Updated New Challenges and Solutions

CONTRIBUTING.md

@@ -0,0 +1,116 @@
+Tips for developers
+-------------------
+
+Hackademic is a young project, however, it's gaining momentum fast. If you are interested in contributing you should follow some basic guidelines.
+
+* The latest development version is the `next-dev` branch, you should check it out and make all your pull requests there.
+* We would really appreciate it if your new features came with unit tests. If you don't know how ask us.
+* Tests:
+  * New features should come with php-unit or Selenium (or better both) unit tests testing that the feature works as expected.
+  * All the code should pass the existing unit tests before merging.
+* Coding - Style:
+  * Every commit shouldn't generate any errors with PHP_CodeSniffer (to fix most errors you can use PHP Coding Standards Fixer).
+* Coding - Standards:
+  * We try to conform to the PSR-* coding standards any new code, preferably including challenges should be compliant.
+* Commits: Clean commits make it easy to review code, also commits that do only one thing are easier to manage bug-wise. So:
+    * One commit should fix one problem or introduce one feature only, please don't commit fixes all around the place.
+    * Only what you modified goes in the commit (for instance you shouldn't commit vim/project files or anything unrelated).
+    * The commit message should explain what you did briefly.
+    * Every commit should merge with `next-dev` without conflicts (rebase often).
+* Pull Requests:
+  * All pull requests should be for the `next-dev` branch.
+  * In case you found an important bug in a previous version and you think people running the version should get the fix then issue a pull request for that specific version (it should still merge without any conflicts though).
+
+
+Translations
+------------
+We're using gettext for translations coupled with the apropriate smarty plugin.
+If you'd like to provide a tanslation you can look at the locale directory under your desired language.
+The project's language is changed either on install or by setting the correct value in the config file.
+
+For devs:
+Handy tutorial on gettext:
+`http://www.sitepoint.com/localizing-php-applications-1/`
+
+The smarty plugin:
+`https://github.com/smarty-gettext/smarty-gettext`
+
+2 line instructions:
+The settings are loaded in the master controller,
+In the templates include whatever you want to be translated in {}.
+
+
+How to create a challenge
+-------------------------
+
+Hackademic challenges are simple websites or web applications that simulate a vulnerability.
+In our current version we use regular expressions to check if the provided string is correct.
+In order to initialize your challenge you need to include the following.
+
+```php
+include_once dirname(__FILE__).'/../../init.php';
+session_start();
+require_once(HACKADEMIC_PATH."pages/challenge_monitor.php");
+$monitor->update(CHALLENGE_INIT, $_GET);
+$_SESSION['init'] = true;
+```
+
+Then in order to register a success you call
+```php
+$monitor->update(CHALLENGE_SUCCESS, $_GET);
+```
+and for a failure 
+```php
+$monitor->update(CHALLENGE_FAILURE, $_GET);
+```
+
+
+Packaging Challenges
+-----------------------------
+
+In order to package a challenge you have to create an XML file named after the challenge. The `.xml` file should have the structure found here:
+`https://github.com/Hackademic/hackademic/blob/next/challenges/Example/example.xml`
+
+Then you package everything in a zip file and ship it.
+
+
+Frontend testing Documentation and how to create a test
+-------------------------------------------------------
+
+We use phpunit and Selenium webDriver with Facebook's php bindings to create functional tests.
+
+We've included everything as a composer dependency so you only need to download composer and run
+```
+composer install
+```
+in order to fetch the dependencies.
+
+
+Running tests
+-------------
+
+To run the tests you first need to start the remote webdriver server.
+For convenience a reasonably recent server executable is included with the project.
+You can start the server by running:
+```
+java -jar selenium-server-standalone-2.45.0.jar
+```
+from the tests directory.
+This will start a local webdriver server that listens on localhost and port 4444.
+Then you execute tests by running:
+```
+vendor/bin/phpunit <path_to_your_test>
+```
+
+
+Writing your own tests:
+-----------------------
+
+To write your own tests you can check `<tests_dir>/admin/model/AddUserControllerTest.php` for an example a `BaseTest` class with some helper functions is provided.
+
+0. Test for normal behavior first
+1. Test if it generates all the erros second
+3. Identify the edge cases and write tests for them
+4. In order to get a unique css path for the element you want to click you can inspect it in Firefox or Chrome and right-click on the element and select Copy CSS Path
+5. Cleanup after your test, `tearDown()` exists for that reason too.
+6. Each class should test one feature. E.g. `AddUserTest` should test if a user can be added sucessfully.

README.md

@@ -0,0 +1,97 @@
+[![Project Status: Active - The project has reached a stable, usable state and is being actively developed.](http://www.repostatus.org/badges/0.1.0/active.svg)](http://www.repostatus.org/#active)
+
+OWASP Hackademic Challenges project
+===================================
+
+The **OWASP Hackademic Challenge** project helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controllable and safe environment.
+
+The latest stable version is in `next` branch, the development version is in `next-dev`.
+
+
+Description
+-----------
+
+The Hackademic challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective.
+
+Currently, there are 10 scenarios available.
+
+You can choose to start from the one that you find most appealing, although we suggest to follow the order presented on the first page. We intend to expand the available challenges with additional scenarios that involve cryptography and even vulnerable systems implemented in downloadable virtual machines.
+
+
+
+
+Deployment
+----------
+
+Dependencies of Hackademic involve a web server (Apache, nginx) with PHP and Mysql/MariaDB connected with it. Make sure you have installed these before you start deploying Hackademic. We recommand to use Apache with MySQL. See [Digital Ocean's website](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu) for a good tutorial under Ubunt. See [WampServer](http://www.wampserver.com/en/) to set up the environnement under Windows.
+
+Clone Hackademic project,
+
+`git clone https://github.com/Hackademic/hackademic.git`
+
+After successful cloning of the Hackademic project, copy the contents into `/var/www`
+We need to change the permissions of the file now,
+
+`sudo chmod -R 765 hackademic`
+
+Ensure that the Apache is started and SQL connection is also active. Point your browser towards `http://127.0.0.1/`
+You will be prompted with Hackademic page. In case you have many sub-directories in `/var/www/`, the browser would throw up all the directories.
+Choose hackademic from that.
+
+Now you will be prompted to Hackademic installation page.
+Be sure to fill out all the fields.
+
+1. Administrator Details
+
+	Fill any email id, username and password. 
+	You will using this username and password, later to log in to hackademic.
+
+2. Database Settings
+
+	Fill the database name, database host, database username and password.
+
+3. Configuration Settings
+
+	All the fields are preloaded with information. Go to next level.
+
+4. Finish
+
+	On finish, you should get a success message. Open the URL it suggests. 
+	You should be able to log in.
+
+
+After finish stage if you got a error
+
+*Parse error: syntax error, unexpected '[' in /var/www/hackademic/model/common/class.ChallengeAttempts.php on line 363']'*
+
+update the version of PHP you are using. Hackademic uses 5.4+. 
+
+
+
+Road Map and Getting Involved
+-----------------------------
+
+We maintain an up to date list of open issues on the platform on our [issues](https://github.com/Hackademic/hackademic/issues)
+
+For a list of features we would like implemented you can see either the issues page or our [Google Summer Of Code ideas page](https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_Hackademic_Challenges_-_New_challenges_and_Improvements_to_the_existing_ones)
+
+Involvement in the development and promotion of the Hackademic Challenges is actively encouraged!
+You do not have to be a security expert in order to contribute.
+Some of the ways you can help:
+
+* Write Documentation
+* Write Unit tests
+* Develop themes and plugins
+* Write Challenges or Articles or contribute security courses
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for installation guidelines and other developer-oriented explanations.
+
+We are also experimenting with a trello board [here](https://trello.com/b/Y6oHvP3P/hakcademic-roadmap)
+
+Contact Us
+----------
+
+Feel free to connect with us over `#hackademic-dev` channel on Freenode.
+We also run a mailing list which is `[email protected]`
+that you can join [here](https://lists.owasp.org/mailman/listinfo/owasp-hackademic-challenges).
+You can also check out the slack discussion on the owasp slack channel [here](https://owasp.slack.com/messages/project-hackademic/)

admin/assets/css/base.css

@@ -93,7 +93,7 @@ body {height:95%;}
 .add_form {width:90%; margin: auto;}
 
 .width_auto {width: auto;}
-.width_100 {width: 100;}
+.width_100 {width: 100%;}
 .width_90 {width: 90%;}
 .width_50 {width: 50%;}
 .width_40 {width: 40%;}