[Resolved] Disable MySQL In A Script?

[beaver6813]

[RESOLVED] Disable MySQL In A Script?

[RESOLVED]

Hey,
Okay, i need a way in PHP to disable MySQL access for the rest of the script. Users will be allowed to upload their scripts and i would like to execute them for reasons i'm not going to reveal yet
But i need to obviously secure it best i can so is there any way to disable MySQL access, so as to kinda run in sandbox mode?

 

[lee101]

at the top of all the scripts

<?php
ini_set('disable_functions','mysql_query,mysql_connect,etc,etc,etc');
?>

To list all mysql functions.

I'm not sure if that would work though, just a thought:
http://uk.php.net/features.safe-mode

Lee

 

[baxter]

if you have apd installed, http://ca.php.net/manual/en/ref.apd.php , you can use the following method of disabling the functions you wish:

for example:

override_function('mysql_connect', '', "print 'mysql_connect function has been disabled';");
override_function('mysql_select_db', '', "print 'mysql_select_db function has been disabled';");

http://ca.php.net/manual/en/function.override-function.php

etc etc... but besure to disable the mysqli functions as well if they are applicable.

Also if you don't want to lose functionality of the functions for yourself you can use rename_function to rename the functions to a secure name for your use. for example

rename_function('mysql_connect', 'hidden_for_you_mysql_connect' );

http://ca.php.net/manual/en/function.rename-function.php

 

[beaver6813]

Brilliant :D Ill give rep in a sec
Okay another incredibly annoying feature i can't get to work is that when i use my error handler in PHP it works fine with registering the first error, but doesn't pickup the others and it doesn't pickup parse errors, PHP overrides my error handler for parse errors.

Any ideas?

 

[Peter]

Not sure why it would only do the first error however.

An error handler cannot deal with parse errors as they are found before the script is executed and is outside the scope of the script. The following is taken from THIS manual page:-

The following error types cannot be handled with a user defined function: E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, and most of E_STRICT raised in the file where set_error_handler() is called.

 

[beaver6813]

Okies, so there is definately no way around that? So it returns all parse errors instead of just the first one found?

All i'm doing at the moment is picking up errors and setting error_log to write all errors to a text file which i can read at a later date. However even when i put in 3 errors like unclosed brackets and unterminated lines etc it still shows only one of the errors...

 

[Peter]

sorry edited my post must have been just after you replied.

As far as I am aware there is nothing you can do about reporting parse errors. I believe it is the zend engine that actually deals with the following errors:-

E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, E_STRICT

Hence why a custom error handler cannot deal with them.

All i'm doing at the moment is picking up errors and setting error_log to write all errors to a text file which i can read at a later date. However even when i put in 3 errors like unclosed brackets and unterminated lines etc it still shows only one of the errors...

Unfortunately only the first will display as the script terminates when the first error is found.

 

[beaver6813]

Thanks Resolved!

 

[Peter]

how did you sort the problem?

 

[beaver6813]

how did you sort the problem?

Using Ajax and PHP i wrote a script that requests the problem file, returns the error PHP gives if its a Parse/Fatal error and then goes to process. It then returns the line number of the problem script highlighted and if its something easy like an unterminated line it puts in the semi-colon. If its something harder to fix like brackets, it'll just return that error.

I've also taken a peek at a debugger written in C++ that actually taps straight into PHP's Zend engine, but i doubt i'd be able to do that in PHP :P