From 8ae6d834503efbbf150ad746f40992a3aa66ecb3 Mon Sep 17 00:00:00 2001
From: ix <0x00fi@protonmail.com>
Date: Fri, 10 Dec 2021 09:47:45 +0100
Subject: [PATCH] fix access to event challenges when event not begun or user
 not connected

---
 src/events/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/events/views.py b/src/events/views.py
index 7a0848a..df1c328 100644
--- a/src/events/views.py
+++ b/src/events/views.py
@@ -27,6 +27,8 @@ def events(request):
 def chall_event_info(request, event_slug, chall_slug):
     event_info  = get_object_or_404(Event, slug=event_slug)
     ctf_info    = get_object_or_404(CTF, event__slug=event_info.slug, slug=chall_slug)
+    if timezone.now() < ctf_info.start_date:
+        return redirect('events:event_info', event_slug=event_slug)
     eventisover = False
     alreadyflag = False
     congrat     = False
@@ -37,6 +39,8 @@ def chall_event_info(request, event_slug, chall_slug):
         userScore = Scores.objects.filter(event=event_info, user=request.user)
         if not userScore:
             return redirect('/')
+    elif not request.user.is_authenticated:
+        return redirect('/')
     if request.GET.get('EventIsOver'):
         eventisover = True
     if request.GET.get('AlreadyFlagged'):