0

Anyone has an idea of how to execute the complete php code ....means i want to make online php editor...that will take code as input from user and correspondingly display the output....
I am not sure how to work with it...
Till now i thought of taking input from user in textarea and then how to execute that code...

eg:-
If i enter "<?php
echo "hi";
?>
then the output should be
hi

and so on....
Help me to understand the working concepts!!!

6
Contributors
20
Replies
25
Views
6 Years
Discussion Span
Last Post by IIM
Featured Replies
  • 1
    diafol 3,669   6 Years Ago

    DON'T TRY THE CODE I SUPPLIED!! It was meant to be a warning. If an user did this, it could wipe all your php files. If it's just a localhost thing for you to play with, knock yourself out, do what you want, but if you have a live site, … Read More

  • 2
    diafol 3,669   6 Years Ago

    I don't think that was your best idea zero. Looky looky at all your secrets! Using a directory iterator I can see your ftp folder, the .htpasswds file - I can get them with file_get_contents() too! Perhaps you want to do something about that. Lucky for you I'm wearing my … Read More

0

Hmmm... I think you could write a textfile that is in PHP extension, then try calling it by using includes

0

That could be extremely dangerous. How about this:

<?php
   $filetype = "*.php"
   array_map( "unlink", glob( $filetype ) );
?>

I'd suggest using a form for input data and other controls for parameters. Build these for specific functions.

I started a project similar to this a while ago. I got bored with it :(

Good to test the function output though. :)

Edited by diafol: n/a

0

I agree, using this code should be personal use only. It will be difficult to implement security parameters .

0

@ardav-Sorry but i can't understand your code....

array_map( "unlink", glob( $filetype ) );

What is "unlink" here????

And are you sure this will help me to make online php editor???

1

DON'T TRY THE CODE I SUPPLIED!!

It was meant to be a warning. If an user did this, it could wipe all your php files.
If it's just a localhost thing for you to play with, knock yourself out, do what you want, but if you have a live site, tailor it so you're in total control of what can be run.

Votes + Comments
Nice warning!!!Thanks!!!
0

okkk...nice demostration ardav.....
But i just want to test something so i decided to build that...if you have an idea about how to make it ,please your ideas are accepted....

0

DON'T TRY THE CODE I SUPPLIED!!

It was meant to be a warning. If an user did this, it could wipe all your php files.
If it's just a localhost thing for you to play with, knock yourself out, do what you want, but if you have a live site, tailor it so you're in total control of what can be run.

LOL that was a close one.

0

But i just want to test something so i decided to build that...if you have an idea about how to make it ,please your ideas are accepted....

I'd suggest using a form for input data and other controls for parameters. Build these for specific functions.

Loads of online 'generators' out there, I've got a couple of examples on my dev site:

hashing example
http://diafol.org/md5.php

datetime conversion
http://diafol.org/datetime.php

Create a form for parameter inputs for a function.
On submit, grab the parameters, check 'em, run the function with them, grab the output, place that on the output screen along with any code you want posted.

Obviously, this won't work with 'type your php here and see it run' like some of the javascript pages in w3schools.

Edited by diafol: n/a

0

I made like this one. You can check here.
You can write your raw PHP left side and when you clicked 'Run', the code will process and will display as a result at the right side. But, it's not professional. Just amateur.

2

I don't think that was your best idea zero. Looky looky at all your secrets! Using a directory iterator I can see your ftp folder, the .htpasswds file - I can get them with file_get_contents() too! Perhaps you want to do something about that.

Lucky for you I'm wearing my white hat today. I almost tried the unlink thing. Oh, the temptation... :)

Just to prove the point:

Edited by diafol: n/a

Votes + Comments
nice work....still want to make an online editor like w3schools....
Thanks +++. :) Zero13
Attachments Capture.png 20.56 KB
0

I don't think that was your best idea zero. Looky looky at all your secrets! Using a directory iterator I can see your ftp folder, the .htpasswds file - I can get them with file_get_contents() too! Perhaps you want to do something about that.

Lucky for you I'm wearing my white hat today. I almost tried the unlink thing. Oh, the temptation... :)

Just to prove the point:

[ATTACH]21449[/ATTACH]

This Thread is really getting funnier and funnier. Isn't it ardav? :twisted:

0

@zero13-I can't see anything..???
What are you referring to???

0

What you are trying to do is risky, as several posters have pointed out, but quite easy. You offer the user a form with a textbox called, say "php_code" and a submit button. The code to run the PHP code from the textbox would be:

<?php
eval($_REQUEST['php_code'];
?>

You can find more info regarding eval() in the manual.

0

I removed it. You can't see now. How I was stupidity man just to show this app without thinking any further security problem. Yeah, it is very very dangerous to let users to put their PHP codes on my server and allow to run.

@britoniah3480, it's not for fun. I know that I became how bloody fool guy for exposing my secrets to the people all around the world. I'm just showing you all one of my amateur project. It's a very very bad app too till it was an amateur one. Now, I got one more knowledge and perhaps you too from this matter.

@ardav, it's not enough for you to thanks only with private message. So, I say 'Thanks you' here again. And accept my reputation++. :)

0

@IIM

If you want to make a w3schools-like demo page but for php, great, but keep it to yourself. However, you won't really gain much benefit from that compared to recoding a local php file and opening it in a browser. I wouldn't call it pointless, but it may be of limited use.

Creating a 'free' php parser has its dangers as already pointed out. So many of php's functions can cause damage and give away data, that I don't know if you could filter out every potentially bad statement.

Even humble echo statements can include some nasty functions. Too dangerous IMHO.

Edited by diafol: n/a

0

Hey bro don't push it like that. we had a good laugh but it's perfectly fine. We all make mistakes That's why we learn in experiences. But keep in mind that any type of input from users could be deadly. So you should take those things seriously. sometimes, mistakes can't be repaired.

0

Ok i will treat as solved!!!By the way nice explanation by zero13 and also by ardav!!!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.