Jump to content

Allow user's to run their php code help needed


Net123

Recommended Posts

hi guys I must need your suggestions....THIS IS MY PROJECT ... I wanna allow my users to run their php codes in my sub folders...and I am indexing their admin panel via Sql and php...I wanna place my ads on their every php page which created by my users...I wanna allow my users to use their sql space...HERE IS MY POINT WHAT I AM TRYING TO SAY...allowing users to run their php codes may be a very big drawback for my parent server and my other users...because an user can be a bad injector ..they can post like (exec() .............). and an user can attack parent sql server...I guessed an idea like re-scan and formatting their codes ...but it's absolutely impossible ..because php has hundreds and thousands of functions I cannot format their codes...I can create a account for them like shared hosting...if I done that I cannot track them ...I need your suggestions...ideas ... I am in a very big confusion...every problem has solution almost... I need your help guys... atleat give me a small tip as u known

Link to comment
Share on other sites

There's no secure way to execute code provided by users. Show me your solution and I'll show you the way around it.

Security issues aside, executing a user's code is as simple as passing a user-provided string to the eval() function.

 

Edit: If you have access to the server, you can set up an account for each user and give them permissions only in a particular directory. In the SQL server you would have to set up an account for each user and only give access to certain databases. I'm not a system administrator, just a developer, so I don't know all the details about it.

Link to comment
Share on other sites

Other hosting companies use individual user accounts with permissions set so that each user can only read files in their own directory and not the directories of other users. Each user would also have their own SQL databases and logins so that they could only use their own databases.

Link to comment
Share on other sites

There's no secure way to execute code provided by users. Show me your solution and I'll show you the way around it.

Security issues aside, executing a user's code is as simple as passing a user-provided string to the eval() function.

 

Edit: If you have access to the server, you can set up an account for each user and give them permissions only in a particular directory. In the SQL server you would have to set up an account for each user and only give access to certain databases. I'm not a system administrator, just a developer, so I don't know all the details about it.

yes i known an way...

but i really cannot say that's absolutely possible..

getting php code from users via form and save it as a .php file can be a way ...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...