: 'wss://{{domain_name}}/ws' + ansible.builtin.lineinfile: + path: "/home/participantUI/{{ domain_name }}/frontend/config/params.php" + search_string: 'ws://localhost:8888/ws' + line: 'wss://{{ domain_name }}/ws' + insertafter: null + insertbefore: null - name: copy nstables script copy: From fc8f59dc3b4958a75d9085dec220cec73861f737 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:18:33 +0200 Subject: [PATCH 21/71] add php ini that is needed for our service publisher --- ansible/runonce/vpngw.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ansible/runonce/vpngw.yml b/ansible/runonce/vpngw.yml index 495bcef33..c59c46cbe 100755 --- a/ansible/runonce/vpngw.yml +++ b/ansible/runonce/vpngw.yml @@ -252,6 +252,19 @@ - name: Activate install php modules shell: "cp /etc/php-{{versions.PHP}}.sample/*.ini /etc/php-{{versions.PHP}}/" + - name: Fixing /etc/php.ini + ini_file: dest=/etc/php-{{versions.PHP}}.ini section={{item.section}} option={{item.option}} value={{item.value}} mode=0644 owner=root group=wheel + with_items: + - { section: PHP, option: "expose_php", value: "Off" } + - { section: PHP, option: "log_errors_max_len", value: 4096 } + - { section: PHP, option: "html_errors", value: "Off" } + - { section: PHP, option: "max_execution_time", value: "60" } + - { section: PHP, option: "max_input_time", value: "120" } + - { section: PHP, option: "memory_limit", value: "256M" } + - { section: PHP, option: "error_reporting", value: "E_NONE" } + - { section: PHP, option: "post_max_size", value: "180M" } + - { section: PHP, option: "upload_max_filesize", value: "120M" } + - { section: PHP, option: "allow_url_fopen", value: "On"} - name: Update my.cnf ini_file: From 7de4ed6296ee0327a55200c46b3c98865b7901c3 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:18:52 +0200 Subject: [PATCH 22/71] make sure we only allow mui to acceess identificationFiles --- ansible/templates/nginx.conf.j2 | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/ansible/templates/nginx.conf.j2 b/ansible/templates/nginx.conf.j2 index fc537052e..30552f110 100644 --- a/ansible/templates/nginx.conf.j2 +++ b/ansible/templates/nginx.conf.j2 @@ -253,7 +253,7 @@ http { set $yii_bootstrap "/index.php"; {% if "mui" not in inventory_hostname %} {% if mui_ext_ip is defined %} - location /identificationFiles/ { + location ^~ /identificationFiles/ { allow {{ mui_ext_ip }}; deny all; @@ -345,18 +345,18 @@ http { return 404; } {% endif %} - location /ws { - proxy_pass http://127.0.0.1:8888/ws; - - # WebSocket-specific headers - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - - # Optional: increase timeout for long-lived connections - proxy_read_timeout 86400s; - proxy_send_timeout 86400s; - } + location /ws { + proxy_pass http://127.0.0.1:8888/ws; + + # WebSocket-specific headers + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + # Optional: increase timeout for long-lived connections + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } {% if captcha is defined %} # Check for requests to /profile/ location ~ ^/profile/\d+$ { From 58a3e773373e3f7b5b0b2c2a1971880242742052 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:19:47 +0200 Subject: [PATCH 23/71] simplify actionInstances() and document action --- backend/commands/CronController.php | 82 ++++++++++++++++------------- 1 file changed, 44 insertions(+), 38 deletions(-) diff --git a/backend/commands/CronController.php b/backend/commands/CronController.php index 9a4b0e5dd..9c7a1fa31 100644 --- a/backend/commands/CronController.php +++ b/backend/commands/CronController.php @@ -15,6 +15,7 @@ use app\modules\infrastructure\models\TargetInstanceAudit; use app\modules\infrastructure\models\NetworkTargetSchedule as NTS; use app\modules\gameplay\models\NetworkTarget; +use app\components\helpers\ArrayHelperExtended; /** * @method docker_connect() @@ -159,11 +160,7 @@ public function actionInstancePf($before = 60) case SELF::ACTION_START: case SELF::ACTION_RESTART: if (($val->team_allowed === true || \Yii::$app->sys->team_visible_instances === true) && $val->player->teamPlayer !== null && $val->player->teamPlayer->approved === 1) { - foreach ($val->player->teamPlayer->team->approvedMembers as $teamPlayer) { - if ((int)$teamPlayer->player->last->vpn_local_address !== 0) { - $ips[] = long2ip($teamPlayer->player->last->vpn_local_address); - } - } + $ips = $val->player->teamPlayer->team->approvedMemberIPs; } else if ((int)$val->player->last->vpn_local_address !== 0) { $ips[] = long2ip($val->player->last->vpn_local_address); } @@ -200,15 +197,9 @@ public function actionInstancePfTables($dopf = false) } $team_visible_instances = \Yii::$app->sys->team_visible_instances; if ($val->team_allowed == true || $team_visible_instances === true) { - // get team members if ($val->player->teamPlayer) { $team = $val->player->teamPlayer->team; - foreach ($team->approvedMembers as $member) { - // get IP's of connected players - if (($pIP = $member->player->last->vpn_local_address) !== null) { - $IPs[] = long2ip($pIP); - } - } + $IPs = ArrayHelperExtended::mergeUnique($IPs, $team->approvedMemberIPs); } } @@ -224,8 +215,16 @@ public function actionInstancePfTables($dopf = false) /** * Process player private instances + * + * This command updates the last updated_at field for active instances + * and processes instances that are pending action (eg. reboot, destroy, powerup) + * and updates the PF according to currently online players. + * + * @param bool $pfonly Perform PF operations and skip instance docker actions (default: false) + * @param int $expired_ago Filter instances based that haven't been updated X seconds ago (default: 2400 seconds = 40 minutes) + * @return int Exit code */ - public function actionInstances(bool $pfonly = false,int $expire = 40) + public function actionInstances(bool $pfonly = false, int $expired_ago = 2400) { if (file_exists("/tmp/cron-instances.lock")) { echo date("Y-m-d H:i:s ") . "Instances: /tmp/cron-instances.lock exists, skipping execution\n"; @@ -233,21 +232,13 @@ public function actionInstances(bool $pfonly = false,int $expire = 40) } touch("/tmp/cron-instances.lock"); $action = SELF::ACTION_EXPIRED; - // Get powered instances - $t = TargetInstance::find()->active(); - foreach ($t->all() as $instance) { - if ($instance->player->last->vpn_local_address !== null && $pfonly === false) { - printf("Updating heartbeat [%d: %s for %d: %s]\n", $instance->target_id, $instance->target->name, $instance->player_id, $instance->player->username); - $instance->touch('updated_at'); - } - } - - $t = TargetInstance::find()->pending_action($expire); + $t = TargetInstance::find()->pending_action($expired_ago); foreach ($t->all() as $val) { try { $ips = []; $dc = new DockerContainer($val->target); - $dc->timeout = ($val->server->timeout ? $val->server->timeout : 2000); + $dc->timeout = ($val->server->timeout ? $val->server->timeout : 10000); + if ($val->target->targetVolumes !== null) $dc->targetVolumes = $val->target->targetVolumes; @@ -279,17 +270,18 @@ public function actionInstances(bool $pfonly = false,int $expire = 40) $dc->server = $val->server->connstr; $dc->net = $val->server->network; - if ($val->ip == null) { - echo date("Y-m-d H:i:s ") . "Starting"; - $action = SELF::ACTION_START; + if ($val->reboot === 2) { + echo date("Y-m-d H:i:s ") . "Destroying"; + $action = SELF::ACTION_DESTROY; } else if ($val->reboot === 1) { echo date("Y-m-d H:i:s ") . "Restarting"; $action = SELF::ACTION_RESTART; - } else if ($val->reboot === 2) { - echo date("Y-m-d H:i:s ") . "Destroying"; - $action = SELF::ACTION_DESTROY; + } else if ($val->ip == null && $val->reboot == 0) { + echo date("Y-m-d H:i:s ") . "Starting"; + $action = SELF::ACTION_START; } else { echo date("Y-m-d H:i:s ") . "Expiring"; + $action = SELF::ACTION_EXPIRED; } printf(" %s for %s (%s) at %s\n", $val->target->name, $val->player->username, $dc->name, $val->server->name); switch ($action) { @@ -304,11 +296,7 @@ public function actionInstances(bool $pfonly = false,int $expire = 40) $dc->spin(); } if (($val->team_allowed === true || \Yii::$app->sys->team_visible_instances === true) && $val->player->teamPlayer && $val->player->teamPlayer->approved === 1) { - foreach ($val->player->teamPlayer->team->approvedMembers as $teamPlayer) { - if ((int)$teamPlayer->player->last->vpn_local_address !== 0) { - $ips[] = long2ip($teamPlayer->player->last->vpn_local_address); - } - } + $ips = $val->player->teamPlayer->team->approvedMemberIPs; } else if ((int)$val->player->last->vpn_local_address !== 0) { $ips[] = long2ip($val->player->last->vpn_local_address); } @@ -317,8 +305,10 @@ public function actionInstances(bool $pfonly = false,int $expire = 40) $val->ipoctet = $dc->container->getNetworkSettings()->getNetworks()->{$val->server->network}->getIPAddress(); Pf::add_table_ip($dc->name, $val->ipoctet, true); $val->reboot = 0; - if ($pfonly === false) + if ($pfonly === false) { + $val->updated_at = new \yii\db\Expression('NOW()'); $val->save(); + } break; case SELF::ACTION_EXPIRED: @@ -339,12 +329,28 @@ public function actionInstances(bool $pfonly = false,int $expire = 40) } } catch (\Throwable $e) { if (method_exists($e, 'getErrorResponse')) - echo "Instances:", $e->getErrorResponse()->getMessage(), "\n"; + echo "Instances: ", $e->getErrorResponse()->getMessage(), "\n"; else - echo "Instances:", $e->getMessage(), "\n"; + echo "Instances: ", $e->getMessage(), "\n"; + if (getenv('DEBUG', true) !== false) + \Yii::error($e); } + unset($dc); + usleep(100); } // end foreach $this->actionInstancePfTables(true); + + if ($pfonly === false) { + try { + $t = TargetInstance::find()->active()->withApprovedMemberHeartbeat()->last_updated(round($expired_ago / 2)); + foreach ($t->all() as $instance) { + printf("Updating heartbeat [%d: %s for %d: %s]\n", $instance->target_id, $instance->target->name, $instance->player_id, $instance->player->username); + $instance->touch('updated_at'); + } + } catch (\Throwable $e) { + echo "Instrances: Error while touching updated_at. ", $e->getMessage(); + } + } @unlink("/tmp/cron-instances.lock"); } From 9040674fb0d4054bfae3e7aa6eddbdf5750421cd Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:20:14 +0200 Subject: [PATCH 24/71] make sure player register respect status and active --- backend/commands/PlayerController.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/backend/commands/PlayerController.php b/backend/commands/PlayerController.php index 586d94869..ca6040328 100644 --- a/backend/commands/PlayerController.php +++ b/backend/commands/PlayerController.php @@ -182,7 +182,7 @@ public function actionMail($active = false, $email = false, $status = 9, $approv /* Register Users and generate OpenVPN keys and settings */ - public function actionRegister($username, $email, $fullname, $password = false, $player_type = "offense", $active = false, $academic = false, $team_name = false, $approved = 0) + public function actionRegister($username, $email, $fullname, $password = false, $player_type = "offense", bool $active = true, int $status=9, $academic = false, $team_name = false, $approved = 0) { echo "Registering: ", $email, "\n"; $trans = Yii::$app->db->beginTransaction(); @@ -210,16 +210,15 @@ public function actionRegister($username, $email, $fullname, $password = false, $player->password = Yii::$app->security->generatePasswordHash($password); $player->active = intval($active); - $player->status = 10; + $player->status = $status; $player->auth_key = Yii::$app->security->generateRandomString(); if (!$player->saveWithSsl()) { - if (!$player->active && intval(\Yii::$app->sys->disable_mailer)==0) { + if (!$player->active && $players->status===9 && intval(\Yii::$app->sys->disable_mailer)==0) { $player->generateEmailVerificationToken(); - $player->status = 9; } - throw new ConsoleException('Failed to save player:' . $player->username, "\n"); + throw new ConsoleException('Failed to save player:' . $player->username. "\n"); } $player->createTeam($team_name, $approved); From b8a953212fa4dee3a60b7bdcad39374059d90b25 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:20:48 +0200 Subject: [PATCH 25/71] Introduce ArrayHelperExtended --- .../helpers/ArrayHelperExtended.php | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 backend/components/helpers/ArrayHelperExtended.php diff --git a/backend/components/helpers/ArrayHelperExtended.php b/backend/components/helpers/ArrayHelperExtended.php new file mode 100644 index 000000000..b170f8b48 --- /dev/null +++ b/backend/components/helpers/ArrayHelperExtended.php @@ -0,0 +1,27 @@ + Date: Fri, 23 Jan 2026 19:21:40 +0200 Subject: [PATCH 26/71] Add TeamInvite and log errorSummary on errors --- backend/modules/frontend/models/Player.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/backend/modules/frontend/models/Player.php b/backend/modules/frontend/models/Player.php index 97aec5de9..346eb72d3 100644 --- a/backend/modules/frontend/models/Player.php +++ b/backend/modules/frontend/models/Player.php @@ -54,6 +54,7 @@ public function getAuthKey() public function saveWithSsl() { if (!$this->save()) { + Yii::error($this->getErrorSummary(true)); return false; } @@ -63,6 +64,7 @@ public function saveWithSsl() if ($playerSsl->save()) { return $playerSsl->refresh(); } + Yii::error($playerSsl->getErrorSummary(true)); return false; } @@ -144,6 +146,9 @@ public function createTeam($team_name, $approved) if (!$tp->save()) echo Yii::t('app', "Error saving team player\n"); + $ti = new \app\modules\frontend\models\TeamInvite(['team_id' => $tp->id, 'token' => Yii::$app->security->generateRandomString(8)]); + if (!$ti->save()) + echo Yii::t('app', "Error saving team invite\n"); } /** From 978d0f7ed849e3b56a5469bb4338718eb07d1595 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:22:04 +0200 Subject: [PATCH 27/71] re-generate serial until unique --- backend/modules/frontend/models/PlayerSsl.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/modules/frontend/models/PlayerSsl.php b/backend/modules/frontend/models/PlayerSsl.php index 6e8bdae84..0cec4d946 100644 --- a/backend/modules/frontend/models/PlayerSsl.php +++ b/backend/modules/frontend/models/PlayerSsl.php @@ -107,7 +107,9 @@ public function generate() { $CAprivkey=array("file://".$tmpCAprivkey, null); file_put_contents($tmpCAprivkey, Yii::$app->sys->{'CA.key'}); file_put_contents($tmpCAcert, Yii::$app->sys->{'CA.crt'}); - $serial=time(); + do { + $serial=time(); + } while (self::findOne(['serial'=>$serial])!=null); $x509=openssl_csr_sign($csr, $CAcert, $CAprivkey, 3650, array('digest_alg'=>'sha256', 'config'=>Yii::getAlias('@appconfig').'/CA.cnf', 'x509_extensions'=>'usr_cert'), $serial); openssl_csr_export($csr, $csrout); openssl_x509_export($x509, $certout, false); From aea78c3fc32b2bc607fb89f8bd4dafb4c10b9529 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:23:07 +0200 Subject: [PATCH 28/71] add approvedMemberIP's method to team --- backend/modules/frontend/models/Team.php | 28 +++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/backend/modules/frontend/models/Team.php b/backend/modules/frontend/models/Team.php index ce40c889d..10cf9bb84 100644 --- a/backend/modules/frontend/models/Team.php +++ b/backend/modules/frontend/models/Team.php @@ -22,6 +22,7 @@ * @property Player $owner * @property TeamPlayer[] $teamPlayers * @property Player[] $players + * @property string[] $approvedMemberIPs */ class Team extends \yii\db\ActiveRecord { @@ -98,11 +99,12 @@ public function getTeamPlayers() public function getInstances() { - return $this->hasMany(\app\modules\infrastructure\models\TargetInstance::class, ['player_id' => 'player_id']) - ->via('teamPlayers', function($query) { - $query->andWhere(['approved' => 1]); - }); + return $this->hasMany(\app\modules\infrastructure\models\TargetInstance::class, ['player_id' => 'player_id']) + ->via('teamPlayers', function ($query) { + $query->andWhere(['approved' => 1]); + }); } + /** * @return \yii\db\ActiveQuery */ @@ -111,6 +113,22 @@ public function getApprovedMembers() return $this->hasMany(TeamPlayer::class, ['team_id' => 'id'])->andWhere(['approved' => 1]); } + /** + * Get array of all approved members currently online + * + * @return array + */ + public function getApprovedMemberIPs() + { + $ips=[]; + foreach ($this->approvedMembers as $tp) { + if ((int)$tp->player->last->vpn_local_address !== 0) { + $ips[] = long2ip($tp->player->last->vpn_local_address); + } + } + return $ips; + } + /** * @return \yii\db\ActiveQuery */ @@ -197,6 +215,6 @@ public function getInvite() */ public function repopulateStream() { - return \Yii::$app->db->createCommand('CALL repopulate_team_stream(:tid)',[':tid'=>$this->id])->execute(); + return \Yii::$app->db->createCommand('CALL repopulate_team_stream(:tid)', [':tid' => $this->id])->execute(); } } From f30dd643aeec0dee7ce01f9ecf7f90dc37f82c12 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:23:33 +0200 Subject: [PATCH 29/71] fix targetInstanceQuery withApprovedMemberHeartbeat --- .../models/TargetInstanceQuery.php | 44 ++++++++++++++++--- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/backend/modules/infrastructure/models/TargetInstanceQuery.php b/backend/modules/infrastructure/models/TargetInstanceQuery.php index 7af994882..da1067901 100644 --- a/backend/modules/infrastructure/models/TargetInstanceQuery.php +++ b/backend/modules/infrastructure/models/TargetInstanceQuery.php @@ -9,16 +9,50 @@ */ class TargetInstanceQuery extends \yii\db\ActiveQuery { + /** + * Filters TargetInstances to those that are active + * and whose team has at least one approved member with vpn_local_address != 0 + */ + public function withApprovedMemberHeartbeat() + { + return $this + // join to the team_instance player with teamPlayer + ->innerJoin(['tp' => 'team_player'], 'target_instance.player_id = tp.player_id AND tp.approved = 1') + // join to the team + ->innerJoin(['t' => 'team'], 'tp.team_id = t.id') + // join to approved members of the team + ->innerJoin(['am' => 'team_player'], 'am.team_id = t.id AND am.approved = 1') + // join approved member's last + ->innerJoin(['al' => 'player_last'], 'al.id = am.player_id and al.vpn_local_address is not null') + // ensure the approved member has a vpn_local_address + ->distinct(); + } + public function active() { - return $this->andWhere('[[ip]] IS NOT NULL')->andWhere('[[reboot]]!=2'); + return $this->andWhere('target_instance.[[ip]] IS NOT NULL')->andWhere('target_instance.[[reboot]]!=2'); + } + + public function last_updated(int $seconds_ago = 1) + { + return $this->andWhere(['<', 'target_instance.[[updated_at]]', new \yii\db\Expression("NOW() - INTERVAL $seconds_ago SECOND")]); } - public function pending_action(int $minutes_ago = 60) + public function pending_action(int $seconds_ago = 1) { - if($minutes_ago !== 0) - return $this->andWhere('[[ip]] IS NULL')->orWhere(['>', 'reboot', 0])->orWhere(['<', 'updated_at', new \yii\db\Expression("NOW() - INTERVAL $minutes_ago MINUTE")]); - return $this->andWhere('[[ip]] IS NULL')->orWhere(['>', 'reboot', 0]); + return $this->addSelect([ + 'target_instance.*', + 'reboot' => new \yii\db\Expression( + "IF(target_instance.updated_at < (NOW() - INTERVAL :seconds SECOND), 2, target_instance.reboot)", + [':seconds' => $seconds_ago] + ), + ]) + ->andWhere([ + 'or', + ['target_instance.ip' => null], + ['>', 'target_instance.reboot', 0], + ['<', 'target_instance.updated_at', new \yii\db\Expression("NOW() - INTERVAL $seconds_ago SECOND")] + ]); } From abe52d67d37e0c23f514cb85fd60d60a6a531fd9 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:24:04 +0200 Subject: [PATCH 30/71] dont apply timezone twice --- backend/modules/settings/models/Sysconfig.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/backend/modules/settings/models/Sysconfig.php b/backend/modules/settings/models/Sysconfig.php index 021aad19f..7d01d8555 100644 --- a/backend/modules/settings/models/Sysconfig.php +++ b/backend/modules/settings/models/Sysconfig.php @@ -56,7 +56,7 @@ public function afterFind() if ($this->val == 0 || $this->val == "") $this->val = ""; else - $this->val = Yii::$app->formatter->asDatetime($this->val, 'php:Y-m-d H:i:s', 'UTC'); + $this->val = date('Y-m-d H:i:s', $this->val); break; default: break; @@ -101,11 +101,9 @@ public function afterSave($insert, $changedAttributes) if ($this->id === 'stripe_webhookLocalEndpoint' && array_key_exists('val', $changedAttributes)) { $oldVal = $changedAttributes['val']; $newVal = $this->val; - if(($u=UrlRoute::findOne(['destination'=>'subscription/default/webhook']))!==NULL) - { - $u->updateAttributes(['source'=>$newVal]); + if (($u = UrlRoute::findOne(['destination' => 'subscription/default/webhook'])) !== NULL) { + $u->updateAttributes(['source' => $newVal]); } - } } From 0c552eb380cd3662c64afc9d2dd603062363a05d Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:27:48 +0200 Subject: [PATCH 31/71] update some default migration settings --- .../m000000_000001_system_settings.php | 30 ++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/contrib/sample-migrations/m000000_000001_system_settings.php b/contrib/sample-migrations/m000000_000001_system_settings.php index 5b76f0a90..ff7323611 100644 --- a/contrib/sample-migrations/m000000_000001_system_settings.php +++ b/contrib/sample-migrations/m000000_000001_system_settings.php @@ -31,6 +31,10 @@ class m000000_000001_system_settings extends Migration ['id' => "leaderboard_show_zero", 'val' => "0"], ['id' => "leaderboard_visible_after_event_end", 'val' => "1"], ['id' => "leaderboard_visible_before_event_start", 'val' => "0"], + ['id' => "country_rankings", 'val' => "0"], + ['id' => "player_point_rankings", 'val' => "0"], + ['id' => "player_monthly_rankings", 'val' => "0"], + ['id' => 'frontpage_scenario', 'val' => 'Welcome to our lovely event... Edit from backend Content => Frontpage Scenario'], ['id' => "event_end_notification_title", 'val' => "🎉 Our awesome echoCTF finished 🎉"], ['id' => "event_end_notification_body", 'val' => "The awesome echoCTF is over 🎉🎉🎉 Congratulations to you and your team 👏👏👏 Thank you for participating!!!"], @@ -59,23 +63,38 @@ class m000000_000001_system_settings extends Migration ['id' => "team_manage_members", 'val' => "1"], ['id' => "team_required", 'val' => "1"], ['id' => 'team_visible_instances', 'val' => "1"], + ['id' => 'team_only_leaderboards', 'val' => "1"], + ['id' => 'team_encrypted_claims_allowed', 'val' => "1"], + /** * Player settings */ ['id' => "approved_avatar", 'val' => "1"], ['id' => "player_profile", 'val' => "1"], ['id' => "profile_visibility", 'val' => "public"], - ['id' => "require_activation", 'val' => "0"], - ['id' => 'player_require_identification', 'val' => "0"], + ['id' => "require_activation", 'val' => "1"], + ['id' => 'player_require_identification', 'val' => "1"], ['id' => 'all_players_vip', 'val' => "1"], - ['id' => 'player_require_approval', 'val' => "0"], + ['id' => 'player_require_approval', 'val' => "1"], ['id' => 'profile_discord', 'val' => "1"], ['id' => 'profile_echoctf', 'val' => "1"], ['id' => 'profile_github', 'val' => "1"], ['id' => 'profile_settings_fields', 'val' => 'avatar,bio,country,discord,echoctf,email,fullname,github,pending_progress,twitter,username,visibility'], + ['id' => 'avatar_robohash_set', 'val' => 'set3'], + /** * Configuration settings */ + ['id' => 'target_guest_view_deny', 'val' => '1'], + ['id' => 'disable_ondemand_operations', 'val' => '1'], + ['id' => 'module_smartcity_disabled', 'val' => '1'], + ['id' => 'module_speedprogramming_enabled', 'val' => '0'], + ['id' => 'dashboard_news_total_pages', 'val' => '10'], + ['id' => 'dashboard_news_records_per_page', 'val' => '3'], + ['id' => 'force_https_urls', 'val' => '1'], + ['id' => 'subscriptions_menu_show', 'val' => '0'], + ['id' => 'log_failed_claims', 'val' => '1'], + ['id' => 'academic_grouping', 'val' => '0'], ['id' => "challenge_home", 'val' => "uploads/"], ['id' => "dashboard_is_home", 'val' => "1"], @@ -126,8 +145,11 @@ class m000000_000001_system_settings extends Migration */ public function safeUp() { - foreach ($this->news as $entry) + foreach ($this->news as $entry) { + $entry['created_at']=new \yii\db\Expression('NOW()'); + $entry['updated_at']=new \yii\db\Expression('NOW()'); $this->upsert('news', $entry, true); + } // delete not needed url routes foreach ($this->delete_url_routes as $route) { From d659c7978b2dbb4caee2e0daa3382b53d213d06f Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:28:11 +0200 Subject: [PATCH 32/71] private_network and private_network_targets is needed --- contrib/findingsd-federated.sql | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/contrib/findingsd-federated.sql b/contrib/findingsd-federated.sql index ac873b622..7456e9f2a 100644 --- a/contrib/findingsd-federated.sql +++ b/contrib/findingsd-federated.sql @@ -116,6 +116,33 @@ CREATE TABLE `player_ssl` ( UNIQUE KEY `serial` (`serial`) ) ENGINE=FEDERATED DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci CONNECTION='mysql://{{db_user}}:{{db_pass}}@{{db_host}}:3306/{{db_name}}/player_ssl'; +DROP TABLE IF EXISTS `private_network`; +CREATE TABLE `private_network` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `player_id` int(11) unsigned DEFAULT NULL, + `name` varchar(255) DEFAULT NULL, + `team_accessible` tinyint(1) DEFAULT NULL, + `created_at` datetime DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `idx-private_network-player_id` (`player_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci CONNECTION='mysql://{{db_user}}:{{db_pass}}@{{db_host}}:3306/{{db_name}}/private_network'; + +DROP TABLE IF EXISTS `private_network_target`; +CREATE TABLE `private_network_target` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `private_network_id` int(11) DEFAULT NULL, + `target_id` int(11) NOT NULL, + `ip` int(11) unsigned DEFAULT NULL, + `state` smallint(6) unsigned DEFAULT 0, + `server_id` int(11) DEFAULT NULL, + `ipoctet` varchar(15) GENERATED ALWAYS AS (inet_ntoa(`ip`)) VIRTUAL, + PRIMARY KEY (`id`), + UNIQUE KEY `idx-unique-private_network_id-target_id` (`private_network_id`,`target_id`), + KEY `idx-private_network_target-private_network_id` (`private_network_id`), + KEY `idx-private_network_target-server_id` (`server_id`), + KEY `idx-private_network_target-target_id` (`target_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci CONNECTION='mysql://{{db_user}}:{{db_pass}}@{{db_host}}:3306/{{db_name}}/private_network_target'; + DROP TABLE IF EXISTS `debuglogs`; CREATE TABLE debuglogs ( From 6161138754bf01a9e12eda040e31ac4c1245cda3 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:28:49 +0200 Subject: [PATCH 33/71] update triggers to match --- schemas/echoCTF-triggers.sql | 207 +++++++++++++++++++---------------- 1 file changed, 111 insertions(+), 96 deletions(-) diff --git a/schemas/echoCTF-triggers.sql b/schemas/echoCTF-triggers.sql index b558677d4..6f70a6f55 100644 --- a/schemas/echoCTF-triggers.sql +++ b/schemas/echoCTF-triggers.sql @@ -127,38 +127,49 @@ CREATE TRIGGER `tbi_headshot` BEFORE INSERT ON `headshot` FOR EACH ROW END IF; END ;; -DROP TRIGGER IF EXISTS tai_headshot ;; +DROP TRIGGER IF EXISTS `tai_headshot` ;; CREATE TRIGGER `tai_headshot` AFTER INSERT ON `headshot` FOR EACH ROW - thisBegin:BEGIN - DECLARE private_instance int; - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; - SET private_instance=(SELECT COUNT(*) FROM target_instance WHERE player_id=NEW.player_id AND target_id=NEW.target_id); - IF (SELECT headshot_spin FROM target WHERE id=NEW.target_id)>0 AND private_instance<1 THEN - INSERT IGNORE INTO spin_queue (target_id, player_id,created_at) VALUES (NEW.target_id,NEW.player_id,NOW()); - ELSEIF private_instance>0 THEN - UPDATE target_instance SET reboot=2 WHERE player_id=NEW.player_id AND target_id=NEW.target_id; - END IF; - IF (SELECT count(*) FROM target_ondemand WHERE target_id=NEW.target_id AND state=1)>0 THEN - UPDATE target_ondemand SET heartbeat=(NOW() - INTERVAL 59 MINUTE - INTERVAL 30 SECOND) WHERE target_id=NEW.target_id; - END IF; - UPDATE target_state SET total_headshots=total_headshots+1,timer_avg=(SELECT ifnull(round(avg(timer)),0) FROM headshot WHERE target_id=NEW.target_id) WHERE id=NEW.target_id; - END ;; + thisBegin:BEGIN + DECLARE private_instance int; + DECLARE local_points int; + DECLARE lheadshot_points int; + DECLARE lfirst_headshot_points int; + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; + SET local_points=0; + SELECT headshot_points,first_headshot_points INTO lheadshot_points,lfirst_headshot_points FROM target WHERE id=NEW.target_id; + SET private_instance=(SELECT COUNT(*) FROM target_instance WHERE player_id=NEW.player_id AND target_id=NEW.target_id); + IF (SELECT headshot_spin FROM target WHERE id=NEW.target_id)>0 AND private_instance<1 THEN + INSERT IGNORE INTO spin_queue (target_id, player_id,created_at) VALUES (NEW.target_id,NEW.player_id,NOW()); + ELSEIF private_instance>0 THEN + UPDATE target_instance SET reboot=2 WHERE player_id=NEW.player_id AND target_id=NEW.target_id; + END IF; + IF (SELECT count(*) FROM target_ondemand WHERE target_id=NEW.target_id AND state=1)>0 THEN + UPDATE target_ondemand SET heartbeat=(NOW() - INTERVAL 59 MINUTE - INTERVAL 30 SECOND) WHERE target_id=NEW.target_id; + END IF; + IF NEW.first = 1 AND lfirst_headshot_points>0 THEN + SET local_points=lfirst_headshot_points; + ELSEIF lheadshot_points>0 THEN + SET local_points=lheadshot_points; + END IF; + INSERT INTO stream (player_id,model,model_id,points,title,message,pubtitle,pubmessage,ts) VALUES (NEW.player_id,'headshot',NEW.target_id,local_points,'','','','',now()); + UPDATE target_state SET total_headshots=total_headshots+1,timer_avg=(SELECT ifnull(round(avg(timer)),0) FROM headshot WHERE target_id=NEW.target_id) WHERE id=NEW.target_id; + END ;; DROP TRIGGER IF EXISTS tau_headshot ;; CREATE TRIGGER `tau_headshot` AFTER UPDATE ON `headshot` FOR EACH ROW - thisBegin:BEGIN - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; +thisBegin:BEGIN + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; IF (OLD.rating IS NULL AND NEW.rating IS NOT NULL) OR (OLD.rating IS NOT NULL and NEW.rating!=OLD.rating) THEN UPDATE target_state SET player_rating=(SELECT round(avg(rating)) FROM headshot WHERE target_id=NEW.target_id AND rating>-1) WHERE id=NEW.target_id; END IF; IF (OLD.timer IS NULL AND NEW.timer IS NOT NULL) OR (OLD.timer IS NOT NULL AND NEW.timer!=OLD.timer) THEN - UPDATE target_state SET timer_avg=(SELECT ifnull(round(avg(timer)),0) FROM headshot WHERE target_id=NEW.target_id and timer>60) WHERE id=NEW.target_id; + UPDATE target_state SET timer_avg=(SELECT ifnull(round(avg(timer)),0) FROM headshot WHERE target_id=NEW.target_id and timer>60) WHERE id=NEW.target_id; END IF; - END ;; + END ;; DROP TRIGGER IF EXISTS tad_headshot ;; CREATE TRIGGER `tad_headshot` AFTER DELETE ON `headshot` FOR EACH ROW @@ -214,7 +225,7 @@ CREATE TRIGGER tai_player AFTER INSERT ON player FOR EACH ROW DROP TRIGGER IF EXISTS tau_player ;; CREATE TRIGGER `tau_player` AFTER UPDATE ON `player` FOR EACH ROW - thisBegin:BEGIN +thisBegin:BEGIN DECLARE ltitle VARCHAR(30) DEFAULT 'Joined the platform'; IF (@TRIGGER_CHECKS = FALSE) THEN LEAVE thisBegin; @@ -249,23 +260,23 @@ CREATE TRIGGER `tau_player` AFTER UPDATE ON `player` FOR EACH ROW ELSEIF NEW.status=10 AND (OLD.status=9 OR OLD.status=8) THEN DELETE FROM player_token WHERE player_id=NEW.id AND `type`='email_verification'; END IF; - END ;; +END ;; DROP TRIGGER IF EXISTS tbd_player ;; CREATE TRIGGER `tbd_player` BEFORE DELETE ON `player` FOR EACH ROW - thisBegin:BEGIN - DECLARE tid INT default 0; - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; - SELECT id INTO tid FROM team where owner_id=OLD.id; - IF tid > 0 THEN - DELETE FROM team_score WHERE team_id=tid; - END IF; - DELETE FROM player_ssl WHERE player_id=OLD.id; - DELETE FROM player_rank WHERE player_id=OLD.id; +thisBegin:BEGIN + DECLARE tid INT default 0; + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; + SELECT id INTO tid FROM team where owner_id=OLD.id; + IF tid > 0 THEN + DELETE FROM team_score WHERE team_id=tid; + END IF; + DELETE FROM player_ssl WHERE player_id=OLD.id; + DELETE FROM player_rank WHERE player_id=OLD.id; DELETE FROM headshot WHERE player_id=OLD.id; - END ;; +END ;; DROP TRIGGER IF EXISTS tad_player ;; CREATE TRIGGER `tad_player` AFTER DELETE ON `player` FOR EACH ROW @@ -365,7 +376,7 @@ CREATE TRIGGER `tbi_player_finding` BEFORE INSERT ON `player_finding` FOR EACH R DROP TRIGGER IF EXISTS tai_player_finding ;; CREATE TRIGGER `tai_player_finding` AFTER INSERT ON `player_finding` FOR EACH ROW - thisBegin:BEGIN +thisBegin:BEGIN DECLARE local_target_id INT; DECLARE headshoted INT default null; DECLARE min_finding,min_treasure,max_finding,max_treasure, max_val, min_val DATETIME; @@ -391,7 +402,7 @@ CREATE TRIGGER `tai_player_finding` AFTER INSERT ON `player_finding` FOR EACH RO INSERT INTO headshot (player_id,target_id,created_at,timer) VALUES (NEW.player_id,local_target_id,now(),UNIX_TIMESTAMP(max_val)-UNIX_TIMESTAMP(min_val)); END IF; INSERT INTO target_player_state (id,player_id,player_findings,player_points,created_at,updated_at) VALUES (local_target_id,NEW.player_id,1,NEW.points,now(),now()) ON DUPLICATE KEY UPDATE player_findings=player_findings+values(player_findings),player_points=player_points+values(player_points),updated_at=now(); - END ;; +END ;; DROP TRIGGER IF EXISTS tad_player_finding ;; CREATE TRIGGER `tad_player_finding` AFTER DELETE ON `player_finding` FOR EACH ROW @@ -408,25 +419,25 @@ END ;; DROP TRIGGER IF EXISTS tau_player_last ;; CREATE TRIGGER `tau_player_last` AFTER UPDATE ON `player_last` FOR EACH ROW - thisBegin:BEGIN - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; +thisBegin:BEGIN + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; - IF (OLD.vpn_local_address IS NULL AND NEW.vpn_local_address IS NOT NULL) THEN - DO memc_set(CONCAT('ovpn:',NEW.id),INET_NTOA(NEW.vpn_local_address)); - DO memc_set(CONCAT('ovpn:',INET_NTOA(NEW.vpn_local_address)),NEW.id); - DO memc_set(CONCAT('ovpn_remote:',NEW.id),INET_NTOA(NEW.vpn_remote_address)); - ELSEIF (OLD.vpn_local_address IS NOT NULL AND NEW.vpn_local_address IS NULL) THEN - DO memc_delete(CONCAT('ovpn:',NEW.id)); - DO memc_delete(CONCAT('ovpn_remote:',NEW.id)); - DO memc_delete(CONCAT('ovpn:',INET_NTOA(OLD.vpn_local_address))); - END IF; + IF (OLD.vpn_local_address IS NULL AND NEW.vpn_local_address IS NOT NULL) THEN + DO memc_set(CONCAT('ovpn:',NEW.id),INET_NTOA(NEW.vpn_local_address)); + DO memc_set(CONCAT('ovpn:',INET_NTOA(NEW.vpn_local_address)),NEW.id); + DO memc_set(CONCAT('ovpn_remote:',NEW.id),INET_NTOA(NEW.vpn_remote_address)); + ELSEIF (OLD.vpn_local_address IS NOT NULL AND NEW.vpn_local_address IS NULL) THEN + DO memc_delete(CONCAT('ovpn:',NEW.id)); + DO memc_delete(CONCAT('ovpn_remote:',NEW.id)); + DO memc_delete(CONCAT('ovpn:',INET_NTOA(OLD.vpn_local_address))); + END IF; - IF (OLD.vpn_local_address IS NULL AND NEW.vpn_local_address IS NOT NULL) OR (OLD.vpn_local_address IS NOT NULL AND NEW.vpn_local_address IS NOT NULL AND NEW.vpn_local_address!=OLD.vpn_local_address) THEN - INSERT INTO `player_vpn_history` (`player_id`,`vpn_local_address`,`vpn_remote_address`) VALUES (NEW.id,NEW.vpn_local_address,NEW.vpn_remote_address); - END IF; - END ;; + IF (OLD.vpn_local_address IS NULL AND NEW.vpn_local_address IS NOT NULL) OR (OLD.vpn_local_address IS NOT NULL AND NEW.vpn_local_address IS NOT NULL AND NEW.vpn_local_address!=OLD.vpn_local_address) THEN + INSERT INTO `player_vpn_history` (`player_id`,`vpn_local_address`,`vpn_remote_address`) VALUES (NEW.id,NEW.vpn_local_address,NEW.vpn_remote_address); + END IF; +END ;; DROP TRIGGER IF EXISTS tai_player_question ;; CREATE TRIGGER `tai_player_question` AFTER INSERT ON `player_question` FOR EACH ROW @@ -533,35 +544,35 @@ CREATE TRIGGER `tbi_player_treasure` BEFORE INSERT ON `player_treasure` FOR EACH DROP TRIGGER IF EXISTS tai_player_treasure ;; CREATE TRIGGER `tai_player_treasure` AFTER INSERT ON `player_treasure` FOR EACH ROW - thisBegin:BEGIN - DECLARE local_target_id INT; - DECLARE headshoted INT default null; +thisBegin:BEGIN + DECLARE local_target_id INT; + DECLARE headshoted INT default null; DECLARE tfindings,pfindings INT; - DECLARE min_finding,min_treasure,max_finding,max_treasure, max_val, min_val DATETIME; + DECLARE min_finding,min_treasure,max_finding,max_treasure, max_val, min_val DATETIME; - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; - CALL add_treasure_stream(NEW.player_id,'treasure',NEW.treasure_id,NEW.points); - CALL add_player_treasure_hint(NEW.player_id,NEW.treasure_id); + CALL add_treasure_stream(NEW.player_id,'treasure',NEW.treasure_id,NEW.points); + CALL add_player_treasure_hint(NEW.player_id,NEW.treasure_id); - SET local_target_id=(SELECT target_id FROM treasure WHERE id=NEW.treasure_id); - SET headshoted=(select true as headshoted FROM target as t left join treasure as t2 on t2.target_id=t.id left join finding as t3 on t3.target_id=t.id LEFT JOIN player_treasure as t4 on t4.treasure_id=t2.id and t4.player_id=NEW.player_id left join player_finding as t5 on t5.finding_id=t3.id and t5.player_id=NEW.player_id WHERE t.id=local_target_id GROUP BY t.id HAVING count(distinct t2.id)=count(distinct t4.treasure_id) AND count(distinct t3.id)=count(distinct t5.finding_id)); + SET local_target_id=(SELECT target_id FROM treasure WHERE id=NEW.treasure_id); + SET headshoted=(select true as headshoted FROM target as t left join treasure as t2 on t2.target_id=t.id left join finding as t3 on t3.target_id=t.id LEFT JOIN player_treasure as t4 on t4.treasure_id=t2.id and t4.player_id=NEW.player_id left join player_finding as t5 on t5.finding_id=t3.id and t5.player_id=NEW.player_id WHERE t.id=local_target_id GROUP BY t.id HAVING count(distinct t2.id)=count(distinct t4.treasure_id) AND count(distinct t3.id)=count(distinct t5.finding_id)); SET tfindings=(SELECT count(*) FROM finding WHERE target_id=local_target_id); SET pfindings=(SELECT count(*) FROM player_finding WHERE player_id=NEW.player_id AND finding_id IN (SELECT id FROM finding WHERE target_id=local_target_id)); - IF headshoted IS NOT NULL THEN - SELECT min(ts),max(ts) INTO min_finding,max_finding FROM player_finding WHERE player_id=NEW.player_id AND finding_id IN (SELECT id FROM finding WHERE target_id=local_target_id); - SELECT min(ts),max(ts) INTO min_treasure,max_treasure FROM player_treasure WHERE player_id=NEW.player_id AND treasure_id IN (SELECT id FROM treasure WHERE target_id=local_target_id); - SELECT GREATEST(max_finding, max_treasure), LEAST(min_finding, min_treasure) INTO max_val,min_val; - INSERT INTO headshot (player_id,target_id,created_at,timer) VALUES (NEW.player_id,local_target_id,now(),UNIX_TIMESTAMP(max_val)-UNIX_TIMESTAMP(min_val)); - END IF; - INSERT INTO target_player_state (id,player_id,player_treasures,player_points,created_at,updated_at) VALUES (local_target_id,NEW.player_id,1,NEW.points,now(),now()) ON DUPLICATE KEY UPDATE player_treasures=player_treasures+values(player_treasures),player_points=player_points+values(player_points),updated_at=now(); + IF headshoted IS NOT NULL THEN + SELECT min(ts),max(ts) INTO min_finding,max_finding FROM player_finding WHERE player_id=NEW.player_id AND finding_id IN (SELECT id FROM finding WHERE target_id=local_target_id); + SELECT min(ts),max(ts) INTO min_treasure,max_treasure FROM player_treasure WHERE player_id=NEW.player_id AND treasure_id IN (SELECT id FROM treasure WHERE target_id=local_target_id); + SELECT GREATEST(max_finding, max_treasure), LEAST(min_finding, min_treasure) INTO max_val,min_val; + INSERT INTO headshot (player_id,target_id,created_at,timer) VALUES (NEW.player_id,local_target_id,now(),UNIX_TIMESTAMP(max_val)-UNIX_TIMESTAMP(min_val)); + END IF; + INSERT INTO target_player_state (id,player_id,player_treasures,player_points,created_at,updated_at) VALUES (local_target_id,NEW.player_id,1,NEW.points,now(),now()) ON DUPLICATE KEY UPDATE player_treasures=player_treasures+values(player_treasures),player_points=player_points+values(player_points),updated_at=now(); IF tfindings > 0 AND pfindings = 0 THEN INSERT INTO abuser (player_id,title,reason,model,model_id,created_at,updated_at) VALUES (NEW.player_id,'Claim flag before finding','tai_player_treasure','treasure',NEW.treasure_id,NOW(),NOW()); END IF; - END ;; +END ;; DROP TRIGGER IF EXISTS tbi_profile ;; CREATE TRIGGER `tbi_profile` BEFORE INSERT ON `profile` FOR EACH ROW @@ -611,29 +622,29 @@ END ;; DROP TRIGGER IF EXISTS tai_stream ;; CREATE TRIGGER `tai_stream` AFTER INSERT ON `stream` FOR EACH ROW - thisBegin:BEGIN - DECLARE lteam_id INT; - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; - IF NEW.points>0 THEN - INSERT INTO player_score (player_id,points) VALUES (NEW.player_id,NEW.points) ON DUPLICATE KEY UPDATE points=points+values(points); - END IF; - SELECT team_id INTO lteam_id FROM team_player WHERE player_id=NEW.player_id AND approved=1; - IF lteam_id IS NOT NULL THEN +thisBegin:BEGIN + DECLARE lteam_id INT; + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; + IF NEW.points>0 THEN + INSERT INTO player_score (player_id,points) VALUES (NEW.player_id,NEW.points) ON DUPLICATE KEY UPDATE points=points+values(points); + END IF; + SELECT team_id INTO lteam_id FROM team_player WHERE player_id=NEW.player_id AND approved=1; + IF lteam_id IS NOT NULL THEN INSERT IGNORE INTO team_stream (stream_id,player_id,team_id,model,model_id,points,ts) VALUES (NEW.id,NEW.player_id,lteam_id,NEW.model,NEW.model_id,NEW.points,NEW.ts); - END IF; - END ;; + END IF; +END ;; DROP TRIGGER IF EXISTS tad_stream ;; CREATE TRIGGER `tad_stream` AFTER DELETE ON `stream` FOR EACH ROW - thisBegin:BEGIN - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; - INSERT INTO player_score (player_id,points) VALUES (OLD.player_id,-OLD.points) ON DUPLICATE KEY UPDATE points=if(points+values(points)<0,0,points+values(points)); +thisBegin:BEGIN + IF (@TRIGGER_CHECKS = FALSE) THEN + LEAVE thisBegin; + END IF; + INSERT INTO player_score (player_id,points) VALUES (OLD.player_id,-OLD.points) ON DUPLICATE KEY UPDATE points=if(points+values(points)<0,0,points+values(points)); DELETE FROM team_stream where stream_id=OLD.id; - END ;; +END ;; DROP TRIGGER IF EXISTS tai_sysconfig ;; CREATE TRIGGER `tai_sysconfig` AFTER INSERT ON `sysconfig` FOR EACH ROW @@ -976,12 +987,16 @@ CREATE TRIGGER `tad_writeup` AFTER DELETE ON `writeup` FOR EACH ROW DROP TRIGGER IF EXISTS tai_player_target_help ;; CREATE TRIGGER tai_player_target_help AFTER INSERT ON player_target_help FOR EACH ROW - thisBegin:BEGIN +thisBegin:BEGIN + DECLARE stream_player_target_help INT; IF (@TRIGGER_CHECKS = FALSE) THEN LEAVE thisBegin; END IF; - INSERT INTO stream (player_id,model,model_id,points,title,message,pubtitle,pubmessage,ts) VALUES (NEW.player_id,'player_target_help',NEW.target_id,0,'','','','',now()); - END ;; + SET stream_player_target_help=memc_get('sysconfig:stream_player_target_help'); + IF stream_player_target_help IS NOT NULL and stream_player_target_help=1 THEN + INSERT INTO stream (player_id,model,model_id,points,title,message,pubtitle,pubmessage,ts) VALUES (NEW.player_id,'player_target_help',NEW.target_id,0,'Activated writeups for {target}','','','',now()); + END IF; +END ;; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; From 98da78b159c7479203531638c1b38bc2dbccc3fe Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:29:04 +0200 Subject: [PATCH 34/71] update routines to match --- schemas/echoCTF-routines.sql | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/schemas/echoCTF-routines.sql b/schemas/echoCTF-routines.sql index a289d74c9..7eb951c95 100644 --- a/schemas/echoCTF-routines.sql +++ b/schemas/echoCTF-routines.sql @@ -403,23 +403,16 @@ BEGIN UPDATE team_score SET points=0 WHERE team_id=tid; DELETE FROM team_stream WHERE team_id=tid; INSERT INTO team_stream (stream_id,player_id,team_id,model,model_id,points,ts) - SELECT id, player_id, tid, model, model_id, points, ts - FROM ( - SELECT s.*, - ROW_NUMBER() OVER ( - PARTITION BY model, model_id - ORDER BY ts ASC, id ASC - ) AS rn - FROM stream s - WHERE model != 'user' - AND player_id IN ( - SELECT player_id - FROM team_player - WHERE team_id = tid AND approved=1 - ) - ) t - WHERE rn = 1 - ORDER BY id, ts; + SELECT id, player_id, tid, model, model_id, points, ts + FROM ( + SELECT s.*, + ROW_NUMBER() OVER (PARTITION BY model, model_id ORDER BY ts ASC, id ASC) AS rn + FROM stream s + WHERE model != 'user' + AND player_id IN (SELECT player_id FROM team_player WHERE team_id = tid AND approved=1) + ) t + WHERE rn = 1 + ORDER BY id, ts; IF `_rollback` THEN ROLLBACK; ELSE From fca1e5190cb5af85ca0cb27d2059aee67b9f7a86 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:30:14 +0200 Subject: [PATCH 35/71] if team_visible_instances or team_subscription show only spawn team instance --- .../targetcardactions/TargetCardActions.php | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/frontend/widgets/targetcardactions/TargetCardActions.php b/frontend/widgets/targetcardactions/TargetCardActions.php index a315e5b67..a34d0c071 100644 --- a/frontend/widgets/targetcardactions/TargetCardActions.php +++ b/frontend/widgets/targetcardactions/TargetCardActions.php @@ -92,7 +92,6 @@ public function prep_instance_actions() 'linkOptions' => $linkOptions ]; } elseif ($this->target_instance === NULL) { - $this->target_actions[] = [ 'label' => \Yii::t('app', '  Spawn a private instance'), 'url' => Url::to(['/target/default/spawn', 'id' => $this->model->id]), @@ -100,16 +99,20 @@ public function prep_instance_actions() 'linkOptions' => ArrayHelper::merge($this->linkOptions, ['data-confirm' => \Yii::t('app', 'You are about to spawn a private instance of this target. Once booted, this instance will only be accessible by you and its IP will become visible here.')]) ]; // display start team instance - if (\Yii::$app->user->identity->subscription !== null && \Yii::$app->user->identity->subscription->active > 0 && \Yii::$app->user->identity->subscription->product !== null) { - $metadata = json_decode(\Yii::$app->user->identity->subscription->product->metadata); - if (isset($metadata->team_subscription) && boolval($metadata->team_subscription) === true) { - $this->target_actions[] = [ - 'label' => \Yii::t('app', '  Spawn a team instance'), - 'url' => Url::to(['/target/default/spawn', 'id' => $this->model->id, 'team' => true]), - 'options' => ['style' => 'white-space: nowrap;'], - 'linkOptions' => ArrayHelper::merge($this->linkOptions, ['data-confirm' => \Yii::t('app', 'You are about to spawn an instance of this target for your entire team. Once booted, this instance will only be accessible by you and your team. The IP will become visible here.')]) - ]; - } + if ( + \Yii::$app->sys->team_visible_instances === true || (\Yii::$app->user->identity->subscription !== null + && \Yii::$app->user->identity->subscription->active > 0 + && \Yii::$app->user->identity->subscription->product !== null + && ($metadata = json_decode(\Yii::$app->user->identity->subscription->product->metadata) !== null + && isset($metadata->team_subscription) && boolval($metadata->team_subscription) === true)) + ) { + $key = \Yii::$app->sys->team_visible_instances === true ? 0 : null; + $this->target_actions[$key] = [ + 'label' => \Yii::t('app', '  Spawn a team instance'), + 'url' => Url::to(['/target/default/spawn', 'id' => $this->model->id, 'team' => true]), + 'options' => ['style' => 'white-space: nowrap;'], + 'linkOptions' => ArrayHelper::merge($this->linkOptions, ['data-confirm' => \Yii::t('app', 'You are about to spawn an instance of this target for your entire team. Once booted, this instance will only be accessible by you and your team. The IP will become visible here.')]) + ]; } } elseif ($this->target_instance->target_id !== $this->model->id) { $this->target_actions[] = [ @@ -168,7 +171,7 @@ public function prep_private_network_target_actions() if ($this->model->private_network_id === null) return; - if(\app\modules\network\models\PrivateNetwork::findOne(['id'=>$this->model->private_network_id,'player_id'=>Yii::$app->user->id])!==NULL) + if (\app\modules\network\models\PrivateNetwork::findOne(['id' => $this->model->private_network_id, 'player_id' => Yii::$app->user->id]) !== NULL) if ($this->model->ipoctet !== '0.0.0.0' && $this->model->ipoctet !== NULL && intval($this->model->state) === 0) { $this->target_actions[] = [ 'label' => \Yii::t('app', '  Reboot target'), From 2c85024768d57830e1da349fd13b87307a49782c Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:30:47 +0200 Subject: [PATCH 36/71] use inviteOrCreate instead --- .../material/modules/team/views/default/_team_card.php | 6 +++--- .../themes/material/modules/team/views/default/view.php | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/frontend/themes/material/modules/team/views/default/_team_card.php b/frontend/themes/material/modules/team/views/default/_team_card.php index 08939f0de..8b540334c 100644 --- a/frontend/themes/material/modules/team/views/default/_team_card.php +++ b/frontend/themes/material/modules/team/views/default/_team_card.php @@ -89,9 +89,9 @@
user->identity->isAdmin || (Yii::$app->user->identity->team && !$model->inviteonly || ($invite === false && $listing === true))) : ?> $model->token], ['class' => 'btn block text-dark text-bold orbitron' . (!$model->inviteonly ? ' btn-info' : ' btn-warning')]) ?> - getTeamPlayers()->count()) < Yii::$app->sys->members_per_team && !Yii::$app->user->identity->team && !$model->locked && $model->invite) : ?> - $model->invite->token], ['class' => 'btn block btn-primary text-dark text-bold orbitron', 'data-method' => 'POST', 'data' => ['confirm' => 'You are about to join this team. Your membership will have to be confirmed by the team captain.', 'method' => 'POST']]) ?> + getTeamPlayers()->count()) < Yii::$app->sys->members_per_team && !Yii::$app->user->identity->team && !$model->locked && $model->inviteOrCreate) : ?> + $model->inviteOrCreate->token], ['class' => 'btn block btn-primary text-dark text-bold orbitron', 'data-method' => 'POST', 'data' => ['confirm' => 'You are about to join this team. Your membership will have to be confirmed by the team captain.', 'method' => 'POST']]) ?>

- \ No newline at end of file + diff --git a/frontend/themes/material/modules/team/views/default/view.php b/frontend/themes/material/modules/team/views/default/view.php index 23e71ed62..4a34bd3be 100644 --- a/frontend/themes/material/modules/team/views/default/view.php +++ b/frontend/themes/material/modules/team/views/default/view.php @@ -19,10 +19,10 @@

[name) ?>]

getTeamPlayers()->count() < Yii::$app->sys->members_per_team): ?>

- owner_id === Yii::$app->user->id || ($team->invite && !$team->inviteonly)): ?> + owner_id === Yii::$app->user->id || ($team->inviteOrCreate && !$team->inviteonly)): ?> owner_id === Yii::$app->user->id) $class .= ' copy-to-clipboard'; ?> - $team->invite->token], 'https'), Url::to(['/team/default/invite', 'token' => $team->invite->token], 'https'), ['class' => $class, 'swal-data' => 'Copied to clipboard!']); ?> + $team->inviteOrCreate->token], 'https'), Url::to(['/team/default/invite', 'token' => $team->inviteOrCreate->token], 'https'), ['class' => $class, 'swal-data' => 'Copied to clipboard!']); ?> recruitment) ?> @@ -179,8 +179,8 @@

- getTeamPlayers()->count()) < Yii::$app->sys->members_per_team && !Yii::$app->user->identity->team && !$team->locked && $team->invite && !$team->inviteonly) : ?> - $team->invite->token], ['class' => 'btn block btn-primary text-dark text-bold orbitron', 'data-method' => 'POST', 'data' => ['confirm' => 'You are about to join this team. Your membership will have to be confirmed by the team captain.', 'method' => 'POST']]) ?> + getTeamPlayers()->count()) < Yii::$app->sys->members_per_team && !Yii::$app->user->identity->team && !$team->locked && $team->inviteOrCreate && !$team->inviteonly) : ?> + $team->inviteOrCreate->token], ['class' => 'btn block btn-primary text-dark text-bold orbitron', 'data-method' => 'POST', 'data' => ['confirm' => 'You are about to join this team. Your membership will have to be confirmed by the team captain.', 'method' => 'POST']]) ?>

From eb0930e0e4d5c844bee72533b3856dca0a4675ad Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:31:10 +0200 Subject: [PATCH 37/71] Add getInviteOrCreate --- frontend/modules/team/models/Team.php | 53 +++++++++++++++++++-------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/frontend/modules/team/models/Team.php b/frontend/modules/team/models/Team.php index b84435fe7..258454e7b 100644 --- a/frontend/modules/team/models/Team.php +++ b/frontend/modules/team/models/Team.php @@ -25,7 +25,8 @@ * @property Player $owner * @property TeamPlayer[] $teamPlayers * @property Player[] $players - */ + * @property TeamInvite $inviteOrCreate +*/ class Team extends \yii\db\ActiveRecord { public $uploadedAvatar; @@ -142,7 +143,7 @@ public function getRank() */ public function getTeamPlayers() { - return $this->hasMany(TeamPlayer::class, ['team_id' => 'id'])->orderBy(['approved'=>SORT_DESC,'ts'=>SORT_ASC]); + return $this->hasMany(TeamPlayer::class, ['team_id' => 'id'])->orderBy(['approved' => SORT_DESC, 'ts' => SORT_ASC]); } /** @@ -161,6 +162,28 @@ public function getInvite() return $this->hasOne(TeamInvite::class, ['team_id' => 'id']); } + /** + * Returns the related TeamInvite model. + * + * If the invite does not exist yet, it will be created, saved, + * and populated into the `invite` relation. + * + * @return TeamInvite the existing or newly created invite model + * @throws \RuntimeException if the invite cannot be created + */ + public function getInviteOrCreate() + { + if ($this->invite === null) { + $invite = new TeamInvite(['team_id'=>$this->id,'token'=>Yii::$app->security->generateRandomString(8)]); + if (!$invite->save()) { + throw new \RuntimeException('Failed to create TeamInvite'); + } + $this->populateRelation('invite', $invite); + } + + return $this->invite; + } + public function getValidLogo() { if ($this->logo === null || trim($this->logo) === '') @@ -286,21 +309,19 @@ public function getAcademicWord() /** * Generate a new invite url */ - public function generate_invite(){ - if($this->invite) { - $this->invite->token=Yii::$app->security->generateRandomString(8); - if(!$this->invite->save()) - { - throw new UserException(Yii::t('app','Failed to save invite. [{error}]',['error'=>implode(" ",$this->invite->getErrors())])); + public function generate_invite() + { + if ($this->invite) { + $this->invite->token = Yii::$app->security->generateRandomString(8); + if (!$this->invite->save()) { + throw new UserException(Yii::t('app', 'Failed to save invite. [{error}]', ['error' => implode(" ", $this->invite->getErrors())])); } - } - else { - $ti=new TeamInvite; - $ti->team_id=$this->id; - $ti->token=Yii::$app->security->generateRandomString(8); - if(!$ti->save()) - { - throw new UserException(Yii::t('app','Failed to save invite. [{error}]',['error'=>implode(" ",$ti->getErrors())])); + } else { + $ti = new TeamInvite; + $ti->team_id = $this->id; + $ti->token = Yii::$app->security->generateRandomString(8); + if (!$ti->save()) { + throw new UserException(Yii::t('app', 'Failed to save invite. [{error}]', ['error' => implode(" ", $ti->getErrors())])); } } } From c37d80d26437a4775174b3591faf52a8908628ff Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Fri, 23 Jan 2026 19:32:15 +0200 Subject: [PATCH 38/71] simplify team instances --- frontend/modules/target/actions/SpawnRestAction.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/frontend/modules/target/actions/SpawnRestAction.php b/frontend/modules/target/actions/SpawnRestAction.php index e7b0adb6d..916243e49 100644 --- a/frontend/modules/target/actions/SpawnRestAction.php +++ b/frontend/modules/target/actions/SpawnRestAction.php @@ -59,7 +59,7 @@ public function run($id,$team=false) $ti=new TargetInstance; $ti->player_id=Yii::$app->user->id; $ti->target_id=$id; - // pick the least used server currently + $ti->team_allowed=intval(\Yii::$app->sys->team_visible_instances); if(\Yii::$app->user->identity->subscription !== null && \Yii::$app->user->identity->subscription->active > 0 && \Yii::$app->user->identity->subscription->product !== null) { $metadata = json_decode(\Yii::$app->user->identity->subscription->product->metadata); @@ -67,6 +67,8 @@ public function run($id,$team=false) $ti->team_allowed=($team===false ? 0 : 1); } } + + // pick the least used server currently $ti->server_id=intval(Yii::$app->db->createCommand('select id from server t1 left join target_instance t2 on t1.id=t2.server_id group by t1.id order by count(t2.server_id) limit 1')->queryScalar()); if($ti->save()!==false) Yii::$app->session->setFlash('success', sprintf(\Yii::t('app','Spawning new instance for [%s]. You will receive a notification when the instance is up.'), $ti->target->name)); From 609066d8e12b924da67e75a23fe9788409d3129f Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sat, 24 Jan 2026 23:21:12 +0200 Subject: [PATCH 39/71] fix verification token logic bug --- backend/commands/PlayerController.php | 35 ++++++++++++--------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/backend/commands/PlayerController.php b/backend/commands/PlayerController.php index ca6040328..f01f531df 100644 --- a/backend/commands/PlayerController.php +++ b/backend/commands/PlayerController.php @@ -182,7 +182,7 @@ public function actionMail($active = false, $email = false, $status = 9, $approv /* Register Users and generate OpenVPN keys and settings */ - public function actionRegister($username, $email, $fullname, $password = false, $player_type = "offense", bool $active = true, int $status=9, $academic = false, $team_name = false, $approved = 0) + public function actionRegister($username, $email, $fullname, $password = false, $player_type = "offense", bool $active = true, int $status = 9, $academic = false, $team_name = false, $approved = 0) { echo "Registering: ", $email, "\n"; $trans = Yii::$app->db->beginTransaction(); @@ -196,7 +196,7 @@ public function actionRegister($username, $email, $fullname, $password = false, $unique = Player::findOne(['username' => $username]); } $player->username = $username; - echo 'Autogenerated username: ',$player->username,"\n"; + echo 'Autogenerated username: ', $player->username, "\n"; } else $player->username = trim(str_replace(array("\xc2\xa0", "\r\n", "\r"), "", $username)); @@ -215,10 +215,11 @@ public function actionRegister($username, $email, $fullname, $password = false, $player->auth_key = Yii::$app->security->generateRandomString(); if (!$player->saveWithSsl()) { - if (!$player->active && $players->status===9 && intval(\Yii::$app->sys->disable_mailer)==0) { - $player->generateEmailVerificationToken(); - } - throw new ConsoleException('Failed to save player:' . $player->username. "\n"); + throw new ConsoleException('Failed to save player:' . $player->username . "\n"); + } + + if ((!$player->active || $player->status === 9) && intval(\Yii::$app->sys->disable_mailer) == 0) { + $player->generateEmailVerificationToken(); } $player->createTeam($team_name, $approved); @@ -365,23 +366,23 @@ public function actionCheckDupips($skip_uids = false) } } - public function actionFailValidation($delete = false,$extended=false,$csv=false) + public function actionFailValidation($delete = false, $extended = false, $csv = false) { $allRecords = Player::find()->where(['status' => 10])->all(); foreach ($allRecords as $p) { - if($extended!==false) + if ($extended !== false) $p->scenario = 'extendedValidator'; else $p->scenario = 'validator'; if (!$p->validate()) { - echo boolval($csv)===true ? $p->id.",".$p->username : Table::widget([ - 'headers' => ['ID: ' . $p->id.' '.$p->username, 'Description'], + echo boolval($csv) === true ? $p->id . "," . $p->username : Table::widget([ + 'headers' => ['ID: ' . $p->id . ' ' . $p->username, 'Description'], 'rows' => $this->getErrorRows($p), ]); if (boolval($delete) !== false && $p->delete()) { - echo boolval($csv)===true ? ",deleted" : $p->id." Deleted\n"; + echo boolval($csv) === true ? ",deleted" : $p->id . " Deleted\n"; } - echo boolval($csv)===true ? "\n" : ""; + echo boolval($csv) === true ? "\n" : ""; } } } @@ -469,8 +470,7 @@ public function actionFetchIdentification($filter = 'inactive', $scheme = 'https foreach ($players->all() as $player) { $baseDir = \Yii::getAlias('@app/web/identificationFiles/'); echo "processing ", $player->username; - if(!$player->metadata) - { + if (!$player->metadata) { echo " no metadata\n"; continue; } @@ -485,13 +485,10 @@ public function actionFetchIdentification($filter = 'inactive', $scheme = 'https curl_exec($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($status==200) - { + if ($status == 200) { echo " => grabbing ", $baseDir . $player->metadata->identificationFile, "\n"; file_put_contents($baseDir . $player->metadata->identificationFile, fopen("$scheme://" . Yii::$app->sys->offense_domain . '/identificationFiles/' . $player->metadata->identificationFile, 'r')); - } - else - { + } else { echo ", remote identification file not found\n"; } } From d8f6be0c73c1de848f46d8ad6e3be8b89a8b1cb6 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sat, 24 Jan 2026 23:25:24 +0200 Subject: [PATCH 40/71] fix perms for mods --- .../frontend/controllers/PlayerController.php | 2 +- .../controllers/ProfileController.php | 2 +- .../frontend/controllers/TeamController.php | 20 +- .../controllers/ChallengeController.php | 306 +++++++++--------- .../controllers/QuestionController.php | 209 ++++++------ .../controllers/TreasureController.php | 31 +- .../views/target-instance/view.php | 2 +- 7 files changed, 303 insertions(+), 269 deletions(-) diff --git a/backend/modules/frontend/controllers/PlayerController.php b/backend/modules/frontend/controllers/PlayerController.php index 2d8686403..34a4ab359 100644 --- a/backend/modules/frontend/controllers/PlayerController.php +++ b/backend/modules/frontend/controllers/PlayerController.php @@ -32,7 +32,7 @@ public function behaviors() 'class' => \yii\filters\AccessControl::class, 'rules' => [ '00filtered-actions' => [ - 'actions' => ['mail', 'approve', 'reject', 'export'], + 'actions' => ['mail', 'approve', 'reject', 'export','notify','set-deleted','disconnect-vpn','generate-ssl','ajax-search'], 'allow' => true, 'roles' => ['@'], ] diff --git a/backend/modules/frontend/controllers/ProfileController.php b/backend/modules/frontend/controllers/ProfileController.php index f23c4b624..9fba53c01 100644 --- a/backend/modules/frontend/controllers/ProfileController.php +++ b/backend/modules/frontend/controllers/ProfileController.php @@ -32,7 +32,7 @@ public function behaviors() 'class' => \yii\filters\AccessControl::class, 'rules' => [ '00filtered-actions'=>[ - 'actions' => ['view-full','target-progress','score-monthly','headshots','vpn-history','spin-history','notifications'], + 'actions' => ['view-full','target-progress','score-monthly','headshots','vpn-history','spin-history','notifications','stream-lag','vpn-history-duplicates'], 'allow' => true, 'roles' => ['@'], ] diff --git a/backend/modules/frontend/controllers/TeamController.php b/backend/modules/frontend/controllers/TeamController.php index 604253131..39a3f8067 100644 --- a/backend/modules/frontend/controllers/TeamController.php +++ b/backend/modules/frontend/controllers/TeamController.php @@ -24,7 +24,17 @@ class TeamController extends \app\components\BaseController */ public function behaviors() { - return ArrayHelper::merge(parent::behaviors(), [ + return ArrayHelper::merge([ + 'access' => [ + 'class' => \yii\filters\AccessControl::class, + 'rules' => [ + '00filtered-actions' => [ + 'actions' => ['free-player-ajax-search','notify','ajax-search'], + 'allow' => true, + 'roles' => ['@'], + ] + ], + ], 'rules' => [ 'class' => 'yii\filters\AjaxFilter', 'only' => ['free-player-ajax-search'] @@ -36,7 +46,7 @@ public function behaviors() 'repopulate-stream' => ['POST'], ], ], - ]); + ], parent::behaviors()); } /** @@ -187,13 +197,11 @@ public function actionToggleAcademic($id) $trans = Yii::$app->db->beginTransaction(); try { $model->updateAttributes(['academic' => ($model->academic + 1) % \Yii::$app->sys->academic_grouping]); - foreach($model->teamPlayers as $p) - { - $p->updateAttributes(['academic'=>$model->academic]); + foreach ($model->teamPlayers as $p) { + $p->updateAttributes(['academic' => $model->academic]); } $trans->commit(); \Yii::$app->getSession()->setFlash('success', Yii::t('app', 'Team changed academic grouping.')); - } catch (\Exception $e) { $trans->rollBack(); \Yii::$app->getSession()->setFlash('error', Yii::t('app', 'Failed to update academic grouping for team')); diff --git a/backend/modules/gameplay/controllers/ChallengeController.php b/backend/modules/gameplay/controllers/ChallengeController.php index 893a293c5..281693787 100644 --- a/backend/modules/gameplay/controllers/ChallengeController.php +++ b/backend/modules/gameplay/controllers/ChallengeController.php @@ -22,167 +22,171 @@ class ChallengeController extends \app\components\BaseController /** * {@inheritdoc} */ - public function behaviors() - { - return ArrayHelper::merge(parent::behaviors(),[]); - } + public function behaviors() + { + return ArrayHelper::merge(parent::behaviors(), [ + 'access' => [ + 'class' => \yii\filters\AccessControl::class, + 'rules' => [ + 'authActions' => [ + 'allow' => true, + 'actions' => ['index', 'view'], + 'roles' => ['@'], + 'matchCallback' => function () { + return \Yii::$app->user->identity->isAdmin; + }, + ], + ], + ], + ]); + } - /** - * Lists all Challenge models. - * @return mixed - */ - public function actionIndex() - { - $searchModel=new ChallengeSearch(); - $dataProvider=$searchModel->search(Yii::$app->request->queryParams); - - return $this->render('index', [ - 'searchModel' => $searchModel, - 'dataProvider' => $dataProvider, - ]); - } + /** + * Lists all Challenge models. + * @return mixed + */ + public function actionIndex() + { + $searchModel = new ChallengeSearch(); + $dataProvider = $searchModel->search(Yii::$app->request->queryParams); - /** - * Displays a single Challenge model. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionView($id) - { - $query=Question::find()->joinWith('challenge'); - - $query->select('question.*,(SELECT COUNT(question_id) FROM player_question WHERE question.id=player_question.question_id) as answered'); - // add conditions that should always apply here - - $dataProvider=new ActiveDataProvider([ - 'query' => $query, - ]); - $query->andFilterWhere([ - 'question.challenge_id' => $id, - ]); - - $dataProvider->setSort([ - 'defaultOrder' => ['weight' => SORT_ASC,'id'=>SORT_ASC], - 'attributes' => array_merge( - $dataProvider->getSort()->attributes, - [ - 'challengename' => [ - 'asc' => ['challengename' => SORT_ASC], - 'desc' => ['challengename' => SORT_DESC], - ], - 'answered' => [ - 'asc' => ['answered' => SORT_ASC], - 'desc' => ['answered' => SORT_DESC], - ], - ] - ), - ]); - - return $this->render('view', [ - 'model' => $this->findModel($id), - 'questionProvider'=>$dataProvider, - ]); - } + return $this->render('index', [ + 'searchModel' => $searchModel, + 'dataProvider' => $dataProvider, + ]); + } - /** - * Creates a new Challenge model. - * If creation is successful, the browser will be redirected to the 'view' page. - * @return mixed - */ - public function actionCreate() - { - $model=new Challenge(); - - if($model->load(Yii::$app->request->post()) && $model->save()) - { - $model->file=UploadedFile::getInstance($model, 'file'); - try - { - if($model->file) - { - if(trim($model->filename)==='') - { - $model->filename=$model->id; - $model->updateAttributes(['filename'=>$model->id]); - } - $model->file->saveAs(Yii::getAlias(Yii::$app->sys->challenge_home).'/'.$model->filename); - } - Yii::$app->session->addFlash('success', Yii::t('app','Challenge [{name}] created',['name'=>Html::encode($model->name)])); - Yii::$app->session->addFlash('warning', Yii::t('app','Don\'t forget to create a question for the challenge.')); - } - catch(\Exception $e) - { - Yii::$app->session->setFlash('error', Yii::t('app','Failed to create challenge [{name}]',['name'=>Html::encode($model->name)])); - } - return $this->redirect(['view', 'id' => $model->id]); - } + /** + * Displays a single Challenge model. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionView($id) + { + $query = Question::find()->joinWith('challenge'); + + $query->select('question.*,(SELECT COUNT(question_id) FROM player_question WHERE question.id=player_question.question_id) as answered'); + // add conditions that should always apply here + + $dataProvider = new ActiveDataProvider([ + 'query' => $query, + ]); + $query->andFilterWhere([ + 'question.challenge_id' => $id, + ]); + + $dataProvider->setSort([ + 'defaultOrder' => ['weight' => SORT_ASC, 'id' => SORT_ASC], + 'attributes' => array_merge( + $dataProvider->getSort()->attributes, + [ + 'challengename' => [ + 'asc' => ['challengename' => SORT_ASC], + 'desc' => ['challengename' => SORT_DESC], + ], + 'answered' => [ + 'asc' => ['answered' => SORT_ASC], + 'desc' => ['answered' => SORT_DESC], + ], + ] + ), + ]); + + return $this->render('view', [ + 'model' => $this->findModel($id), + 'questionProvider' => $dataProvider, + ]); + } - return $this->render('create', [ - 'model' => $model, - ]); + /** + * Creates a new Challenge model. + * If creation is successful, the browser will be redirected to the 'view' page. + * @return mixed + */ + public function actionCreate() + { + $model = new Challenge(); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + $model->file = UploadedFile::getInstance($model, 'file'); + try { + if ($model->file) { + if (trim($model->filename) === '') { + $model->filename = $model->id; + $model->updateAttributes(['filename' => $model->id]); + } + $model->file->saveAs(Yii::getAlias(Yii::$app->sys->challenge_home) . '/' . $model->filename); + } + Yii::$app->session->addFlash('success', Yii::t('app', 'Challenge [{name}] created', ['name' => Html::encode($model->name)])); + Yii::$app->session->addFlash('warning', Yii::t('app', 'Don\'t forget to create a question for the challenge.')); + } catch (\Exception $e) { + Yii::$app->session->setFlash('error', Yii::t('app', 'Failed to create challenge [{name}]', ['name' => Html::encode($model->name)])); + } + return $this->redirect(['view', 'id' => $model->id]); } - /** - * Updates an existing Challenge model. - * If update is successful, the browser will be redirected to the 'view' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionUpdate($id) - { - $model=$this->findModel($id); - - if($model->load(Yii::$app->request->post()) && $model->save()) - { - $model->file=UploadedFile::getInstance($model, 'file'); - if($model->file !== null) - { - if(trim($model->filename)==='') - { - $model->filename=$model->id; - $model->updateAttributes(['filename'=>$model->id]); - } - $model->file->saveAs(Yii::getAlias(Yii::$app->sys->challenge_home).'/'.$model->filename); - } - Yii::$app->session->addFlash('success', Yii::t('app','Challenge [{name}] updated',['name'=>Html::encode($model->name)])); - return $this->redirect(['view', 'id' => $model->id]); - } + return $this->render('create', [ + 'model' => $model, + ]); + } - return $this->render('update', [ - 'model' => $model, - ]); + /** + * Updates an existing Challenge model. + * If update is successful, the browser will be redirected to the 'view' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionUpdate($id) + { + $model = $this->findModel($id); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + $model->file = UploadedFile::getInstance($model, 'file'); + if ($model->file !== null) { + if (trim($model->filename) === '') { + $model->filename = $model->id; + $model->updateAttributes(['filename' => $model->id]); + } + $model->file->saveAs(Yii::getAlias(Yii::$app->sys->challenge_home) . '/' . $model->filename); + } + Yii::$app->session->addFlash('success', Yii::t('app', 'Challenge [{name}] updated', ['name' => Html::encode($model->name)])); + return $this->redirect(['view', 'id' => $model->id]); } - /** - * Deletes an existing Challenge model. - * If deletion is successful, the browser will be redirected to the 'index' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionDelete($id) - { - $this->findModel($id)->delete(); - - return $this->redirect(['index']); - } + return $this->render('update', [ + 'model' => $model, + ]); + } - /** - * Finds the Challenge model based on its primary key value. - * If the model is not found, a 404 HTTP exception will be thrown. - * @param integer $id - * @return Challenge the loaded model - * @throws NotFoundHttpException if the model cannot be found - */ - protected function findModel($id) - { - if(($model=Challenge::findOne($id)) !== null) - { - return $model; - } + /** + * Deletes an existing Challenge model. + * If deletion is successful, the browser will be redirected to the 'index' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionDelete($id) + { + $this->findModel($id)->delete(); + + return $this->redirect(['index']); + } - throw new NotFoundHttpException(Yii::t('app','The requested page does not exist.')); + /** + * Finds the Challenge model based on its primary key value. + * If the model is not found, a 404 HTTP exception will be thrown. + * @param integer $id + * @return Challenge the loaded model + * @throws NotFoundHttpException if the model cannot be found + */ + protected function findModel($id) + { + if (($model = Challenge::findOne($id)) !== null) { + return $model; } + + throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.')); + } } diff --git a/backend/modules/gameplay/controllers/QuestionController.php b/backend/modules/gameplay/controllers/QuestionController.php index d02804c92..83a49e414 100644 --- a/backend/modules/gameplay/controllers/QuestionController.php +++ b/backend/modules/gameplay/controllers/QuestionController.php @@ -17,113 +17,124 @@ class QuestionController extends \app\components\BaseController /** * {@inheritdoc} */ - public function behaviors() - { - return ArrayHelper::merge(parent::behaviors(),[]); - } + public function behaviors() + { + return ArrayHelper::merge(parent::behaviors(), [ + 'access' => [ + 'class' => \yii\filters\AccessControl::class, + 'rules' => [ + 'authActions' => [ + 'allow' => true, + 'actions' => ['index', 'view'], + 'roles' => ['@'], + 'matchCallback' => function () { + return \Yii::$app->user->identity->isAdmin; + }, + ], + ], + ], + + ]); + } - /** - * Lists all Question models. - * @return mixed - */ - public function actionIndex() - { - $searchModel=new QuestionSearch(); - $dataProvider=$searchModel->search(Yii::$app->request->queryParams); - - return $this->render('index', [ - 'searchModel' => $searchModel, - 'dataProvider' => $dataProvider, - ]); - } + /** + * Lists all Question models. + * @return mixed + */ + public function actionIndex() + { + $searchModel = new QuestionSearch(); + $dataProvider = $searchModel->search(Yii::$app->request->queryParams); - /** - * Displays a single Question model. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionView($id) - { - return $this->render('view', [ - 'model' => $this->findModel($id), - ]); - } + return $this->render('index', [ + 'searchModel' => $searchModel, + 'dataProvider' => $dataProvider, + ]); + } - /** - * Creates a new Question model. - * If creation is successful, the browser will be redirected to the 'view' page. - * @return mixed - */ - public function actionCreate() - { - $model=new Question(); - if(\app\modules\gameplay\models\Challenge::find()->count() == 0) - { - // If there are no player redirect to create player page - Yii::$app->session->setFlash('warning', Yii::t('app',"No Challenges found create one first.")); - return $this->redirect(['/frontend/challenge/create']); - } - - if($model->load(Yii::$app->request->post()) && $model->save()) - { - return $this->redirect(['view', 'id' => $model->id]); - } - - return $this->render('create', [ - 'model' => $model, - ]); + /** + * Displays a single Question model. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionView($id) + { + return $this->render('view', [ + 'model' => $this->findModel($id), + ]); + } + + /** + * Creates a new Question model. + * If creation is successful, the browser will be redirected to the 'view' page. + * @return mixed + */ + public function actionCreate() + { + $model = new Question(); + if (\app\modules\gameplay\models\Challenge::find()->count() == 0) { + // If there are no player redirect to create player page + Yii::$app->session->setFlash('warning', Yii::t('app', "No Challenges found create one first.")); + return $this->redirect(['/frontend/challenge/create']); } - /** - * Updates an existing Question model. - * If update is successful, the browser will be redirected to the 'view' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionUpdate($id) - { - $model=$this->findModel($id); - - if($model->load(Yii::$app->request->post()) && $model->save()) - { - return $this->redirect(['view', 'id' => $model->id]); - } - - return $this->render('update', [ - 'model' => $model, - ]); + if ($model->load(Yii::$app->request->post()) && $model->save()) { + return $this->redirect(['view', 'id' => $model->id]); } - /** - * Deletes an existing Question model. - * If deletion is successful, the browser will be redirected to the 'index' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ - public function actionDelete($id) - { - $this->findModel($id)->delete(); - - return $this->redirect(['index']); + return $this->render('create', [ + 'model' => $model, + ]); + } + + /** + * Updates an existing Question model. + * If update is successful, the browser will be redirected to the 'view' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionUpdate($id) + { + $model = $this->findModel($id); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + return $this->redirect(['view', 'id' => $model->id]); } - /** - * Finds the Question model based on its primary key value. - * If the model is not found, a 404 HTTP exception will be thrown. - * @param integer $id - * @return Question the loaded model - * @throws NotFoundHttpException if the model cannot be found - */ - protected function findModel($id) - { - if(($model=Question::findOne($id)) !== null) - { - return $model; - } - - throw new NotFoundHttpException(Yii::t('app','The requested page does not exist.')); + return $this->render('update', [ + 'model' => $model, + ]); + } + + /** + * Deletes an existing Question model. + * If deletion is successful, the browser will be redirected to the 'index' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ + public function actionDelete($id) + { + $this->findModel($id)->delete(); + + return $this->redirect(['index']); + } + + /** + * Finds the Question model based on its primary key value. + * If the model is not found, a 404 HTTP exception will be thrown. + * @param integer $id + * @return Question the loaded model + * @throws NotFoundHttpException if the model cannot be found + */ + protected function findModel($id) + { + if (($model = Question::findOne($id)) !== null) { + return $model; } + + throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.')); + } } diff --git a/backend/modules/gameplay/controllers/TreasureController.php b/backend/modules/gameplay/controllers/TreasureController.php index 8b25e255a..9937f722e 100644 --- a/backend/modules/gameplay/controllers/TreasureController.php +++ b/backend/modules/gameplay/controllers/TreasureController.php @@ -19,7 +19,21 @@ class TreasureController extends \app\components\BaseController */ public function behaviors() { - return ArrayHelper::merge(parent::behaviors(), []); + return ArrayHelper::merge(parent::behaviors(), [ + 'access' => [ + 'class' => \yii\filters\AccessControl::class, + 'rules' => [ + 'authActions' => [ + 'allow' => true, + 'actions' => ['index', 'view'], + 'roles' => ['@'], + 'matchCallback' => function () { + return \Yii::$app->user->identity->isAdmin; + }, + ], + ], + ], + ]); } /** @@ -47,7 +61,7 @@ public function actionValidate() if ($string !== "") { $secretKey = Yii::$app->sys->treasure_secret_key; $results = Yii::$app->db->createCommand("select treasure.id,player.id as player_id from treasure,player where md5(HEX(AES_ENCRYPT(CONCAT(code, player.id), :secretKey))) LIKE :code", [':secretKey' => $secretKey, ':code' => $string])->queryOne(); - if ($results === [] || $results===false) { + if ($results === [] || $results === false) { Yii::$app->session->setFlash('warning', Yii::t('app', "Code not found.")); } else { $player = \app\modules\frontend\models\Player::findOne($results['player_id']); @@ -56,21 +70,18 @@ public function actionValidate() 'username' => $player->username, 'actions' => false ]); - if($player->teamPlayer!==NULL) - { - $msg = sprintf('Code belongs to player [%s] from team [%s] for target %s and treasure %s', $profileLink,$player->teamPlayer->team->name, $treasure->target->name, $treasure->name); - } - else - { + if ($player->teamPlayer !== NULL) { + $msg = sprintf('Code belongs to player [%s] from team [%s] for target %s and treasure %s', $profileLink, $player->teamPlayer->team->name, $treasure->target->name, $treasure->name); + } else { $msg = sprintf('Code belongs to player [%s] for target %s and treasure %s', $profileLink, $treasure->target->name, $treasure->name); } Yii::$app->session->setFlash('success', $msg); - $string=''; + $string = ''; } } - return $this->render('validate',['code'=>$string]); + return $this->render('validate', ['code' => $string]); } /** diff --git a/backend/modules/infrastructure/views/target-instance/view.php b/backend/modules/infrastructure/views/target-instance/view.php index 1a6c5f3ae..92ebc9210 100644 --- a/backend/modules/infrastructure/views/target-instance/view.php +++ b/backend/modules/infrastructure/views/target-instance/view.php @@ -66,7 +66,7 @@ 'team_allowed:boolean', [ 'label' => 'encrypted flags', - 'visible'=>$model->target->dynamic_treasures, + 'visible'=>$model->target->dynamic_treasures && \Yii::$app->user->identity->isAdmin, 'format' => 'raw', 'value' => function ($model) { $lines=[]; From e361b8bc4119cce9c94f18f5fa5be26663a27bdf Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sat, 24 Jan 2026 23:57:21 +0200 Subject: [PATCH 41/71] fix teaminvite record and log errors --- backend/modules/frontend/models/Player.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/modules/frontend/models/Player.php b/backend/modules/frontend/models/Player.php index 346eb72d3..60782458f 100644 --- a/backend/modules/frontend/models/Player.php +++ b/backend/modules/frontend/models/Player.php @@ -146,9 +146,11 @@ public function createTeam($team_name, $approved) if (!$tp->save()) echo Yii::t('app', "Error saving team player\n"); - $ti = new \app\modules\frontend\models\TeamInvite(['team_id' => $tp->id, 'token' => Yii::$app->security->generateRandomString(8)]); - if (!$ti->save()) + $ti = new \app\modules\frontend\models\TeamInvite(['team_id' => $team->id, 'token' => Yii::$app->security->generateRandomString(8)]); + if (!$ti->save()) { echo Yii::t('app', "Error saving team invite\n"); + Yii::error($ti->getErrorSummary(true)); + } } /** From 984a0b5179b47a7322ba179064f104f43b6e3f5b Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sat, 24 Jan 2026 23:57:51 +0200 Subject: [PATCH 42/71] make a distinction when actions i needed and not --- backend/modules/frontend/views/player/index.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/backend/modules/frontend/views/player/index.php b/backend/modules/frontend/views/player/index.php index 8b684d02c..e829a48e4 100644 --- a/backend/modules/frontend/views/player/index.php +++ b/backend/modules/frontend/views/player/index.php @@ -112,9 +112,12 @@ [ 'attribute' => 'approval', 'filter' => $searchModel::APPROVAL, + 'format'=>'html', 'visible' => Yii::$app->sys->player_require_approval === true, 'value' => function ($model) { - return $model::APPROVAL[$model->approval]; + if($model->status===10) + return "(".$model::APPROVAL[$model->approval].")"; + return "".$model::APPROVAL[$model->approval].""; } ], @@ -157,7 +160,7 @@ return false; }, 'mail' => function ($model) { - if ($model->status == 10 || $model->approval == 0) return false; + if ($model->status == 10 || $model->status == 0 || $model->approval == 0 || $model->status) return false; return true; }, 'delete' => function ($model) { From 6941afb78924fa34494196539c5d9ffc614ea706 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 11:41:18 +0200 Subject: [PATCH 43/71] throw error when we try to mail a user without token --- .../frontend/actions/player/MailAction.php | 61 +++++++++---------- 1 file changed, 28 insertions(+), 33 deletions(-) diff --git a/backend/modules/frontend/actions/player/MailAction.php b/backend/modules/frontend/actions/player/MailAction.php index e9c5e9901..3b5de091d 100644 --- a/backend/modules/frontend/actions/player/MailAction.php +++ b/backend/modules/frontend/actions/player/MailAction.php @@ -10,6 +10,7 @@ use app\modules\frontend\models\PlayerSsl; use app\modules\frontend\models\PlayerSearch; use app\modules\settings\models\Sysconfig; +use yii\base\UserException; use yii\helpers\Html; class MailAction extends \yii\base\Action @@ -22,27 +23,17 @@ public function run(int $id, $baseURL = "https://echoctf.red/activate/") { // Get innactive players $player = $this->controller->findModel($id); - if ($player->status == 10) - { + if ($player->status == 10) { \Yii::$app->getSession()->setFlash('warning', Yii::t('app', 'Player already active skipping mail.')); - } - elseif ($player->status == 9) - { - if (\Yii::$app->sys->player_require_approval === true && $player->approval > 0 && $player->approval <= 2) - { + } elseif ($player->status == 9) { + if (\Yii::$app->sys->player_require_approval === true && $player->approval > 0 && $player->approval <= 2) { $this->approvalMail($player); - } - elseif (\Yii::$app->sys->player_require_approval === true && $player->approval > 2 && $player->approval <= 4) - { + } elseif (\Yii::$app->sys->player_require_approval === true && $player->approval > 2 && $player->approval <= 4) { $this->rejectionMail($player); - } - elseif (\Yii::$app->sys->player_require_approval !== true) - { + } elseif (\Yii::$app->sys->player_require_approval !== true) { $this->verificationMail($player); } - } - elseif ($player->status == 0) - { + } elseif ($player->status == 0) { $this->rejectionMail($player); } @@ -60,12 +51,11 @@ public function run(int $id, $baseURL = "https://echoctf.red/activate/") private function rejectionMail($player) { try { - $emailtpl=\app\modules\content\models\EmailTemplate::findOne(['name' => 'rejectVerify']); + $emailtpl = \app\modules\content\models\EmailTemplate::findOne(['name' => 'rejectVerify']); $contentHtml = $this->controller->renderPhpContent("?>" . $emailtpl->html, ['user' => $player]); $contentTxt = $this->controller->renderPhpContent("?>" . $emailtpl->txt, ['user' => $player]); - $subject=Yii::t('app', '{event_name} Account rejected', ['event_name' => trim(Yii::$app->sys->event_name)]); - if(!$player->mail($subject,$contentHtml,$contentTxt)) - { + $subject = Yii::t('app', '{event_name} Account rejected', ['event_name' => trim(Yii::$app->sys->event_name)]); + if (!$player->mail($subject, $contentHtml, $contentTxt)) { throw new \Exception('Could not send mail'); } @@ -85,15 +75,18 @@ private function rejectionMail($player) */ private function approvalMail($player) { + if ($player->verification_token == null) { + throw new UserException("The user has no token to mail"); + } + try { $activationURL = sprintf("https://%s/verify-email?token=%s", \Yii::$app->sys->offense_domain, $player->verification_token); - $emailtpl=\app\modules\content\models\EmailTemplate::findOne(['name' => 'emailVerify']); - $contentHtml = $this->controller->renderPhpContent("?>" . $emailtpl->html, ['user' => $player,'verifyLink'=>$activationURL]); - $contentTxt = $this->controller->renderPhpContent("?>" . $emailtpl->txt, ['user' => $player,'verifyLink'=>$activationURL]); - $subject=Yii::t('app', '{event_name} Account approved', ['event_name' => trim(Yii::$app->sys->event_name)]); + $emailtpl = \app\modules\content\models\EmailTemplate::findOne(['name' => 'emailVerify']); + $contentHtml = $this->controller->renderPhpContent("?>" . $emailtpl->html, ['user' => $player, 'verifyLink' => $activationURL]); + $contentTxt = $this->controller->renderPhpContent("?>" . $emailtpl->txt, ['user' => $player, 'verifyLink' => $activationURL]); + $subject = Yii::t('app', '{event_name} Account approved', ['event_name' => trim(Yii::$app->sys->event_name)]); - if(!$player->mail($subject,$contentHtml,$contentTxt)) - { + if (!$player->mail($subject, $contentHtml, $contentTxt)) { return; } @@ -112,15 +105,18 @@ private function approvalMail($player) */ private function verificationMail($player) { + if ($player->verification_token == null) { + throw new UserException("The user has no token to mail"); + } + try { $activationURL = sprintf("https://%s/verify-email?token=%s", \Yii::$app->sys->offense_domain, $player->verification_token); - $emailtpl=\app\modules\content\models\EmailTemplate::findOne(['name' => 'emailVerify']); - $contentHtml = $this->controller->renderPhpContent("?>" . $emailtpl->html, ['user' => $player,'verifyLink'=>$activationURL]); - $contentTxt = $this->controller->renderPhpContent("?>" . $emailtpl->txt, ['user' => $player,'verifyLink'=>$activationURL]); - $subject=Yii::t('app', 'Account registration for {event_name}', ['event_name' => trim(Yii::$app->sys->event_name)]); + $emailtpl = \app\modules\content\models\EmailTemplate::findOne(['name' => 'emailVerify']); + $contentHtml = $this->controller->renderPhpContent("?>" . $emailtpl->html, ['user' => $player, 'verifyLink' => $activationURL]); + $contentTxt = $this->controller->renderPhpContent("?>" . $emailtpl->txt, ['user' => $player, 'verifyLink' => $activationURL]); + $subject = Yii::t('app', 'Account registration for {event_name}', ['event_name' => trim(Yii::$app->sys->event_name)]); - if(!$player->mail($subject,$contentHtml,$contentTxt)) - { + if (!$player->mail($subject, $contentHtml, $contentTxt)) { throw new \Exception('Could not send mail'); } @@ -129,5 +125,4 @@ private function verificationMail($player) \Yii::$app->getSession()->setFlash('error', Yii::t('app', 'Failed to mail player. {exception}', ['exception' => Html::encode($e->getMessage())])); } } - } From af2997d2637290c6078ea5f3d8050c2691045131 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 11:42:00 +0200 Subject: [PATCH 44/71] drop tad_player_token we only need tai/tau --- ...p_trigger_after_delete_on_player_token.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 backend/migrations/m260125_090222_drop_trigger_after_delete_on_player_token.php diff --git a/backend/migrations/m260125_090222_drop_trigger_after_delete_on_player_token.php b/backend/migrations/m260125_090222_drop_trigger_after_delete_on_player_token.php new file mode 100644 index 000000000..fec468b4b --- /dev/null +++ b/backend/migrations/m260125_090222_drop_trigger_after_delete_on_player_token.php @@ -0,0 +1,19 @@ +db->createCommand($this->DROP_SQL)->execute(); + } + + public function down() + { + $this->db->createCommand($this->DROP_SQL)->execute(); + } +} \ No newline at end of file From e1b223b321caf9465a6f50e66b93be44a4efe1a3 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 11:43:06 +0200 Subject: [PATCH 45/71] disable pagination for mass mails and include filter of emailToken --- .../frontend/controllers/PlayerController.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/backend/modules/frontend/controllers/PlayerController.php b/backend/modules/frontend/controllers/PlayerController.php index 34a4ab359..0f4ba589a 100644 --- a/backend/modules/frontend/controllers/PlayerController.php +++ b/backend/modules/frontend/controllers/PlayerController.php @@ -32,7 +32,7 @@ public function behaviors() 'class' => \yii\filters\AccessControl::class, 'rules' => [ '00filtered-actions' => [ - 'actions' => ['mail', 'approve', 'reject', 'export','notify','set-deleted','disconnect-vpn','generate-ssl','ajax-search'], + 'actions' => ['mail', 'approve', 'reject', 'export', 'notify', 'set-deleted', 'disconnect-vpn', 'generate-ssl', 'ajax-search'], 'allow' => true, 'roles' => ['@'], ] @@ -616,11 +616,13 @@ public function actionMailFiltered() { $searchModel = new PlayerSearch(); $query = $searchModel->search(['PlayerSearch' => Yii::$app->request->post()]); + $query->query->innerJoinWith('emailToken', false); + $query->query->andFilterWhere(['IS NOT', 'emailToken.token', NULL]); $query->query->andFilterWhere([ 'player.approval' => [1, 3], ]); - //$query->pagination = false; - $query->pagination = ['pageSize' => 5]; + $query->pagination = false; + //$query->pagination = ['pageSize' => 5]; if (intval($query->count) === intval(Player::find()->count())) { Yii::$app->session->setFlash('error', Yii::t('app', 'You have attempted to mail all the players.')); return $this->redirect(['index']); @@ -708,7 +710,7 @@ public function actionAjaxSearch($term, $load = false, $active = null, $status = function ($model) { return [ 'id' => $model->id, - 'pid'=>$model->profile->id, + 'pid' => $model->profile->id, 'label' => sprintf("(id: %d / pid: %d) %s <%s>%s", $model->id, $model->profile->id, $model->username, $model->email, $model->status === 10 ? '' : ' (innactive)'), ]; } @@ -748,7 +750,7 @@ public function actionNotify($id) private function notifyLogic($player, $notificationModel, $ovpn = false, $online = false) { - if ($ovpn && $player->playerLast->vpn_local_address===null) + if ($ovpn && $player->playerLast->vpn_local_address === null) return null; if ($online && !boolval($player->online)) return null; From 1a14e1f78f226660ca02b94c4dc53705042302ff Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 11:44:29 +0200 Subject: [PATCH 46/71] give alias to the relations we have at least 3 relations on the same table depending on the type and we need to make sure we distinguisy between them --- backend/modules/frontend/models/PlayerAR.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/backend/modules/frontend/models/PlayerAR.php b/backend/modules/frontend/models/PlayerAR.php index 878030d40..5675a39f6 100644 --- a/backend/modules/frontend/models/PlayerAR.php +++ b/backend/modules/frontend/models/PlayerAR.php @@ -526,7 +526,22 @@ public function getAuthKey() */ public function getApiToken() { - return $this->hasOne(PlayerToken::class, ['player_id' => 'id'])->andWhere(['type' => 'API']); + return $this->hasOne(PlayerToken::class, ['player_id' => 'id'])->from(['apiToken' => PlayerToken::tableName()])->andWhere(['apiToken.type' => 'API']); } + /** + * @return \yii\db\ActiveQuery + */ + public function getEmailToken() + { + return $this->hasOne(PlayerToken::class, ['player_id' => 'id'])->from(['emailToken' => PlayerToken::tableName()])->andWhere(['emailToken.type' => 'email_verification']); + } + + /** + * @return \yii\db\ActiveQuery + */ + public function getPasswordResetToken() + { + return $this->hasOne(PlayerToken::class, ['player_id' => 'id'])->from(['passwordResetToken' => PlayerToken::tableName()])->andWhere(['passwordResetToken.type' => 'password_reset']); + } } From 81280b173e57c1b546213fa3fd332bf3785dbfd1 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 11:52:04 +0200 Subject: [PATCH 47/71] dont show mail action if the user has no tokens --- backend/modules/frontend/views/player/index.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/modules/frontend/views/player/index.php b/backend/modules/frontend/views/player/index.php index e829a48e4..9238f5ae0 100644 --- a/backend/modules/frontend/views/player/index.php +++ b/backend/modules/frontend/views/player/index.php @@ -22,7 +22,7 @@

'btn btn-success']) ?> 'btn btn-info']) ?> - 'btn','style' => 'background: #4040bf; color: white;',]) ?> + 'btn', 'style' => 'background: #4040bf; color: white;',]) ?> 'btn', 'style' => 'background: #4d246f; color: white;', @@ -45,7 +45,7 @@ 'rowOptions' => function ($model, $key, $index, $grid) { // $model is the current data model being rendered // check your condition in the if like `if($model->hasMedicalRecord())` which could be a method of model class which checks for medical records. - $tmpObj = clone ($model); + $tmpObj = clone($model); $tmpObj->scenario = 'validator'; if (!$tmpObj->validate()) { unset($tmpObj); @@ -112,12 +112,12 @@ [ 'attribute' => 'approval', 'filter' => $searchModel::APPROVAL, - 'format'=>'html', + 'format' => 'html', 'visible' => Yii::$app->sys->player_require_approval === true, 'value' => function ($model) { - if($model->status===10) - return "(".$model::APPROVAL[$model->approval].")"; - return "".$model::APPROVAL[$model->approval].""; + if ($model->status === 10) + return "(" . $model::APPROVAL[$model->approval] . ")"; + return "" . $model::APPROVAL[$model->approval] . ""; } ], @@ -141,7 +141,7 @@ return false; }, 'disconnect-vpn' => function ($model) { - if ($model->last->vpn_local_address !== null && $model->disconnectQueue===null) return true; + if ($model->last->vpn_local_address !== null && $model->disconnectQueue === null) return true; return false; }, 'view' => function ($model) { @@ -160,7 +160,7 @@ return false; }, 'mail' => function ($model) { - if ($model->status == 10 || $model->status == 0 || $model->approval == 0 || $model->status) return false; + if ($model->status == 10 || $model->status == 0 || $model->approval == 0 || ( $model->emailToken == null && $model->passwordResetToken == null)) return false; return true; }, 'delete' => function ($model) { From ffed90e85e42473c311c58030e94a4f012c19f9b Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:54:37 +0200 Subject: [PATCH 48/71] only admins should see metadata --- .../controllers/TargetMetadataController.php | 134 ++++++++++-------- 1 file changed, 74 insertions(+), 60 deletions(-) diff --git a/backend/modules/infrastructure/controllers/TargetMetadataController.php b/backend/modules/infrastructure/controllers/TargetMetadataController.php index 25f062ab9..a7ee6c011 100644 --- a/backend/modules/infrastructure/controllers/TargetMetadataController.php +++ b/backend/modules/infrastructure/controllers/TargetMetadataController.php @@ -19,102 +19,116 @@ class TargetMetadataController extends \app\components\BaseController */ public function behaviors() { - return ArrayHelper::merge(parent::behaviors(), []); + return ArrayHelper::merge(parent::behaviors(), [ + 'access' => [ + 'class' => \yii\filters\AccessControl::class, + 'rules' => [ + 'authActions' => [ + 'allow' => true, + 'actions' => ['index', 'view'], + 'roles' => ['@'], + 'matchCallback' => function () { + return \Yii::$app->user->identity->isAdmin; + }, + ], + ], + ], + ]); } - /** - * Lists all TargetMetadata models. - * @return mixed - */ + /** + * Lists all TargetMetadata models. + * @return mixed + */ public function actionIndex() { - $searchModel = new TargetMetadataSearch(); - $dataProvider = $searchModel->search(Yii::$app->request->queryParams); + $searchModel = new TargetMetadataSearch(); + $dataProvider = $searchModel->search(Yii::$app->request->queryParams); - return $this->render('index', [ - 'searchModel' => $searchModel, - 'dataProvider' => $dataProvider, - ]); + return $this->render('index', [ + 'searchModel' => $searchModel, + 'dataProvider' => $dataProvider, + ]); } - /** - * Displays a single TargetMetadata model. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ + /** + * Displays a single TargetMetadata model. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ public function actionView($id) { - return $this->render('view', [ - 'model' => $this->findModel($id), - ]); + return $this->render('view', [ + 'model' => $this->findModel($id), + ]); } - /** - * Creates a new TargetMetadata model. - * If creation is successful, the browser will be redirected to the 'view' page. - * @return mixed - */ + /** + * Creates a new TargetMetadata model. + * If creation is successful, the browser will be redirected to the 'view' page. + * @return mixed + */ public function actionCreate() { - $model = new TargetMetadata(); + $model = new TargetMetadata(); if ($model->load(Yii::$app->request->post()) && $model->save()) { - return $this->redirect(['view', 'id' => $model->target_id]); + return $this->redirect(['view', 'id' => $model->target_id]); } - return $this->render('create', [ - 'model' => $model, - ]); + return $this->render('create', [ + 'model' => $model, + ]); } - /** - * Updates an existing TargetMetadata model. - * If update is successful, the browser will be redirected to the 'view' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ + /** + * Updates an existing TargetMetadata model. + * If update is successful, the browser will be redirected to the 'view' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ public function actionUpdate($id) { - $model = $this->findModel($id); + $model = $this->findModel($id); if ($model->load(Yii::$app->request->post()) && $model->save()) { - return $this->redirect(['view', 'id' => $model->target_id]); + return $this->redirect(['view', 'id' => $model->target_id]); } - return $this->render('update', [ - 'model' => $model, - ]); + return $this->render('update', [ + 'model' => $model, + ]); } - /** - * Deletes an existing TargetMetadata model. - * If deletion is successful, the browser will be redirected to the 'index' page. - * @param integer $id - * @return mixed - * @throws NotFoundHttpException if the model cannot be found - */ + /** + * Deletes an existing TargetMetadata model. + * If deletion is successful, the browser will be redirected to the 'index' page. + * @param integer $id + * @return mixed + * @throws NotFoundHttpException if the model cannot be found + */ public function actionDelete($id) { - $this->findModel($id)->delete(); + $this->findModel($id)->delete(); - return $this->redirect(['index']); + return $this->redirect(['index']); } - /** - * Finds the TargetMetadata model based on its primary key value. - * If the model is not found, a 404 HTTP exception will be thrown. - * @param integer $id - * @return TargetMetadata the loaded model - * @throws NotFoundHttpException if the model cannot be found - */ + /** + * Finds the TargetMetadata model based on its primary key value. + * If the model is not found, a 404 HTTP exception will be thrown. + * @param integer $id + * @return TargetMetadata the loaded model + * @throws NotFoundHttpException if the model cannot be found + */ protected function findModel($id) { if (($model = TargetMetadata::findOne($id)) !== null) { - return $model; + return $model; } - throw new NotFoundHttpException('The requested page does not exist.'); + throw new NotFoundHttpException('The requested page does not exist.'); } } From 6dc06941b46db6275ac7963766f1a3707c2762b0 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:55:37 +0200 Subject: [PATCH 49/71] touch /tmp/event_finished at the end --- backend/modules/settings/models/Sysconfig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/modules/settings/models/Sysconfig.php b/backend/modules/settings/models/Sysconfig.php index 7d01d8555..308121e49 100644 --- a/backend/modules/settings/models/Sysconfig.php +++ b/backend/modules/settings/models/Sysconfig.php @@ -70,7 +70,7 @@ public function beforeSave($insert) $Q = sprintf("DROP EVENT IF EXISTS event_end_notification"); \Yii::$app->db->createCommand($Q)->execute(); if (!empty($this->val)) { - $Q = sprintf("CREATE EVENT event_end_notification ON SCHEDULE AT '%s' DO INSERT INTO `notification`(player_id,category,title,body,archived) SELECT id,'swal:info',memc_get('sysconfig:event_end_notification_title'),memc_get('sysconfig:event_end_notification_body'),0 FROM player WHERE status=10", $this->val); + $Q = sprintf("CREATE EVENT event_end_notification ON SCHEDULE AT '%s' DO BEGIN INSERT INTO `notification`(player_id,category,title,body,archived) SELECT id,'swal:info',memc_get('sysconfig:event_end_notification_title'),memc_get('sysconfig:event_end_notification_body'),0 FROM player WHERE status=10; DO memc_set('event_finished',1); SELECT 1 INTO OUTFILE '/tmp/event_finished';END", $this->val); \Yii::$app->db->createCommand($Q)->execute(); $this->val = strtotime($this->val); } else { From 2b7edbf3eb31849b2bba069cecec7969aa0fe5bc Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:56:36 +0200 Subject: [PATCH 50/71] missing teamNetworks --- .../team/controllers/DefaultController.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/frontend/modules/team/controllers/DefaultController.php b/frontend/modules/team/controllers/DefaultController.php index d64f9b9b4..d2d3df3f0 100644 --- a/frontend/modules/team/controllers/DefaultController.php +++ b/frontend/modules/team/controllers/DefaultController.php @@ -221,7 +221,6 @@ public function actionView($token) 'pageSize' => 10, ] ]); - return $this->render('view', [ 'team' => $model, 'teamInstanceProvider' => $teamInstanceProvider, @@ -264,6 +263,17 @@ public function actionMine() ] ]); + $teamNetworks = \app\modules\network\models\PrivateNetwork::find()->forTeam(\Yii::$app->user->identity->team->id); + $teamNetworksProvider = new ActiveDataProvider([ + 'query' => $teamNetworks, + 'pagination' => [ + 'pageSizeParam' => 'networks-perpage', + 'pageParam' => 'networks-page', + 'pageSize' => 5, + ], + 'sort' => ['defaultOrder' => ['name' => SORT_ASC]], + ]); + $stream = \app\models\Stream::find()->select('stream.*,TS_AGO(ts) as ts_ago') ->where(['stream.player_id' => $teamPlayers]) ->orderBy(['ts' => SORT_DESC, 'id' => SORT_DESC]); @@ -314,7 +324,9 @@ public function actionMine() 'teamTargetsProvider' => $targetProgressProvider, 'headshotsProvider' => $headshotsProvider, 'solverProvider' => $solverProvider, - 'team' => Yii::$app->user->identity->team + 'team' => Yii::$app->user->identity->team, + 'networksProvider' => $teamNetworksProvider, + ]); } /** From 0620dacbc58e16d633f26d1c19b8b5d8a7ef9520 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:57:16 +0200 Subject: [PATCH 51/71] use our own formatter for this --- .../target/views/default/_target_metadata.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/frontend/themes/material/modules/target/views/default/_target_metadata.php b/frontend/themes/material/modules/target/views/default/_target_metadata.php index f96d082ec..be722e0a3 100644 --- a/frontend/themes/material/modules/target/views/default/_target_metadata.php +++ b/frontend/themes/material/modules/target/views/default/_target_metadata.php @@ -1,11 +1,11 @@ user->isGuest && $metadata):?> user->identity->isAdmin):?> - scenario)):?>: scenario,'gfm')?>
- instructions)):?>: instructions,'gfm')?>
- solution)):?>: solution,'gfm')?>
+ scenario)):?>: formatter->asMarkdown($metadata->scenario)?>
+ instructions)):?>: formatter->asMarkdown($metadata->instructions)?>
+ solution)):?>: formatter->asMarkdown($metadata->solution)?>
- pre_credits)):?>: pre_credits,'gfm')?>
- pre_exploitation)):?>: pre_exploitation,'gfm')?>
- player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_exploitation)):?>: post_exploitation,'gfm')?>
- player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_credits)):?>: post_credits,'gfm')?>
+ pre_credits)):?>: formatter->asMarkdown($metadata->pre_credits)?>
+ pre_exploitation)):?>: formatter->asMarkdown($metadata->pre_exploitation)?>
+ player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_exploitation)):?>: formatter->asMarkdown($metadata->post_exploitation)?>
+ player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_credits)):?>: formatter->asMarkdown($metadata->post_credits)?>
From 1d68c64a213d3f19a7ead74a26bc30de4f6af5fb Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:58:33 +0200 Subject: [PATCH 52/71] add event shudown script for vpn --- contrib/event_shutdown.sh | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 contrib/event_shutdown.sh diff --git a/contrib/event_shutdown.sh b/contrib/event_shutdown.sh new file mode 100644 index 000000000..6217f0f72 --- /dev/null +++ b/contrib/event_shutdown.sh @@ -0,0 +1,6 @@ +#!/bin/ksh +PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin +rcctl stop openvpn findingsd heartbeatd inetd cron +supervisorctl stop all +backend target/destroy-instances +ifconfig tun0 down From 573920a622f9364645d8cb071f6188eee3ed14f5 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 20:59:29 +0200 Subject: [PATCH 53/71] add shutdown event for vpn --- contrib/findingsd-federated.sql | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/contrib/findingsd-federated.sql b/contrib/findingsd-federated.sql index 7456e9f2a..848499eae 100644 --- a/contrib/findingsd-federated.sql +++ b/contrib/findingsd-federated.sql @@ -143,7 +143,6 @@ CREATE TABLE `private_network_target` ( KEY `idx-private_network_target-target_id` (`target_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci CONNECTION='mysql://{{db_user}}:{{db_pass}}@{{db_host}}:3306/{{db_name}}/private_network_target'; - DROP TABLE IF EXISTS `debuglogs`; CREATE TABLE debuglogs ( id INT AUTO_INCREMENT PRIMARY KEY, @@ -268,3 +267,17 @@ BEGIN END IF; END // + + +DROP EVENT IF EXISTS `event_shutdown` // +CREATE EVENT `event_shutdown` ON SCHEDULE EVERY 5 SECOND STARTS '2020-01-01 00:00:00' ON COMPLETION PRESERVE ENABLE DO +BEGIN + IF (select memc_server_count()<1) THEN + select memc_servers_set('{{db_host}}:{{memc_port|default(11211)}}') INTO @memc_server_set_status; + END IF; + + IF memc_get('event_finished') IS NOT NULL THEN + ALTER EVENT `event_shutdown` DISABLE; + SELECT 1 INTO OUTFILE '/tmp/event_finished'; + END IF; +END // From 03e505985080b02333c51693a7d43d2f3ea8c4a5 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:00:27 +0200 Subject: [PATCH 54/71] perform action on watchdog event --- contrib/watchdog-action.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 contrib/watchdog-action.py diff --git a/contrib/watchdog-action.py b/contrib/watchdog-action.py new file mode 100644 index 000000000..d5eaa9cf5 --- /dev/null +++ b/contrib/watchdog-action.py @@ -0,0 +1,33 @@ +#!/usr/local/bin/python3 +# +# pip install watchdog +import argparse +import os +from watchdog.observers import Observer +from watchdog.events import FileSystemEventHandler + +# CLI arguments +parser = argparse.ArgumentParser() +parser.add_argument("--file_path", required=True, help="Full path to the file to monitor") +parser.add_argument("--action", required=True, help="Full path to the file we will execute") +args = parser.parse_args() + +FULL_PATH = args.file_path +FOLDER = os.path.dirname(FULL_PATH) +TARGET_FILE = os.path.basename(FULL_PATH) +ACTION = args.action + +class Handler(FileSystemEventHandler): + def __init__(self, observer): + self.observer = observer + + def on_created(self, event): + if not event.is_directory and event.src_path == FULL_PATH: + os.system(ACTION) + self.observer.stop() + +observer = Observer() +handler = Handler(observer) +observer.schedule(handler, FOLDER, recursive=False) +observer.start() +observer.join() From 7979e7052053a9a07cee50bc7d5682b0168fcf97 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:01:44 +0200 Subject: [PATCH 55/71] on db broadcast notification on event finish --- contrib/watchdoger.py | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 contrib/watchdoger.py diff --git a/contrib/watchdoger.py b/contrib/watchdoger.py new file mode 100644 index 000000000..38651de7a --- /dev/null +++ b/contrib/watchdoger.py @@ -0,0 +1,46 @@ +#!/usr/local/bin/python3 +# +# pip install watchdog requests +import argparse +import os +import requests +from watchdog.observers import Observer +from watchdog.events import FileSystemEventHandler + +# CLI arguments +parser = argparse.ArgumentParser() +parser.add_argument("--file_path", required=True, help="Full path to the file to monitor") +parser.add_argument("--url", required=True, help="HTTP endpoint URL to POST to") +parser.add_argument("--token", required=True, help="Bearer token for authorization") +args = parser.parse_args() + +FULL_PATH = args.file_path +FOLDER = os.path.dirname(FULL_PATH) +TARGET_FILE = os.path.basename(FULL_PATH) +URL = args.url +BEARER_TOKEN = args.token + +class Handler(FileSystemEventHandler): + def __init__(self, observer): + self.observer = observer + + def on_created(self, event): + if not event.is_directory and event.src_path == FULL_PATH: + response = requests.post( + URL, + headers={ + "Authorization": f"Bearer {BEARER_TOKEN}", + "Content-Type": "application/json" + }, + json={ + "event": "apiNotifications" + } + ) + print(f"Posted {event.src_path}, status: {response.status_code}") + self.observer.stop() # exit after sending + +observer = Observer() +handler = Handler(observer) +observer.schedule(handler, FOLDER, recursive=False) +observer.start() +observer.join() From 0910421d0e9d6ff940d297fa4785854d85a544f8 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:02:06 +0200 Subject: [PATCH 56/71] add a service for watchdoger on db --- ansible/runonce/db.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/runonce/db.yml b/ansible/runonce/db.yml index 3409ab90d..58709d7bd 100755 --- a/ansible/runonce/db.yml +++ b/ansible/runonce/db.yml @@ -411,6 +411,27 @@ group: wheel mode: '0555' + - name: copy watchdoger script + copy: + src: ../../contrib/watchdoger.py + dest: /usr/local/bin/watchdoger + owner: root + group: wheel + mode: '0555' + + - name: Install watchdoger.ini for supervisord + copy: + dest: /etc/supervisord.d/watchdoger.ini + content: | + [program:watchdoger] + user = root + command = /usr/local/bin/watchdoger --file_path /tmp/event_finished --url {{ wsserver.url | default("http://10.7.0.200:8888/broadcast") }} --token {{ wsserver.token | default("server123token") }} + autorestart = false + startretries = 0 + stdout_logfile=/var/log/watchdoger.log + stdout_logfile_maxbytes=0 + redirect_stderr=true + - name: Setting up sysctl.conf sysctl: name: "{{ item.key }}" From 005bdeddc511d10e7687e12ed99554167f239177 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:02:26 +0200 Subject: [PATCH 57/71] start watchdog-action on startup --- ansible/runonce/vpngw.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ansible/runonce/vpngw.yml b/ansible/runonce/vpngw.yml index c59c46cbe..d2c3902ac 100755 --- a/ansible/runonce/vpngw.yml +++ b/ansible/runonce/vpngw.yml @@ -699,6 +699,28 @@ stdout_logfile_maxbytes=0 redirect_stderr=true + - name: copy watchdog-action script + copy: + src: ../../contrib/watchdog-action.py + dest: /usr/local/bin/watchdog-action + owner: root + group: wheel + mode: '0555' + + - name: copy event_shutdown script + copy: + src: ../../contrib/event_shutdown.sh + dest: /usr/local/sbin/event_shutdown + owner: root + group: wheel + mode: '0555' + + - name: Add watchdog-action to rc.local + lineinfile: + path: "/etc/rc.local" + line: "nohup /usr/local/bin/watchdog-action --file_path /tmp/event_finished --action /usr/local/sbin/event_shutdown >/tmp/watchdog.log 2>&1 &" + insertafter: EOF + - name: create user for openvpn up/down scripts mysql_user: name: "openvpn" From 38a9e12324186fc96f5e1d1d5bbdc6de126a5590 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:03:00 +0200 Subject: [PATCH 58/71] remove the trigger from our schema --- schemas/echoCTF-triggers.sql | 9 --------- 1 file changed, 9 deletions(-) diff --git a/schemas/echoCTF-triggers.sql b/schemas/echoCTF-triggers.sql index 6f70a6f55..655d886c6 100644 --- a/schemas/echoCTF-triggers.sql +++ b/schemas/echoCTF-triggers.sql @@ -518,15 +518,6 @@ CREATE TRIGGER `tau_player_token` AFTER UPDATE ON `player_token` FOR EACH ROW END IF; END ;; -DROP TRIGGER IF EXISTS tad_player_token ;; -CREATE TRIGGER `tad_player_token` AFTER DELETE ON `player_token` FOR EACH ROW - thisBegin:BEGIN - IF (@TRIGGER_CHECKS = FALSE) THEN - LEAVE thisBegin; - END IF; - INSERT INTO player_token_history (player_id,`type`,token,description,expires_at,created_at,ts) VALUES (OLD.player_id,OLD.type,OLD.token,OLD.description,OLD.expires_at,OLD.created_at,NOW()); - END ;; - DROP TRIGGER IF EXISTS tbi_player_treasure ;; CREATE TRIGGER `tbi_player_treasure` BEFORE INSERT ON `player_treasure` FOR EACH ROW thisBegin:BEGIN From a1c5002d3f49f1209cb761dbc31de68eda5f954b Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:03:20 +0200 Subject: [PATCH 59/71] update pending notifications status on render --- frontend/widgets/NotificationsWidget.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/frontend/widgets/NotificationsWidget.php b/frontend/widgets/NotificationsWidget.php index d3d351a2b..d1b366d24 100644 --- a/frontend/widgets/NotificationsWidget.php +++ b/frontend/widgets/NotificationsWidget.php @@ -26,8 +26,12 @@ public function run() foreach($notifications as $n) { + if(intval($n->archived)===0) + $n->updateAttributes(['archived' => 1]); + $links[]=Html::a($n->title,'#',['class' => "dropdown-item"]); } + if($notifications==null) $links[]=Html::a('nothing here...','#',['class' => "dropdown-item"]); From 5cc30f8d827ac1fd7fd5f11aacd1fe61da215fc1 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:03:40 +0200 Subject: [PATCH 60/71] dont use location we use it internally --- frontend/modules/target/models/Treasure.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/modules/target/models/Treasure.php b/frontend/modules/target/models/Treasure.php index f58bf6ccd..ccc44983b 100644 --- a/frontend/modules/target/models/Treasure.php +++ b/frontend/modules/target/models/Treasure.php @@ -146,7 +146,7 @@ public function getTarget() */ public function getLocationRedacted() { - return str_replace($this->code,"*REDACTED*",$this->location); + return str_replace($this->code,"*REDACTED*",$this->solution); } public static function find() From f89d975bd7d781dc5f19a061469eaae0d19b81c0 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:03:55 +0200 Subject: [PATCH 61/71] fix some more markdown warnings --- .markdownlint.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 7ace1f4be..6a7d02cde 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -3,4 +3,6 @@ MD012: false MD013: false # Disable required empty line after heading MD022: false -MD033: false \ No newline at end of file +MD033: false +MD040: false +MD043: false \ No newline at end of file From ae4d31ebc00e087bb67ef117500ea1e3aef2f7b8 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Sun, 25 Jan 2026 21:16:44 +0200 Subject: [PATCH 62/71] tester and here --- backend/commands/TesterController.php | 17 ++++- frontend/commands/TesterController.php | 89 +++++++++++++++++++++++++- 2 files changed, 103 insertions(+), 3 deletions(-) mode change 120000 => 100644 frontend/commands/TesterController.php diff --git a/backend/commands/TesterController.php b/backend/commands/TesterController.php index 8f7e288e9..77f0c8bba 100644 --- a/backend/commands/TesterController.php +++ b/backend/commands/TesterController.php @@ -23,8 +23,8 @@ public function actionIndex() echo Table::widget([ 'headers' => ['Action', 'Usage', 'Description'], 'rows' => [ - ['Action' => 'tester/mail', 'Usage' => 'tester/mail email@example.com', 'Description' => 'Send a test mail with the current settings'], -// ['Action' => 'docker', 'Usage' => 'tester/docker nginx:latest', 'Description' => 'Test the a given image to make sure it can be deployed on the configured docker servers of the platform.'], + ['Action' => 'tester/mail', 'Usage' => 'tester/mail email@example.com', 'Description' => 'Send a test mail with the current settings'], + ['Action' => 'tester/ws-notify', 'Usage' => 'tester/ws-notify player', 'Description' => 'Send a test websocket notification to the given player by id'], ], ]); } @@ -72,4 +72,17 @@ public function actionMail($to) $this->stderr("❌ Error: " . $e->getMessage() . "\n"); } } + + public function actionWsNotify($player) + { + $player=\app\modules\frontend\models\Player::findOne($player); + $type = "info"; + $title="title"; + $body="body"; + $cc = true; + $archive = true; + $apiOnly = false; + $player->notify($type, $title, $body, $cc, $archive, $apiOnly = false); + } + } diff --git a/frontend/commands/TesterController.php b/frontend/commands/TesterController.php deleted file mode 120000 index b00eb05cc..000000000 --- a/frontend/commands/TesterController.php +++ /dev/null @@ -1 +0,0 @@ -../../backend/commands/TesterController.php \ No newline at end of file diff --git a/frontend/commands/TesterController.php b/frontend/commands/TesterController.php new file mode 100644 index 000000000..4dc1dbdf3 --- /dev/null +++ b/frontend/commands/TesterController.php @@ -0,0 +1,88 @@ +stdout("*** TESTER COMMAND ***\n"); + + echo Table::widget([ + 'headers' => ['Action', 'Usage', 'Description'], + 'rows' => [ + ['Action' => 'tester/mail', 'Usage' => 'tester/mail email@example.com', 'Description' => 'Send a test mail with the current settings'], + ['Action' => 'tester/ws-notify', 'Usage' => 'tester/ws-notify player', 'Description' => 'Send a test websocket notification to the given player by id'], + ], + ]); + } + + /** + * Test the mailer configuration by sending a test email. + * + * Usage: + * backend tester/mail test@example.com + * + * @param string $to Recipient email + */ + public function actionMail($to) + { + $mailer = Yii::$app->mailer; + try { + + $this->stdout("*** SETTINGS *** \n"); + if (\Yii::$app->sys->mail_useFileTransport) { + $this->stdout("mail_useFileTransport: Yes\n"); + $this->stdout("mails folder: " . @\Yii::getAlias('@app/runtime/mail/') . "\n"); + } + if (\Yii::$app->sys->dsn) $this->stdout("dsn: " . \Yii::$app->sys->dsn . "\n"); + if (\Yii::$app->sys->mail_from) $this->stdout("mail_from: " . \Yii::$app->sys->mail_from . "\n"); + if (\Yii::$app->sys->mail_fromName) $this->stdout("mail_fromName: " . \Yii::$app->sys->mail_fromName . "\n"); + if (\Yii::$app->sys->mail_host) $this->stdout("mail_host: " . \Yii::$app->sys->mail_host . "\n"); + if (\Yii::$app->sys->mail_port) $this->stdout("mail_port: " . \Yii::$app->sys->mail_port . "\n"); + if (\Yii::$app->sys->mail_username) $this->stdout("mail_username: " . \Yii::$app->sys->mail_username . "\n"); + if (\Yii::$app->sys->mail_password) $this->stdout("mail_password: **USED BUT HIDDEN**\n"); + + $result = $mailer->compose() + ->setFrom([\Yii::$app->sys->mail_from => \Yii::$app->sys->mail_fromName]) + ->setTo($to) + ->setSubject('echoCTF Installation Mail Test') + ->setTextBody("This is a test email sent at " . date('Y-m-d H:i:s')) + ->send(); + if ($result) { + $this->stdout("✅ Test email successfully sent to {$to}\n"); + } else { + $this->stderr("❌ Failed to send test email to {$to}\n"); + } + } catch (\Symfony\Component\Mailer\Exception\TransportExceptionInterface $e) { + $this->stderr("❌ Transport error: " . $e->getMessage() . "\n"); + } catch (\Throwable $e) { + $this->stderr("❌ Error: " . $e->getMessage() . "\n"); + } + } + + public function actionWsNotify($player) + { + $player=\app\models\Player::findOne($player); + $type = "info"; + $title="title"; + $body="body"; + $cc = true; + $archive = true; + $apiOnly = false; + $player->notify($type, $title, $body, $cc, $archive, $apiOnly); + } + +} From 28b6b8627423b20a39383fa92dfa94fd91163e99 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:10:57 +0200 Subject: [PATCH 63/71] add publish of target update --- backend/commands/CronController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/backend/commands/CronController.php b/backend/commands/CronController.php index 9c7a1fa31..dda45d3bf 100644 --- a/backend/commands/CronController.php +++ b/backend/commands/CronController.php @@ -293,6 +293,7 @@ public function actionInstances(bool $pfonly = false, int $expired_ago = 2400) } catch (\Throwable $e) { } $dc->pull(); + usleep(100); $dc->spin(); } if (($val->team_allowed === true || \Yii::$app->sys->team_visible_instances === true) && $val->player->teamPlayer && $val->player->teamPlayer->approved === 1) { @@ -336,7 +337,9 @@ public function actionInstances(bool $pfonly = false, int $expired_ago = 2400) \Yii::error($e); } unset($dc); - usleep(100); + usleep(200); + $publisher = new \app\services\ServerPublisher(\Yii::$app->params['serverPublisher']); + $publisher->publish($val->player_id, 'target', ['id' => $val->target_id]); } // end foreach $this->actionInstancePfTables(true); From ea8dc6fc6615d53b3fca1423590e3df132593de5 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:12:12 +0200 Subject: [PATCH 64/71] dont force default value on target_days_updated --- backend/modules/settings/models/ConfigureForm.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/modules/settings/models/ConfigureForm.php b/backend/modules/settings/models/ConfigureForm.php index 8eb273406..58c6ea1f0 100644 --- a/backend/modules/settings/models/ConfigureForm.php +++ b/backend/modules/settings/models/ConfigureForm.php @@ -57,7 +57,7 @@ class ConfigureForm extends Model public $leaderboard_show_zero; public $time_zone; public $target_days_new = 2; - public $target_days_updated = 1; + public $target_days_updated = 0; public $discord_news_webhook; public $pf_state_limits; public $stripe_apiKey; @@ -472,7 +472,7 @@ public function rules() [['online_timeout'], 'default', 'value' => 900], [['spins_per_day'], 'default', 'value' => 2], ['target_days_new', 'default', 'value' => 1], - ['target_days_updated', 'default', 'value' => 2], + ['target_days_updated', 'default', 'value' => 0], [['event_start', 'event_end', 'registrations_start', 'registrations_end'], 'datetime', 'format' => 'php:Y-m-d H:i:s'], [[ 'dashboard_is_home', From 18d7f3876ad22bab121d852b7f9582308be6d645 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:13:09 +0200 Subject: [PATCH 65/71] on notification error send to logs --- frontend/models/Player.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/frontend/models/Player.php b/frontend/models/Player.php index 0f4720f07..669cc5b3a 100644 --- a/frontend/models/Player.php +++ b/frontend/models/Player.php @@ -408,21 +408,25 @@ public function notify($type = "info", $title, $body, $cc = true, $archive = tru try { $publisher = new \app\services\ServerPublisher(Yii::$app->params['serverPublisher']); $publisher->publish($this->id, 'notification', ['type' => $type, 'title' => $title, 'body' => $body]); - } catch(\Throwable $e) { + } catch (\Throwable $e) { // on publishing error make sure we store the noticication as pending - $cc=true; - $archive=false; + $cc = true; + $archive = false; Yii::error($e->getMessage()); } if ($cc === true) { $n = new \app\models\Notification; $n->player_id = $this->id; - $n->archived = $archive; + $n->archived = intval($archive); $n->category = $type; $n->title = $title; $n->body = $body; - return $n->save(); + if (!$n->save()) { + Yii::error($n->getErrorSummary(true)); + return false; + } + return true; } return true; } From 7f90642063e80a7184ec0420ac03695ef3f20027 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:14:00 +0200 Subject: [PATCH 66/71] sync mine and view stream queries --- frontend/modules/team/controllers/DefaultController.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/frontend/modules/team/controllers/DefaultController.php b/frontend/modules/team/controllers/DefaultController.php index d2d3df3f0..4ca6c0a39 100644 --- a/frontend/modules/team/controllers/DefaultController.php +++ b/frontend/modules/team/controllers/DefaultController.php @@ -274,8 +274,12 @@ public function actionMine() 'sort' => ['defaultOrder' => ['name' => SORT_ASC]], ]); + $subQuery = TeamStream::find() + ->select('stream_id') + ->where(['team_id' => \Yii::$app->user->identity->team->id]); + $stream = \app\models\Stream::find()->select('stream.*,TS_AGO(ts) as ts_ago') - ->where(['stream.player_id' => $teamPlayers]) + ->where(['id' => $subQuery]) ->orderBy(['ts' => SORT_DESC, 'id' => SORT_DESC]); $streamProvider = new ActiveDataProvider([ 'query' => $stream, From d59b2a0d0045fb1fa8ecec39c1952a27b309c1a7 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:15:50 +0200 Subject: [PATCH 67/71] use the target_id for updates fixes bug where we could update the wrong target --- frontend/web/js/libechoctf.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/web/js/libechoctf.js b/frontend/web/js/libechoctf.js index d81836895..2741f9940 100644 --- a/frontend/web/js/libechoctf.js +++ b/frontend/web/js/libechoctf.js @@ -188,7 +188,7 @@ var targetTimeout; var intervalTimeout = 5000; function targetUpdates(id) { - var targetEl = document.getElementById("target_id"); + var targetEl = document.getElementById("target_id_"+id); if(targetEl==null) return; var request = new XMLHttpRequest(); request.open("GET", `/target/${id}/ip`); From 5ffe09435eb0cc88a2c9b0f6c95bf5cfc2f56170 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:17:04 +0200 Subject: [PATCH 68/71] add the target->id to the css ID --- .../modules/target/views/default/_target_card.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/frontend/themes/material/modules/target/views/default/_target_card.php b/frontend/themes/material/modules/target/views/default/_target_card.php index 284e2b9c8..53779fdcd 100644 --- a/frontend/themes/material/modules/target/views/default/_target_card.php +++ b/frontend/themes/material/modules/target/views/default/_target_card.php @@ -21,10 +21,10 @@ else $display_ip=Html::a($target_ip,$target_ip,["class"=>'copy-to-clipboard text-danger text-bold','swal-data'=>"Copied to clipboard",'data-toggle'=>'tooltip','title'=>\Yii::t('app',"The IP of your private instance. Click to copy IP to clipboard.")]); } -if($target_ip=='0.0.0.0') -{ - $this->registerJs("targetUpdates({$target->id});", \yii\web\View::POS_READY); -} +//if($target_ip=='0.0.0.0') +//{ +// $this->registerJs("targetUpdates({$target->id});", \yii\web\View::POS_READY); +//} $subtitleARR=[$target->category,ucfirst($target->getDifficultyText($target->average_rating)),boolval($target->rootable) ? "Rootable" : "Non rootable",$target->timer===false ? null:'Timed']; $subtitle=implode(", ",array_filter($subtitleARR)); Card::begin([ @@ -34,7 +34,7 @@ 'icon'=>sprintf('', $target->logo), 'color'=>'target', 'subtitle'=>$subtitle, - 'title'=>sprintf('%s / %s', $target->name, $display_ip), + 'title'=>sprintf('%s / %s', $target->name, $target->id, $display_ip), 'footer'=>sprintf('

%s
%s', $target->purpose, TargetCardActions::widget(['model'=>$target,'identity'=>$identity]) ), ]); echo "

", $target->total_treasures, ": Flag".($target->total_treasures > 1 ? 's' : '')." "; From 119ecbe9f6294d23b1c098714aaace376f4d2ff8 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:18:07 +0200 Subject: [PATCH 69/71] use unique div id for each markdown div --- .../target/views/default/_target_metadata.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/frontend/themes/material/modules/target/views/default/_target_metadata.php b/frontend/themes/material/modules/target/views/default/_target_metadata.php index be722e0a3..2ee835d76 100644 --- a/frontend/themes/material/modules/target/views/default/_target_metadata.php +++ b/frontend/themes/material/modules/target/views/default/_target_metadata.php @@ -1,11 +1,13 @@ user->isGuest && $metadata):?> + formatter->divID; ?> user->identity->isAdmin):?> - scenario)):?>: formatter->asMarkdown($metadata->scenario)?>
- instructions)):?>: formatter->asMarkdown($metadata->instructions)?>
- solution)):?>: formatter->asMarkdown($metadata->solution)?>
+ scenario)):?>: formatter->divID = 'markdown-scenario'; echo \Yii::$app->formatter->asMarkdown($metadata->scenario)?> + instructions)):?>: formatter->divID = 'markdown-instructions'; echo \Yii::$app->formatter->asMarkdown($metadata->instructions)?> + solution)):?>: formatter->divID = 'markdown-solution'; echo \Yii::$app->formatter->asMarkdown($metadata->solution)?> - pre_credits)):?>: formatter->asMarkdown($metadata->pre_credits)?>
- pre_exploitation)):?>: formatter->asMarkdown($metadata->pre_exploitation)?>
- player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_exploitation)):?>: formatter->asMarkdown($metadata->post_exploitation)?>
- player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_credits)):?>: formatter->asMarkdown($metadata->post_credits)?>
+ pre_credits)):?>: formatter->divID = 'markdown-pre-credits'; echo \Yii::$app->formatter->asMarkdown($metadata->pre_credits)?> + pre_exploitation)):?>: formatter->divID = 'markdown-pre-exploitation'; echo \Yii::$app->formatter->asMarkdown($metadata->pre_exploitation)?> + player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_exploitation)):?>: formatter->divID = 'markdown-post-exploitation'; echo \Yii::$app->formatter->asMarkdown($metadata->post_exploitation)?> + player_id===Yii::$app->user->id && $target->progress==100) || Yii::$app->user->identity->isAdmin) && !empty($metadata->post_credits)):?>: formatter->divID = 'markdown-post-credits'; echo \Yii::$app->formatter->asMarkdown($metadata->post_credits)?> + formatter->divID=$oldId; ?> From 45f8219b666be3dd980086bf43456097bef6fefe Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 12:19:43 +0200 Subject: [PATCH 70/71] register the js/css files to make the markdown good-looking --- .../modules/target/views/default/_versus.php | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/frontend/themes/material/modules/target/views/default/_versus.php b/frontend/themes/material/modules/target/views/default/_versus.php index 83185c2f3..cc5e36332 100644 --- a/frontend/themes/material/modules/target/views/default/_versus.php +++ b/frontend/themes/material/modules/target/views/default/_versus.php @@ -29,6 +29,18 @@ $this->registerMetaTag(['name' => 'game:points', 'content' => '0']); $this->registerMetaTag(['name' => 'article:published_time', 'content' => $headshot->created_at]); } +$this->registerJsFile('@web/js/showdown.min.js',[ + 'depends' => [ + \yii\web\JqueryAsset::class + ] +]); +$this->registerJsFile('@web/assets/hljs/highlight.min.js',[ + 'depends' => [ + \yii\web\JqueryAsset::class + ] +]); +$this->registerCssFile('@web/assets/hljs/styles/a11y-dark.min.css',['depends' => ['app\assets\MaterialAsset']]); + ?>

@@ -167,4 +179,11 @@ render('_target_writeups', ['writeups' => $target->writeups, 'active' => false, 'writeups_activated' => (PTH::findOne(['player_id' => Yii::$app->user->id, 'target_id' => $target->id]) !== null || Headshot::findOne(['player_id' => Yii::$app->user->id, 'target_id' => $target->id]) !== null)]); ?>
-
\ No newline at end of file +
+registerJs( + 'hljs.highlightAll();', + $this::POS_READY, + 'markdown-highlighter' +); +?> From fe45c55896197faae7ba57cd4f29f5e593d4b0a2 Mon Sep 17 00:00:00 2001 From: Pantelis Roditis Date: Mon, 26 Jan 2026 13:48:13 +0200 Subject: [PATCH 71/71] document websockets a bit --- docs/Websockets.md | 59 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 docs/Websockets.md diff --git a/docs/Websockets.md b/docs/Websockets.md new file mode 100644 index 000000000..3b46b4756 --- /dev/null +++ b/docs/Websockets.md @@ -0,0 +1,59 @@ +# Websockets service + +echoCTF.RED provides player updates to the live players through the use of [ws-server](https://github.com/echoCTF/ws-server). + +The services that want to communicate an update to the current live players submit their events through the HTTP service of ws-server. + +The system can send messages to a specific player or all connected players through the `/publish` and `/broadcast` endpoints respectively. + +Currently the following events are implemented: + +* `notification`: Sends a direct notification, Alert or Sweetalerts. +* `apiNotifications`: Tell the clients to perform an update of their in-page notifications. +* `target`: Update the target card if currently visible + +## Examples + +* Notify all users to perform an `apiNotifications()` js call. Effectively fetch the latest notifications through ajax. + +```shell +curl -X POST "http://localhost:8888/broadcast" \ + -H "Authorization: Bearer YOURTOKEN" \ + -H "Content-Type: application/json" \ + -d '{ "event": "apiNotifications" }' +``` + +* Send a SweetAlert (`"type": "swap:info"`) notification to player with id `1` + +```shell +curl -X POST "http://localhost:8888/publish" \ + -H "Authorization: Bearer server123token" \ + -H "Content-Type: application/json" \ + -d '{ + "player_id": "1", + "event": "notification", + "payload": + { + "title": "This is a notification", + "body": "This is the notification body", + "type": "swal:info" + } + }' +``` + +Note: Removing the `swal:` prefix from `type` sends a normal bootstrap alert notification. + +* Send an update for to player id `1` for updates on target id `2` + +```shell +curl -X POST "http://localhost:8888/publish" \ + -H "Authorization: Bearer server123token" \ + -H "Content-Type: application/json" \ + -d '{ + "player_id": "1", + "event": "target", + "payload": { "id": "2" } + }' +``` + +This will execute the js code `targetUpdates(2)`.