is_valid) { die("CAPTCHA was incorrect"); } } function sanitize_shellarg($arg) { $arg = str_replace("\r\n", " ", $arg); $arg = str_replace("\n", " ", $arg); return escapeshellarg($arg); } $sfi = array("options" => "sanitize_shellarg"); $buildID = uniqid(); $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT); $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT); $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT); $timezone = filter_input(INPUT_POST, "timezone", FILTER_CALLBACK, $sfi); $hostname = filter_input(INPUT_POST, "hostname", FILTER_CALLBACK, $sfi); $username = filter_input(INPUT_POST, "username", FILTER_CALLBACK, $sfi); $password = filter_input(INPUT_POST, "password", FILTER_CALLBACK, $sfi); $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_CALLBACK, $sfi); $packagesList = filter_input(INPUT_POST, "packages", FILTER_CALLBACK, $sfi); $use = filter_input(INPUT_POST, "use", FILTER_CALLBACK, $sfi); $puse = filter_input(INPUT_POST, "puse", FILTER_CALLBACK, $sfi); $features = filter_input(INPUT_POST, "features", FILTER_CALLBACK, $sfi); $keywords = filter_input(INPUT_POST, "keywords", FILTER_CALLBACK, $sfi); $outputFormat = filter_input(INPUT_POST, "format", FILTER_CALLBACK, $sfi); $iniString = "[vmconfig] BUILD_ID='$buildID' BOOT_MEGABYTES='$bootMegabytes' SWAP_MEGABYTES='$swapMegabytes' ROOT_MEGABYTES='$rootMegabytes' TIMEZONE=$timezone HOSTNAME=$hostname ROOT_PASSWORD=$rootPass DEFAULT_USERNAME=$username DEFAULT_PASSWORD=$password USE_FLAGS='$use' PACKAGE_USE='$puse' FEATURES='$features' PACKAGE_ACCEPT_KEYWORDS='$keywords' PACKAGES_LIST=$packagesList OUTPUT_FORMAT=$outputFormat"; $client = new GearmanClient(); $client->addServer(); $handle = $client->doBackground("invoke_image_build", $iniString); $db = new mysqli( MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE ); if (mysqli_connect_errno()) { die("Could not connect to database ".mysqli_connect_error()); } $query = "INSERT INTO builds (id, handle, ipaddress) ". "VALUES(?, ?, ?)"; $stmt = $db->prepare($query); $stmt->bind_param("sss", $buildID, $handle, $ipaddress); $stmt->execute(); $stmt->close(); $db->close(); header("Location: finished.php?uuid=".$buildID);