"; saveFile($file, $data); } function encryptPassword($p) { return sha1(md5($p)); } function cleanUsername($username) { return preg_replace('#[^A-Za-z0-9'.preg_quote('-_@. ').']#', '', $username); } function isAbsPath($path) { return $path[0] === '/'; } function cleanPath($path) { // prevent Poison Null Byte injections $path = str_replace(chr(0), '', $path); // prevent go out of the workspace while (strpos($path, '../') !== false) { $path = str_replace('../', '', $path); } return $path; } ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername($_POST['username']); $password = encryptPassword($_POST['password']); $project_name = $_POST['project_name']; if (isset($_POST['project_path'])) { $project_path = $_POST['project_path']; } else { $project_path = $project_name; } $timezone = $_POST['timezone']; ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = cleanPath($project_path); if (!isAbsPath($project_path)) { $project_path = str_replace(" ", "_", preg_replace('/[^\w-\.]/', '', $project_path)); mkdir($workspace . "/" . $project_path); } else { $project_path = cleanPath($project_path); if (substr($project_path, -1) == '/') { $project_path = substr($project_path, 0, strlen($project_path)-1); } if (!file_exists($project_path)) { if (!mkdir($project_path.'/', 0755, true)) { die("Unable to create Absolute Path"); } } else { if (!is_writable($project_path) || !is_readable($project_path)) { die("No Read/Write Permission"); } } } $project_data = array("name"=>$project_name,"path"=>$project_path); saveJSON($projects, array($project_data)); /** * Create sessions path. */ if ( ! is_dir( $sessions ) ) { mkdir( $sessions, 00755 ); } ////////////////////////////////////////////////////////////////// // Create Users file ////////////////////////////////////////////////////////////////// $user_data = array("username"=>$username,"password"=>$password,"project"=>$project_path); saveJSON($users, array($user_data)); ////////////////////////////////////////////////////////////////// // Create Active file ////////////////////////////////////////////////////////////////// saveJSON($active, array('')); ////////////////////////////////////////////////////////////////// // Create Config ////////////////////////////////////////////////////////////////// $config_data = '