0

Hello everyone,
Im new in web development, Im using localhost (XAMMP),I'm trying to make my website which basically allows users to compile and run their submitted java program on my server(my web page).Essentially, I want when the users click a button(upload) they upload file from file source(e.g desktop or anywhere from computer) and after uploading they hit button to submit( submit) which will then able them to display the output of their program when it compiles correcly otherwise it will displays the type of error that code has. How can this be done? I searched a lot I found ideone.com, codepad.com which are nearly same concept but I only want for java and don't how to they made this site to design like them.I don't know if this can be done using php if I can would be much greatful if someone provide me code I already using (phpMyAdmin). Your Helps would be much appreciated!
Thanks in advance.

3
Contributors
11
Replies
12
Views
4 Years
Discussion Span
Last Post by ssfox
0

I'm no good with Java, but running user-supplied php code in your site is a big no-no. This is usually done with eval() - but for security reasons I would strongly urge you not to use it. An user posting using something like this:

if ($handle = opendir('/')) {
    echo "Directory handle: $handle\n";
    echo "Entries:\n";
    while (false !== ($entry = readdir($handle))) {
        echo "$entry<br />";
    }
    closedir($handle);
}

Would get your root files. Then just a matter of changing the path to get into your sensitive data. Then when the user finds your db.php file -

$f = file_get_contents('/secretfolder/dp.php');
echo '<pre>' . htmlentities($f) . '</pre>';

And hey presto all your db details are on the screen. The user could delete your files as well as edit or even create them. I recently changed a DW member's homepage because he was running an eval() and I posted his db connection details to him via PM. Needless to say, he took off the function. You may be able to stop this by isolating the file somehow, but it's not something I've looked at.

Can Java do this?

Edited by diafol

0

thanks diafol, sorry I didn't get what u ment? you mean do i have to create two different php files for both given codes above.

0

Basically what I really want is "when the users click a button(upload) they upload file from file source(e.g desktop or anywhere from computer) and after uploading they hit button to submit( submit) which will then able them to display the output of their program when it compiles correcly otherwise it will displays the type of error that code has". Im not sure how this can be done actually.This is my main and big problem im facing.

0

No - I'm saying IF somebody posted that to you 'php evaluating page' - they could get all your secret details and the contents of all your files - php code included. SO, we avoid doing this in php. My question to you is - does Java have the ability to run amok in your filesystem? If so, running somebody else's code on your site once compiled could be a problem. I have v.v. little background in Java, so I don't know.

0

I don't know how to check wheither java working on my filesystem, cz I designed my web using simple html and php(for registration: login logout). as far you said you got background in java so I got this java compiler class.

import java.lang.reflect.Method;
import java.net.URI;
import java.util.Iterator;
import java.util.NoSuchElementException;

import javax.tools.JavaCompiler;
import javax.tools.JavaFileObject;
import javax.tools.SimpleJavaFileObject;
import javax.tools.ToolProvider;

public class CompileString {
  public static void main(String[] args) throws Exception {
    JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
    String program = "class Test{" + "   public static void main (String [] args){"
        + "      System.out.println (\"Hello, World\");"
        + "      System.out.println (args.length);" + "   }" + "}";

    Iterable<? extends JavaFileObject> fileObjects;
    fileObjects = getJavaSourceFromString(program);

    compiler.getTask(null, null, null, null, null, fileObjects).call();

    Class<?> clazz = Class.forName("Test");
    Method m = clazz.getMethod("main", new Class[] { String[].class });
    Object[] _args = new Object[] { new String[0] };
    m.invoke(null, _args);
  }

  static Iterable<JavaSourceFromString> getJavaSourceFromString(String code) {
    final JavaSourceFromString jsfs;
    jsfs = new JavaSourceFromString("code", code);
    return new Iterable<JavaSourceFromString>() {
      public Iterator<JavaSourceFromString> iterator() {
        return new Iterator<JavaSourceFromString>() {
          boolean isNext = true;

          public boolean hasNext() {
            return isNext;
          }

          public JavaSourceFromString next() {
            if (!isNext)
              throw new NoSuchElementException();
            isNext = false;
            return jsfs;
          }

          public void remove() {
            throw new UnsupportedOperationException();
          }
        };
      }
    };
  }
}

class JavaSourceFromString extends SimpleJavaFileObject {
  final String code;

  JavaSourceFromString(String name, String code) {
    super(URI.create("string:///" + name.replace('.', '/') + Kind.SOURCE.extension), Kind.SOURCE);
    this.code = code;
  }

  public CharSequence getCharContent(boolean ignoreEncodingErrors) {
    return code;
  }
}I

but I know have any Idea that this can be used for my website purpose that I want, if it does!! How can I used it. cz this is java code.

0

as far you said you got background in java

NO! I do not. That's the problem. I was asking you whether running compiled java (somebody else's code) can compromise your site wrt. security. I don't know. Anybody else?

0

By the way diafol. If we say that I just want it for my self compiling java code in my webpage from my own computer without any other users just for me.Do u have any Idea how to do it ?
or
Can anybody help me with my situation please. I'm really stuck and don't know wht to do.

0

I don’t know any other project in Java that empowers such behaviors’ than http://ant.apache.org/ . You said that you don’t know a lot about programming … so maybe doing so is not making sense. First really understand OOP and then Java and then what PHP can be .... You may achieve such behavior with a single container and a PHP script as a bridge but I really wouldn’t recommend this approach.

0

thanks jkon for your respond.I know im not profission in programming, but learning web development not tht hard I believe especially with open sources and bunch of toturial availible online. About "Apach Ant" that you suggest,I saw it but How I can link it to my webpage so it can compile my java code from uploaded file in my webpage.

0

Any other suggestion or Help especially from Web developers??????

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.