Jump to content

Disabling PHP Functions


skarecrow

Recommended Posts

Hello,
I have just created a MySQL Class in PHP and I wanted to try making it impossible for my developers to use the MySQL Functions.
I have disabled all the MySQL Functions via the PHP configuration under disable_functions and was now wondering if it is by any chance possible to enable the functions in a certain file or directory. I was going to do a little hacking on the MySQL module to do this but I want to make sure there isnt an easier method to it.
Any help would be great!
Thanks,
  SkareCrow
Link to comment
https://forums.phpfreaks.com/topic/24298-disabling-php-functions/
Share on other sites

[quote]now wondering if it is by any chance possible to enable the functions in a certain file or directory[/quote]

Unfortunately not. Ive tried this with my framework, making it the only way to interface with databases and Im afraid its a no go. Ended up moving my framework to Python (there was other reasons aswell).
i am not sure i understand what exactly you mean, care to explain a little more :) thanks

I was just searching and found an interesting extension.
Its a runkit extension. It allows you to copy functions, remove functions and copy a function over as that function. For example, from this site...
[code]< ?php
runkit_function_remove('print_r');
function print_rs($what)
{
echo "You said =".$what;
}
runkit_function_copy('print_rs','print_r');
print_r("yeah");
?>[/code]

I bet I could use the php_value auto_prepend_file "/path/to/class.php" to my server config and just use this runkit to rename all the mysql functions then use the renamed functions in the class. say there is mysql_query() i could rename it to tmp_mysql_query() and in my class use tmp_mysql_query() instead of mysql_query() or something. idk I think this will help. sorry if i am confusing cause I have just confused myself, I have it all pictured in my head just not sure how to explain it :) I will give this a shot and let you guys know how it goes.
Seems like a good idea skarecrow, but why not just use runkit_function_remove and then define it with the same name as the one you removed instead? You should also note that those functions are experimental and that they require a PECL extension installed, so if you are programming for a client, then you will require them to have the runkit extension, but the client may be at a shared host and therefor not having access php.ini to load the extension (or can it be done using dl()?).
no this is a personal project. for my site.

here is what I have so far, i am still having problems ;) trying to work things out.

[code]<?PHP
class MySQL {

public $server;
public $user;
private $pass;

public function __Construct($server, $user, $pass) {

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());
mysql_select_db("warped");

}

public function cl_mysql_query($query) {

echo "Executing Query {$query}";

}


}
$MySQL = new MySQL("localhost", "root", "");

runkit_function_rename('mysql_query', 'tmp_mysql_query');
runkit_function_add('mysql_query', '$query', '$MySQL->cl_mysql_query($query);');
mysql_query("SELECT * FROM members") or die(mysql_error());
?>[/code]

right now the error is...

[code]Fatal error: Call to a member function cl_mysql_query() on a non-object in /home/skarecrow/public_html/test/index.php(30) : runkit created function on line 1[/code]

if i refresh once or twice i then get


[code]Warning: runkit_function_rename() [function.runkit-function-rename]: tmp_mysql_query() already exists in /home/skarecrow/public_html/test/index.php on line 29

Warning: runkit_function_add() [function.runkit-function-add]: Function mysql_query() already exists in /home/skarecrow/public_html/test/index.php on line 30
Table 'warped.members' doesn't exist[/code]


then if i try this

[code]<?PHP
runkit_function_rename('mysql_connect', 'tmp_mysql_connect');

class MySQL {

public $server;
public $user;
private $pass;

public function __Construct($server, $user, $pass) {

echo "Hello World";

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

$this->cl_mysql_connect();

}

public function cl_mysql_connect() {


tmp_mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());

}

}

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL = new MySQL($server, $user, $pass);');
mysql_connect("localhost", "root", "");
?>[/code]

I will get his

[code]Hello World
Fatal error: Cannot call abstract method 0A±XDZÇ±::¨?±ð?±() in /home/skarecrow/public_html/test/index.php on line 25
[/code]

hehe
Alright, I got rid of the abstract error by creating an abstract function inside the class now im getting this error....

[code]<?PHP
runkit_function_rename('mysql_connect', 'tmp_mysql_connect');

class MySQL {

public $server;
public $user;
private $pass;

public function __Construct($server, $user, $pass) {

echo "Hello World";

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

$this->cl_mysql_connect();

}

abstract function cl_mysql_connect() {

tmp_mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());

}

}

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL = new MySQL($server, $user, $pass);');
mysql_connect("localhost", "root", "");
?>[/code]

[code]
Fatal error: Abstract function MySQL::cl_mysql_connect() cannot contain body in /home/skarecrow/public_html/test/index.php on line 26
[/code]

I <3 Errors!

I am new to MySQL OOP, and OOP in general. Im sure its something obvious.
[code]Warning: runkit_function_add() expects exactly 3 parameters, 1 given in /home/skarecrow/public_html/test/index.php on line 31[/code]



Well, I got it all figured it out, I got it to start working without errors. I went to add a new MySQL method to the class and now get this..


[code]Fatal error: Call to a member function cl_mysql_connect() on a non-object in /home/skarecrow/public_html/test/index.php(38) : runkit created function on line 1
[/code]

From This

[code]<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

public $server;
public $user;
private $pass;
private $link;
private $dbase;

public function __Construct() { }

public function cl_mysql_connect($server, $user, $pass) {

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

}

public function cl_mysql_select_db($dbase) {

$this->dbase = $dbase;
tmp_mysql_select_db($dbase);

}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$dbase', '$MySQL->cl_mysql_select_db($dbase);');
mysql_connect("localhost", "root", "");
mysql_select_db("warped");
?>[/code]


but it works just fine if i use this

[code]<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

public $server;
public $user;
private $pass;
private $link;
private $dbase;

public function __Construct() { }

public function cl_mysql_connect($server, $user, $pass) {

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

}

public function cl_mysql_select_db($dbase) {

$this->dbase = $dbase;
tmp_mysql_select_db($dbase) or die(mysql_error());

}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$MySQL, $server, $user, $pass', '$MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$MySQL, $dbase', '$MySQL->cl_mysql_select_db($dbase);');
mysql_connect($MySQL, "localhost", "root", "");
mysql_select_db($MySQL, "warpedd");
?>[/code]

as you can see im sending the variable to the runkit function. I dont want to do that :( thats going to ruin the whole idea, lol
Never mind! I fixed it!
I wasnt thinking "FUNCTION" :P I had to make $MySQL global in the function.

so here is a working example

[code]<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

public $server;
public $user;
private $pass;
private $link;
private $dbase;

public function __Construct() { }

public function cl_mysql_connect($server, $user, $pass) {

$this->server = $server;
$this->user = $user;
$this->pass = $pass;

$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

}

public function cl_mysql_select_db($dbase) {

$this->dbase = $dbase;
tmp_mysql_select_db($dbase) or die(mysql_error());

}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$server, $user, $pass', 'global $MySQL; $MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$dbase', 'global $MySQL; $MySQL->cl_mysql_select_db($dbase);');
mysql_connect("localhost", "root", "");
mysql_select_db("warped");
?>[/code]

now time to recreate a bunch of functions and create a secure mysql class ;) WOOT! Thanks for all the help. I might post the finished product here.
[quote author=Daniel0 link=topic=111862.msg453596#msg453596 date=1161154002]
Seems like a good idea skarecrow, but why not just use runkit_function_remove and then define it with the same name as the one you removed instead? You should also note that those functions are experimental and that they require a PECL extension installed, so if you are programming for a client, then you will require them to have the runkit extension, but the client may be at a shared host and therefor not having access php.ini to load the extension (or can it be done using dl()?).
[/quote]

hehe, i think i just got what you meant. ;) that would have helped me if i understood that a while ago. lol
i will give that a shot, will look alot nicer also ;) Thanks for the sugestion!


[i][b][EDIT][/b][/i]

Never mind on that, good idea but it isnt letting me do it that way.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.