asmith Posted April 4, 2009 Share Posted April 4, 2009 Hi, I want to give my users the ability to host their own pages. But only simple html. no php. for any page they use : str_replace(array('<?','<?php','?>'),'',$content); to remove the php tags. I also need to let them upload any file other than html, like images, css files, or other file types for download so that they can put their link on their pages. Have someone done such thing before? I'm worried about making a security hole. Any advice? Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/ Share on other sites More sharing options...
Maq Posted April 4, 2009 Share Posted April 4, 2009 http://www.phpfreaks.com/forums/index.php/topic,245953.0.html Yes, go to the PHP Help section and search for "fiel upload". There are a ton of people who have similar questions. One in particular I came across: http://www.phpfreaks.com/forums/index.php/topic,245953.0.html Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/#findComment-800996 Share on other sites More sharing options...
asmith Posted April 4, 2009 Author Share Posted April 4, 2009 Thanks for the reply. I don't have any problems uploading files. I want to allow users to host their HTML pages. like Yahoo! geocities or similar sites. I want to give them some space to upload their files. They will have to submit their html page content into a textarea. I will search the content for php tags to remove it (no php allowed) by this as said : str_replace(array('<?','<?php','?>'),'',$content); but also they should be allowed to upload many files. The question is, is it safe enough? I mean they way I'm about to do it, is safe? Should I consider some more things for security? Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/#findComment-801006 Share on other sites More sharing options...
Daniel0 Posted April 4, 2009 Share Posted April 4, 2009 You could just turn PHP execution off. That would sort of be easier and safer... Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/#findComment-801044 Share on other sites More sharing options...
asmith Posted April 5, 2009 Author Share Posted April 5, 2009 I don't have access to my apache and unfortunately I can't turn off php parsing normally. (So that I enable it in other folder with htaccess) It is still possible to turn it off in some folders? Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/#findComment-801540 Share on other sites More sharing options...
Daniel0 Posted April 5, 2009 Share Posted April 5, 2009 You should be able to do php_flag engine off if PHP is running as an Apache module. Quote Link to comment https://forums.phpfreaks.com/topic/152499-allowing-users-to-host-their-own-pages/#findComment-801560 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.