// prevent Poison Null Byte injections $path = str_replace(chr(0), '', $path); // prevent go out of the workspace while (strpos($path, '../') !== false) { $path = str_replace('../', '', $path); } return $path; } ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername($_POST['username']); $password = encryptPassword($_POST['password']); $project_name = $_POST['project_name']; if (isset($_POST['project_path'])) { $project_path = $_POST['project_path']; } else { $project_path = $project_name; } $timezone = $_POST['timezone']; ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = cleanPath($project_path); if (!isAbsPath($project_path)) { $project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path)); mkdir($workspace . "/" . $project_path);
//define("MARKETURL", "http://market.codiad.com/json"); // Update Check //define("UPDATEURL", "http://update.codiad.com/?v={VER}&o={OS}&p={PHP}&w={WEB}&a={ACT}"); //define("ARCHIVEURL", "https://github.com/Codiad/Codiad/archive/master.zip"); //define("COMMITURL", "https://api.github.com/repos/Codiad/Codiad/commits"); '; saveFile($config, $config_data); ////////////////////////////////////////////////////////////////////// // Verify no overwrites ////////////////////////////////////////////////////////////////////// if (!file_exists($users) && !file_exists($projects) && !file_exists($active)) { ////////////////////////////////////////////////////////////////// // Get POST responses ////////////////////////////////////////////////////////////////// $username = cleanUsername("default"); $password = encryptPassword("default"); ////////////////////////////////////////////////////////////////// // Create Projects files ////////////////////////////////////////////////////////////////// $project_path = 'cloud-project'; $project_name = 'Cloud Project'; if (!isAbsPath($project_path)) { $project_path = str_replace(" ", "_", preg_replace('/[^\\w-\\.]/', '', $project_path)); mkdir($workspace . "/" . $project_path); } else { $project_path = cleanPath($project_path); if (substr($project_path, -1) == '/') { $project_path = substr($project_path, 0, strlen($project_path) - 1); } if (!file_exists($project_path)) {
function signup_step2($uid) { $sql = "select * from users where id='" . $uid . "%' and active!=2"; $user = $this->db->query($sql)->result(); $this->viewVars['user'] = $user; $this->viewVars['error'] = ""; /////////////////////////////////////// $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|xss_clean'); //$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[2]|xss_clean'); $this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]|min_length[5]|sha1'); $this->form_validation->set_rules('first_name', 'First Name', 'trim|required'); $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required'); if ($this->form_validation->run() !== FALSE) { $birthdateOk = checkdate($_POST['bmonth'], $_POST['bday'], $_POST['byear']); if (!$birthdateOk) { $this->viewVars['error'] = "Birthdate error"; } $sql = "select * from users where email='" . $_POST['email'] . "' and id!='" . $_POST['uid'] . "'"; $isUser = $this->db->query($sql)->result(); if (empty($isUser)) { $_POST['username'] = $_POST['email']; $_POST['username_clean'] = cleanUsername($_POST['email']); $isUserUpdate = $this->user_model->addverified($_POST); if ($isUserUpdate) { $tempData['email'] = $_POST['email']; $tempData['password'] = $_POST['password']; $currentuser = $this->auth->login($tempData); ////////////////////////////////////// if (!$currentuser) { redirect('/logout/'); } else { if (!$this->auth->isSetup()) { redirect('access/signup_step2/' . $_POST['uid']); } else { $isupdate = $this->user_model->setLastLogin($user); redirect('users/eating_journal/' . $_POST['username_clean']); } } ///////////////////////////////////////// } } else { $this->viewVars['error'] = "User already exists with this username."; } } else { } /////////////////////////////////////////////////// if (empty($this->viewVars['user'])) { redirect('/access/signup/'); } else { if (!empty($this->viewVars['user']) && $this->viewVars['user'][0]->active == 0) { $this->session->set_userdata('error', 'Please confirm your email first'); redirect('/access/signup/'); } else { return $this->load->view('users/signup/step2', $this->viewVars); } } }