"; saveFile( $file, $data ); } function encryptPassword( $p ) { return sha1( md5( $p ) ); } function cleanUsername( $username ) { return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ' ). ']#', '', $username ); } function isAbsPath( $path ) { return $path[0] === '/'; } function cleanPath( $path ) { // prevent Poison Null Byte injections $path = str_replace( chr( 0 ), '', $path ); // prevent go out of the workspace while ( strpos( $path, '../' ) !== false ) { $path = str_replace( '../', '', $path ); } return $path; } ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if ( ( file_exists( $user_settings_file ) || file_exists( $projects_file ) || file_exists( $users_file ) ) || ! ( defined( "DBHOST" ) && defined( "DBNAME" ) && defined( "DBUSER" ) && defined( "DBPASS" ) && defined( "DBTYPE" ) ) ) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername( $_POST['username'] ); $password = encryptPassword( $_POST['password'] ); $project_name = $_POST['project_name']; if ( isset( $_POST['project_path'] ) ) { $project_path = $_POST['project_path']; } else { $project_path = $project_name; } $timezone = $_POST['timezone']; $dbhost = $_POST['DBHOST']; $dbname = $_POST['DBNAME']; $dbuser = $_POST['DBUSER']; $dbpass = $_POST['DBPASS']; $connection = mysqli_connect( $dbhost, $dbuser, $dbpass, $dbname ) or die ( formatJSEND( "error", 'Error connecting to mysql database. Please contact the website administrator.' ) ); $bind_vars = array(); $bind = ""; $sql = " -- phpMyAdmin SQL Dump -- version 4.6.6deb5 -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 -- Generation Time: Dec 11, 2018 at 05:31 PM -- Server version: 5.7.24-0ubuntu0.18.04.1 -- PHP Version: 7.2.10-0ubuntu0.18.04.1 SET SQL_MODE = 'NO_AUTO_VALUE_ON_ZERO'; SET time_zone = '+00:00'; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; -- -- Database: `code_test` -- -- -------------------------------------------------------- -- -- Table structure for table `options` -- CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` varchar(255) NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `projects` -- CREATE TABLE IF NOT EXISTS `projects` ( `id` int(11) NOT NULL, `name` varchar(255) NOT NULL, `path` varchar(255) NOT NULL, `owner` varchar(255) NOT NULL, `access` text ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `users` -- CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL, `first_name` varchar(255) DEFAULT NULL, `last_name` varchar(255) DEFAULT NULL, `username` varchar(255) NOT NULL, `password` text NOT NULL, `email` varchar(255) DEFAULT NULL, `project` varchar(255) DEFAULT NULL, `access` varchar(255) NOT NULL, `groups` text, `token` text ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `user_options` -- CREATE TABLE IF NOT EXISTS `user_options` ( `id` int(11) NOT NULL, `name` varchar(255) NOT NULL, `username` varchar(255) NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Indexes for dumped tables -- -- -- Indexes for table `options` -- ALTER TABLE `options` ADD PRIMARY KEY (`id`), ADD UNIQUE KEY `option_name` (`name`); -- -- Indexes for table `projects` -- ALTER TABLE `projects` ADD PRIMARY KEY (`id`), ADD UNIQUE KEY `project_path` (`path`,`owner`); -- -- Indexes for table `users` -- ALTER TABLE `users` ADD PRIMARY KEY (`id`), ADD UNIQUE KEY `username` (`username`); -- -- Indexes for table `user_options` -- ALTER TABLE `user_options` ADD PRIMARY KEY (`id`), ADD UNIQUE KEY `option_name` (`name`,`username`); -- -- AUTO_INCREMENT for dumped tables -- -- -- AUTO_INCREMENT for table `options` -- ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; -- -- AUTO_INCREMENT for table `projects` -- ALTER TABLE `projects` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=41; -- -- AUTO_INCREMENT for table `users` -- ALTER TABLE `users` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=79; -- -- AUTO_INCREMENT for table `user_options` -- ALTER TABLE `user_options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2541; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; "; $result = mysqli_prepare( $connection, $sql ) or die( $error ); $result->bind_param( $bind, ...$bind_variables ); $result->execute(); if( $connection->error ) { $return = formatJSEND( "error", $connection->error ); } ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = cleanPath( $project_path ); if ( ! isAbsPath( $project_path ) ) { $project_path = str_replace( " ", "_", preg_replace( '/[^\w-\.]/', '', $project_path ) ); mkdir( $workspace . "/" . $project_path ); } else { $project_path = cleanPath( $project_path ); if ( substr( $project_path, -1 ) == '/' ) { $project_path = substr( $project_path, 0, strlen( $project_path ) - 1 ); } if ( ! file_exists( $project_path ) ) { if ( ! mkdir( $project_path . '/', 0755, true ) ) { die( "Unable to create Absolute Path" ); } } else { if ( ! is_writable( $project_path ) || ! is_readable( $project_path ) ) { die( "No Read/Write Permission" ); } } } $bind_vars = array( $project_name, $project_path, $username ); $bind = "sss"; $sql = "INSERT INTO `projects`(`name`, `path`, `owner`) VALUES (?,?,?)"; $result = mysqli_prepare( $connection, $sql ) or die( $error ); $result->bind_param( $bind, ...$bind_variables ); $result->execute(); if( $connection->error ) { $return = formatJSEND( "error", $connection->error ); } $bind_vars = array( "", "", $username, $password, "", $project_path, "admin", "", "" ); $bind = "sssssssss"; $sql = "INSERT INTO `users`(`first_name`, `last_name`, `username`, `password`, `email`, `project`, `access`, `groups`, `token`) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?)"; $result = mysqli_prepare( $connection, $sql ) or die( $error ); $result->bind_param( $bind, ...$bind_variables ); $result->execute(); if( $connection->error ) { $return = formatJSEND( "error", $connection->error ); } /** * Create sessions path. */ if ( ! is_dir( $sessions ) ) { mkdir( $sessions, 00755 ); } ////////////////////////////////////////////////////////////////// // Create Active file ////////////////////////////////////////////////////////////////// saveJSON($active, array('')); ////////////////////////////////////////////////////////////////// // Create Config ////////////////////////////////////////////////////////////////// $config_data = '