Results 1 to 4 of 4
  1. #1

    PHP Processing script

    Hi. Could someone help me out?

    I'm trying to make a script that allows you to enter a PHP script into a text box then run it instead of having to upload it.

    It would be useful for testing and learning purposes.

    Here's what I currently have: http://visionalgraphics/phpcodeprocesser/

    I send it to a php script to run a php script. Just unsure on what I need to do.
    Last edited by teh; 10-07-2005 at 12:27 PM.

  2. #2
    I'd suggest immediately taking that script down. Now.

    It allows any person to run ANY PHP on your server. A big security hole? Unbelievably. An experienced cracker could ruin everything.

  3. #3
    Join Date
    Jun 2004
    Location
    Northwest Colorado
    Posts
    4,630
    The proper way to go about this, would be to set up Apache/PHP on your personal box behind a firewall. There's nothing about learning PHP which requires a remote server. Deus Raijin, welcome to WHT, and thanks for pointing that out to teh, you're certainly right that that's an absolute no-no in terms of security.

    <?php
    phpinfo()
    ?>

    This is not a script you want anyone to be able to run, there are worse. An open invite to mischief on the server, I tried it out but teh's lucky it doesn't work. Such an effort should be reserved for one's personal, firewalled machine not one's public webserver. I suppose the way to do it, would be to take the entered script, save it on the server as something.php and redirect to that file upon submit.
    Eric J. Bowman, principal
    Bison Systems Corporation coming soon: a new sig!
    I'm just a poor, unfrozen caveman Webmaster. Your new 'standards' frighten, and confuse me...

  4. #4
    <?php
    if(isset($_POST['run']))
    {
    $code = "<?php ".stripslashes($_POST['code'])."?>";
    $fpath = "./test1.php";
    $file = fopen($fpath,"w+");
    fputs($file,$code);
    fclose($file);
    /////INCLUDING FILE////////////////
    include($fpath);
    }
    else
    {
    ?>
    <form method="post">
    <textarea name="code"></textarea>
    <br>
    <input type="submit" value="Run It" name="run">
    </form>
    <?php
    }
    ?>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •