0

I'd like to set up a page on an AMP server where a user can submit a PHP file and then request it, with the following constraints:

  • the script needs to be authorized; not just any script can be uploaded
  • no info about the script should be stored on the server (at first I thought of storing a hash of the file, but can this be avoided, such as by putting the hash check at the beginning of the script itself and ensuring this part exists and is executed first?)
  • no MySQL or Apache authentication
  • assume safe mode, and the user itself is a script (cURL)

What's an efficient and secure way to implement this?

Improve this question

1 Answer 1

Reset to default
0

You can execute script as a string with eval function. 

$script = "
echo 'Hello ';
print 'world';
";
eval($script);

NOTE: But it's a very dangerous! This script can get full access to server and can remove files, dirs, find system password etc. So be very careful

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Yes, but the authorization is missing. It's the essential part, because of the danger otherwise, as you noted.
There is many solutions for autorization. You can check if user is authenticated, so he can upload PHP file, which you can read for example with file_get_contents function and then execute with eval
No, as I wrote in the question it has to be pure PHP, without any user authentication.
For authorization you can read many posts, for example php sessions to authenticate user on login form
Pure PHP authentication can realize with SESSION
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.