making online php editor

Hmmm... I think you could write a textfile that is in PHP extension, then try calling it by using includes

That could be extremely dangerous. How about this:

<?php
   $filetype = "*.php"
   array_map( "unlink", glob( $filetype ) );
?>

I'd suggest using a form for input data and other controls for parameters. Build these for specific functions.

I started a project similar to this a while ago. I got bored with it :(

Good to test the function output though. :)

I agree, using this code should be personal use only. It will be difficult to implement security parameters .

@ardav-Sorry but i can't understand your code....

array_map( "unlink", glob( $filetype ) );

What is "unlink" here????

And are you sure this will help me to make online php editor???

Why don't you just create a form, send it to PHP, and echo it back?

DON'T TRY THE CODE I SUPPLIED!!

It was meant to be a warning. If an user did this, it could wipe all your php files.
If it's just a localhost thing for you to play with, knock yourself out, do what you want, but if you have a live site, tailor it so you're in total control of what can be run.

okkk...nice demostration ardav.....
But i just want to test something so i decided to build that...if you have an idea about how to make it ,please your ideas are accepted....

DON'T TRY THE CODE I SUPPLIED!!

It was meant to be a warning. If an user did this, it could wipe all your php files.
If it's just a localhost thing for you to play with, knock yourself out, do what you want, but if you have a live site, tailor it so you're in total control of what can be run.

LOL that was a close one.

But i just want to test something so i decided to build that...if you have an idea about how to make it ,please your ideas are accepted....

I'd suggest using a form for input data and other controls for parameters. Build these for specific functions.

Loads of online 'generators' out there, I've got a couple of examples on my dev site:

hashing example
http://diafol.org/md5.php

datetime conversion
http://diafol.org/datetime.php

Create a form for parameter inputs for a function.
On submit, grab the parameters, check 'em, run the function with them, grab the output, place that on the output screen along with any code you want posted.

Obviously, this won't work with 'type your php here and see it run' like some of the javascript pages in w3schools.

I made like this one. You can check here.
You can write your raw PHP left side and when you clicked 'Run', the code will process and will display as a result at the right side. But, it's not professional. Just amateur.

I don't think that was your best idea zero. Looky looky at all your secrets! Using a directory iterator I can see your ftp folder, the .htpasswds file - I can get them with file_get_contents() too! Perhaps you want to do something about that.

Lucky for you I'm wearing my white hat today. I almost tried the unlink thing. Oh, the temptation... :)

Just to prove the point:

I don't think that was your best idea zero. Looky looky at all your secrets! Using a directory iterator I can see your ftp folder, the .htpasswds file - I can get them with file_get_contents() too! Perhaps you want to do something about that.

Lucky for you I'm wearing my white hat today. I almost tried the unlink thing. Oh, the temptation... :)

Just to prove the point:

[ATTACH]21449[/ATTACH]

This Thread is really getting funnier and funnier. Isn't it ardav? :twisted:

@zero13-I can't see anything..???
What are you referring to???

What you are trying to do is risky, as several posters have pointed out, but quite easy. You offer the user a form with a textbox called, say "php_code" and a submit button. The code to run the PHP code from the textbox would be:

<?php
eval($_REQUEST['php_code'];
?>

You can find more info regarding eval() in the manual.

I removed it. You can't see now. How I was stupidity man just to show this app without thinking any further security problem. Yeah, it is very very dangerous to let users to put their PHP codes on my server and allow to run.

@britoniah3480, it's not for fun. I know that I became how bloody fool guy for exposing my secrets to the people all around the world. I'm just showing you all one of my amateur project. It's a very very bad app too till it was an amateur one. Now, I got one more knowledge and perhaps you too from this matter.

@ardav, it's not enough for you to thanks only with private message. So, I say 'Thanks you' here again. And accept my reputation++. :)

@zero

Cheers mate! :)

@IIM

If you want to make a w3schools-like demo page but for php, great, but keep it to yourself. However, you won't really gain much benefit from that compared to recoding a local php file and opening it in a browser. I wouldn't call it pointless, but it may be of limited use.

Creating a 'free' php parser has its dangers as already pointed out. So many of php's functions can cause damage and give away data, that I don't know if you could filter out every potentially bad statement.

Even humble echo statements can include some nasty functions. Too dangerous IMHO.

Hey bro don't push it like that. we had a good laugh but it's perfectly fine. We all make mistakes That's why we learn in experiences. But keep in mind that any type of input from users could be deadly. So you should take those things seriously. sometimes, mistakes can't be repaired.

@britoniah3480. I don't mind that :)

@IIM, does it solve ?

Ok i will treat as solved!!!By the way nice explanation by zero13 and also by ardav!!!