defendtheweb · CH3-V · Sep 29, 2014 · Sep 30, 2014 · Sep 30, 2014 · Oct 25, 2014
diff --git a/README.md b/README.md
@@ -1,14 +1,12 @@
 HackThis
 ========
-[![project status](http://stillmaintained.com/HackThis/hackthis.co.uk.png)](http://stillmaintained.com/HackThis/hackthis.co.uk)
-
-This repository contains all code for http://www.hackthis.co.uk.
+This repository contains the majority of the code for security challenge site http://www.hackthis.co.uk.
 
 ## Installation Instructions
 
 You can set up the site on your own local machine and help the development.
 The specific instructions differ depending on your operating system.
-Following are instructions for Windows and Ubuntu. In the end you can find a general description of the process for any other OS.
+Following are instructions for Windows and Ubuntu. In the end, you can find a general description of the process for any other OS.
 
 ### Ubuntu Installation
 
@@ -17,7 +15,7 @@ Following are instructions for Windows and Ubuntu. In the end you can find a gen
     git clone http://github.com/HackThis/hackthis.co.uk
     ```
 
-2. Run the the installation script by using the following command
+2. Run the installation script by using the following command
     ```
     sudo ./install_hackthis_ubuntu.sh
     ```
@@ -55,7 +53,7 @@ Following are instructions for Windows and Ubuntu. In the end you can find a gen
     Follow the instructions of the script until it's done.
     If an error occurs, the script will let you know what to do.
     Fix what's wrong and re-run the script until it ends successfully.
-6. Open your broswer and navigate to
+6. Open your browser and navigate to
 
     ```
     http://localhost/hackthis/?generate
@@ -115,13 +113,13 @@ Following are instructions for Windows and Ubuntu. In the end you can find a gen
     nano html/.htaccess
     ```
 
-8. Create and configure config file. Change path to the path of your hackthis.co.uk directory, without trailing slash. Next set MySQL credentials to match those used in setup, database is `hackthis`. Facebook, twitter and lastfm API keys are not required but some features will not work correctly.
+8. Create and configure config file. Change path to the path of your hackthis.co.uk directory, without trailing slash. Next set MySQL credentials to match those used in setup, database is `hackthis`. Facebook, Twitter and Lastfm API keys are not required but some features will not work correctly.
     ```
     cp files/example.config.php files/config.php
     nano files/config.php
     ```
 
-9. Create and set new folder privilages
+9. Create and set new folder privileges
     ```
     mkdir html/files/css/min
     mkdir html/files/css/min/light

diff --git a/files/cache/version_history.md b/files/cache/version_history.md
@@ -1,9 +1,125 @@
+## 09-07-2016
+* Fixed missing userbar image in user settings
+
+## 06-07-2016
+* Added Real level 7
+
+## 30-06-2016
+* Fixed Intermediate level 5
+* Added spoiler tag to WYSIWYG editor - [L3gand](/user/L3gand)
+
+## 16-06-2015
+* Disabled users from logging in with old password hashes, forcing password reset
+
+## 15-06-2015
+* Added online indicators to levels that rely on external services
+* Stricted forum checks added for newly registered users
+
+## 12-06-2015
+* Added two-factor authentication using Google Authenticator - [CygnusH33L](/user/CygnusH33L)
+
+## 07-06-2015
+* Spelling mistake in forum email - [MrCyph3r](/user/MrCyph3r)
+
+## 06-06-2015
+* Main authentication method switched to LDAP
+
+## 08-05-2015
+* Error in privacy document - [MrCyph3r](/user/MrCyph3r)
+* Spelling mistake in Terms - [Rex-Mundi](/user/Rex_Mundi)
+
+## 03-05-2015
+* Hide latest news article from homepage after 2 weeks
+
+## 01-05-2015
+* Changed user profile history links for forum posts to go to the correct page
+
+## 09-03-2015
+* Tweaked IRC stats to format numbers and dates
+
+## 15-02-2015
+* Added basic forum stats
+
+## 19-01-2015
+* Grammatical fix - [tl0tr](/user/tl0tr)
+
+## 21-11-2014
+* Allow transition from dropdown message creator to full view - [singleton](/user/singleton)
+
+## 25-09-2014
+* Fixed XSS on profile - [darkl33ch](/user/darkl33ch)
+
+## 20-09-2014
+* Added Crypt 9
+* Improved forum flagging
+
+## 11-09-2014
+* Notifications are automatically marked as read when viewing thread
+
+## 09-09-2014
+* Fixed profile level details
+* Fixed access to solutions forum sections
+* Fixed levels dropdown menu
+
+## 07-09-2014
+* Changed level layout
+
+## 24-08-2014
+* Switched emails to Mandrell
+
+## 22-08-2014
+* Fixed Basic+ forum links on level pages
+
+## 16-08-2014
+* Added privacy controls to show/hide users in online and scoreboard lists
+* Added website field to user profile
+* Converted more pages to be rendered by Twig
+
+## 05-08-2014
+* Added statuses to contact tickets
+
+## 04-08-2014
+* Trigger added to handle changes in medal rewards across all users
+
+## 30-07-2014
+* Added regex solutions to levels
+
+## 29-07-2014
+* Allow new threads to be created outside of leaf nodes
+* Fixed solutions showing up to non-authorized users
+
+## 28-07-2014
+* Basic+ Level 6 added
+
+## 26-07-2014
+* Auto-login added
+
+## 24-07-2014
+* Solved spacing in BBCode blocks
+* Fixed double spacing in BBCode code blocks - [DJDavid98](/user/djdavid98)
+* Changed styling of home forum widget, added section details and created date
+* Fixed missing breadcrumbs on forum thread list
+* Added restricted solution discussion forum sections
+
+## 23-07-2014
+* Added the year to short dates not for the current year - [DJDavid98](/user/djdavid98)
+
+## 21-07-2014
+* Crypt Level 8 added - [sabretooth](/user/sabretooth)
+
+## 19-07-2014
+* Fixed bug in account deletion
+
+## 02-07-2014
+* Karma controls are now still accessible when a post is hidden
+
 ## 29-06-2014
 * Added min length and filtered special characters in AJAX search - [verath](/user/verath)
 * Made WeChall user scores depend only on solved levels - [dloser](/user/dloser)
 * Navbar fix when no levels added - [dloser](/user/dloser)
 
 ## 22-06-2014
+* Real Level 6 added
 * Repaired friend removal from settings menu - [dloser](/user/dloser)
 
 ## 10-06-2014
@@ -13,7 +129,7 @@
 * Added WeChall API pages
 
 ## 08-06-2014
-* Fixed gramatical error in privacy statement - [sabretooth](/user/sabretooth)
+* Fixed grammatical error in privacy statement - [sabretooth](/user/sabretooth)
 
 ## 09-05-2014
 * Added H3 tag to BBCode
@@ -75,7 +191,7 @@
 * W3C validation fixes - [DJDavid98](/user/djdavid98)
 * Styling fix for invisible select elements - [DJDavid98](/user/djdavid98)
 
-## 23-02-2104
+## 23-02-2014
 * Code added to handle plural articles on article contributors - [DJDavid98](/user/djdavid98)
 * Footer grammar fix - [kamzhik](/user/kamzhik)
 
@@ -105,4 +221,11 @@
 * Included a detailed list of changes for each new version
 * Added slimdown, a markdown parser
 * Added contributor medal
-* Uploaded wider background image to match new site width
+* Uploaded wider background image to match new site width  
+
+
+
+# Vulnerability disclosures
+* [Pseudonym](/user/pseudonym) - 12/01/2013 - XSS, search results for forum title
+* [Pseudonym](/user/pseudonym) - 05/01/2013 - PM subject showing up over multiple lines in navigation using script comments
+* [Pseudonym](/user/pseudonym) - 05/01/2013 - Forum title, showing up in latest and feed
diff --git a/files/class.admin.php b/files/class.admin.php
@@ -4,20 +4,21 @@ class admin {
         private $forum_reasons_posts = array('This post is not relevant to the thread. If you need help or want to post something that has not been discussed then please create a new thread. If you want to ask a user a specific question unrelated to the current topic please use the PM system.',
                                             'This post is primarily an answer or has far more detail than is necessary to be helpful.',
                                             'This post is primarily an advertisement with no disclosure. It is not useful or relevant, but promotional. If you are interested in advertising on our platform please contact us.',
-                                            'This post has severe formatting or content problems. Please be more considered when posting in future.',
-                                            'The communities first and only language is English. If you are feel you need to talk in another language please find another member who can speak that language and contact them directly via PM.',
-                                            'This post refers to a post that longer exists and is being removed just to tidy things up. Don\'t worry about this report.');
+                                            'This post has severe formatting or content problems. Please be more cautious when posting in future.',
+                                            'The communities first and only language is English. If you feel you need to talk in another language please find another member who can speak that language and contact them directly via PM.',
+                                            'This post refers to a post that no longer exists and is being removed just to tidy things up. Don\'t worry about this report.');
         private $forum_reasons_threads = array('This thread is not relevant to this site. If you want to ask a user a specific question unrelated to the site topic please use the PM system.',
                                             'This thread is primarily an answer or has far more detail than is necessary to be helpful.',
                                             'This thread is primarily an advertisement with no disclosure. It is not useful or relevant, but promotional. If you are interested in advertising on our platform please contact us.',
-                                            'This thread has severe formatting or content problems. Please be more considered when posting in future.',
-                                            'The communities first and only language is English. If you are feel you need to talk in another language please find another member who can speak that language and contact them directly via PM.',
+                                            'This thread has severe formatting or content problems. Please be more cautious when posting in future.',
+                                            'The communities first and only language is English. If you feel you need to talk in another language please find another member who can speak that language and contact them directly via PM.',
                                             'This thread has been removed to tidy things up. Don\'t worry about this report.');
 
         public function __construct($app) {
             $this->app = $app;
         }
 
+        /******* TICKETS *******/
         public function getUnreadTickets() {
             $sql = "SELECT `mod_contact`.*, COUNT(a.message_id) AS `replies` FROM `mod_contact`
                     LEFT JOIN `mod_contact` a
@@ -32,27 +33,27 @@ public function getUnreadTickets() {
             return $count;
         }
 
-        public function getLatestForumFlags($limit = true) {
-            $sql = "SELECT MAX(forum_posts_flags.time) AS `latest`, COUNT(forum_posts_flags.post_id) AS `flags`, forum_posts_flags.reason, users.username, forum_threads.thread_id, forum_threads.slug, forum_threads.title, forum_posts.post_id, forum_posts.body
-                    FROM forum_posts_flags
-                    INNER JOIN forum_posts
-                    ON forum_posts_flags.post_id = forum_posts.post_id
-                    INNER JOIN forum_threads
-                    ON forum_posts.thread_id = forum_threads.thread_id
-                    INNER JOIN users
-                    ON users.user_id = forum_posts.author
-                    WHERE forum_posts.deleted = 0 AND forum_threads.deleted = 0
-                    GROUP BY forum_posts_flags.post_id
-                    ORDER BY `flags` DESC, `latest` DESC";
-            if ($limit) $sql .= " LIMIT 5";
 
+
+        /******* LOGS *******/
+        public function getModeratorLogs($limit = true) {
+            $sql = "SELECT `report_id`, `type`, `subject`, username, `time`
+                    FROM mod_reports
+                    INNER JOIN `users`
+                    ON `users`.user_id = `mod_reports`.user_id
+                    ORDER BY `report_id` DESC";
+            if ($limit) $sql .= " LIMIT 5";
+
             $st = $this->app->db->prepare($sql);
             $st->execute();
             $result = $st->fetchAll();
 
             return $result;
         }
 
+
+
+        /******* ARTICLES *******/
         public function getLatestArticleSubmissions($limit = true) {
             $sql = "SELECT articles_draft.article_id, articles_draft.title, articles_draft.time, articles_categories.title AS `category`, users.username
                     FROM articles_draft
@@ -71,10 +72,48 @@ public function getLatestArticleSubmissions($limit = true) {
             return $result;
         }
 
+        public function getLatestArticleComments() {
+            $sql = "SELECT users.username, articles.title, articles_comments.time, articles_comments.comment
+                    FROM articles_comments
+                    INNER JOIN users
+                    ON users.user_id = articles_comments.user_id
+                    INNER JOIN articles
+                    ON articles.article_id = articles_comments.article_id
+                    WHERE articles_comments.deleted IS NULL
+                    ORDER BY `time` DESC
+                    LIMIT 5";
+
+            $st = $this->app->db->prepare($sql);
+            $st->execute();
+            $result = $st->fetchAll();
+
+            return $result;
+        }
 
 
 
-        // Forum
+        /******* FORUM *******/
+        public function getLatestForumFlags($limit = true) {
+            $sql = "SELECT MAX(forum_posts_flags.time) AS `latest`, COUNT(forum_posts_flags.post_id) AS `flags`, forum_posts_flags.reason, users.username, forum_threads.thread_id, forum_threads.slug, forum_threads.title, forum_posts.post_id, forum_posts.body
+                    FROM forum_posts_flags
+                    INNER JOIN forum_posts
+                    ON forum_posts_flags.post_id = forum_posts.post_id
+                    INNER JOIN forum_threads
+                    ON forum_posts.thread_id = forum_threads.thread_id
+                    INNER JOIN users
+                    ON users.user_id = forum_posts.author
+                    WHERE forum_posts.deleted = 0 AND forum_threads.deleted = 0 AND forum_posts_flags.response = 0
+                    GROUP BY forum_posts_flags.post_id
+                    ORDER BY `flags` DESC, `latest` DESC";
+            if ($limit) $sql .= " LIMIT 5";
+
+            $st = $this->app->db->prepare($sql);
+            $st->execute();
+            $result = $st->fetchAll();
+
+            return $result;
+        }
+
         public function removeForumThread($thread_id, $reason, $extra) {
             // Delete post
             $deleted = $this->app->forum->deleteThread($thread_id);
@@ -147,5 +186,47 @@ public function removeForumPost($post_id, $reason, $extra) {
 
             return true;
         }
+
+
+
+        /******* USER MANAGEMENT *******/
+        public function getModerators() {
+            $query = "SELECT username, users.user_id AS `uid`, users_priv.*
+                      FROM users_priv
+                      INNER JOIN users
+                      ON users.user_id = users_priv.user_id
+                      WHERE users_priv.site_priv > 1 OR 
+                            users_priv.pm_priv > 1 OR 
+                            users_priv.forum_priv > 1 OR 
+                            users_priv.pub_priv > 1";
+
+            $st = $this->app->db->prepare($query);
+            $st->execute();
+            $result = $st->fetchAll();
+
+            return $result;
+        }
+
+        public function setModeratorPriv($user_id, $priv, $priv_value) {
+            // Check user has privilages
+            if ($this->app->user->site_priv < 2 || $user_id == '69') {
+                echo "No";
+                return;
+            }
+
+            if ($priv != 'site' && $priv != 'pm' && $priv != 'forum' && $priv != 'pub') {
+                return;
+            }
+
+            $priv = $priv.'_priv';
+
+            $this->app->db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+            $st = $this->app->db->prepare("INSERT INTO users_priv (`user_id`, ".$priv.") VALUES (:uid, :priv_value) ON DUPLICATE KEY UPDATE ".$priv."=:priv_value");
+            $status = $st->execute(array(':uid'=>$user_id, ':priv_value'=>$priv_value));
+
+            print_r($status);
+        }
+
     }
-?>
+?>