Jump to content


Photo

Disabling PHP Functions


  • Please log in to reply
11 replies to this topic

#1 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 04:01 AM

Hello,
I have just created a MySQL Class in PHP and I wanted to try making it impossible for my developers to use the MySQL Functions.
I have disabled all the MySQL Functions via the PHP configuration under disable_functions and was now wondering if it is by any chance possible to enable the functions in a certain file or directory. I was going to do a little hacking on the MySQL module to do this but I want to make sure there isnt an easier method to it.
Any help would be great!
Thanks,
  SkareCrow

#2 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 18 October 2006 - 04:41 AM

now wondering if it is by any chance possible to enable the functions in a certain file or directory


Unfortunately not. Ive tried this with my framework, making it the only way to interface with databases and Im afraid its a no go. Ended up moving my framework to Python (there was other reasons aswell).

#3 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 05:09 AM

perhaps i will just create an extension to disable functions and enable them per file or directory and give it to PHP Freaks to distribute

#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 18 October 2006 - 05:41 AM

It would be a much better idea to try and get it included into the php tree don't you think?

#5 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 05:52 AM

i am not sure i understand what exactly you mean, care to explain a little more :) thanks

I was just searching and found an interesting extension.
Its a runkit extension. It allows you to copy functions, remove functions and copy a function over as that function. For example, from this site...
< ?php
runkit_function_remove('print_r');
function print_rs($what)
{
echo "You said =".$what;
}
runkit_function_copy('print_rs','print_r');
print_r("yeah");
?>

I bet I could use the php_value auto_prepend_file "/path/to/class.php" to my server config and just use this runkit to rename all the mysql functions then use the renamed functions in the class. say there is mysql_query() i could rename it to tmp_mysql_query() and in my class use tmp_mysql_query() instead of mysql_query() or something. idk I think this will help. sorry if i am confusing cause I have just confused myself, I have it all pictured in my head just not sure how to explain it :) I will give this a shot and let you guys know how it goes.

#6 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 18 October 2006 - 06:46 AM

Seems like a good idea skarecrow, but why not just use runkit_function_remove and then define it with the same name as the one you removed instead? You should also note that those functions are experimental and that they require a PECL extension installed, so if you are programming for a client, then you will require them to have the runkit extension, but the client may be at a shared host and therefor not having access php.ini to load the extension (or can it be done using dl()?).

#7 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 06:54 AM

no this is a personal project. for my site.

here is what I have so far, i am still having problems ;) trying to work things out.

<?PHP
class MySQL {

	public $server;
	public $user;
	private $pass;

	public function __Construct($server, $user, $pass) {

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());
		mysql_select_db("warped");

	}

	public function cl_mysql_query($query) {

		echo "Executing Query {$query}";

	}


}
$MySQL = new MySQL("localhost", "root", "");

runkit_function_rename('mysql_query', 'tmp_mysql_query');
runkit_function_add('mysql_query', '$query', '$MySQL->cl_mysql_query($query);');
mysql_query("SELECT * FROM members") or die(mysql_error());
?>

right now the error is...

Fatal error: Call to a member function cl_mysql_query() on a non-object in /home/skarecrow/public_html/test/index.php(30) : runkit created function on line 1

if i refresh once or twice i then get


Warning: runkit_function_rename() [function.runkit-function-rename]: tmp_mysql_query() already exists in /home/skarecrow/public_html/test/index.php on line 29

Warning: runkit_function_add() [function.runkit-function-add]: Function mysql_query() already exists in /home/skarecrow/public_html/test/index.php on line 30
Table 'warped.members' doesn't exist


then if i try this

<?PHP
runkit_function_rename('mysql_connect', 'tmp_mysql_connect');

class MySQL {

	public $server;
	public $user;
	private $pass;

	public function __Construct($server, $user, $pass) {

		echo "Hello World";

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		$this->cl_mysql_connect();

	}

	public function cl_mysql_connect() {


		tmp_mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());

	}

}

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL = new MySQL($server, $user, $pass);');
mysql_connect("localhost", "root", "");
?>

I will get his

Hello World
Fatal error: Cannot call abstract method 0A±XDZÇ±::¨?±ð?±() in /home/skarecrow/public_html/test/index.php on line 25

hehe

#8 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 07:08 AM

Alright, I got rid of the abstract error by creating an abstract function inside the class now im getting this error....

<?PHP
runkit_function_rename('mysql_connect', 'tmp_mysql_connect');

class MySQL {

	public $server;
	public $user;
	private $pass;

	public function __Construct($server, $user, $pass) {

		echo "Hello World";

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		$this->cl_mysql_connect();

	}

	abstract function cl_mysql_connect() {

		tmp_mysql_connect($this->server, $this->user, $this->pass) or die(mysql_error());

	}

}

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL = new MySQL($server, $user, $pass);');
mysql_connect("localhost", "root", "");
?>

Fatal error: Abstract function MySQL::cl_mysql_connect() cannot contain body in /home/skarecrow/public_html/test/index.php on line 26

I <3 Errors!

I am new to MySQL OOP, and OOP in general. Im sure its something obvious.

#9 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 18 October 2006 - 07:13 AM

Try this:
runkit_function_add(array($object,"method_name"));


#10 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 07:18 AM

Warning: runkit_function_add() expects exactly 3 parameters, 1 given in /home/skarecrow/public_html/test/index.php on line 31



Well, I got it all figured it out, I got it to start working without errors. I went to add a new MySQL method to the class and now get this..


Fatal error: Call to a member function cl_mysql_connect() on a non-object in /home/skarecrow/public_html/test/index.php(38) : runkit created function on line 1

From This

<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

	public $server;
	public $user;
	private $pass;
	private $link;
	private $dbase;

	public function __Construct() { }

	public function cl_mysql_connect($server, $user, $pass) {

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

	}

	public function cl_mysql_select_db($dbase) {

		$this->dbase = $dbase;
		tmp_mysql_select_db($dbase);

	}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$server, $user, $pass', '$MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$dbase', '$MySQL->cl_mysql_select_db($dbase);');
mysql_connect("localhost", "root", "");
mysql_select_db("warped");
?>


but it works just fine if i use this

<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

	public $server;
	public $user;
	private $pass;
	private $link;
	private $dbase;

	public function __Construct() { }

	public function cl_mysql_connect($server, $user, $pass) {

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

	}

	public function cl_mysql_select_db($dbase) {

		$this->dbase = $dbase;
		tmp_mysql_select_db($dbase) or die(mysql_error());

	}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$MySQL, $server, $user, $pass', '$MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$MySQL, $dbase', '$MySQL->cl_mysql_select_db($dbase);');
mysql_connect($MySQL, "localhost", "root", "");
mysql_select_db($MySQL, "warpedd");
?>

as you can see im sending the variable to the runkit function. I dont want to do that :( thats going to ruin the whole idea, lol

#11 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 08:04 AM

Never mind! I fixed it!
I wasnt thinking "FUNCTION" :P I had to make $MySQL global in the function.

so here is a working example

<?PHP
runkit_function_copy('mysql_connect', 'tmp_mysql_connect');
runkit_function_copy('mysql_select_db', 'tmp_mysql_select_db');
runkit_function_remove('mysql_connect');
runkit_function_remove('mysql_select_db');

class MySQL {

	public $server;
	public $user;
	private $pass;
	private $link;
	private $dbase;

	public function __Construct() { }

	public function cl_mysql_connect($server, $user, $pass) {

		$this->server = $server;
		$this->user = $user;
		$this->pass = $pass;

		$this->link = tmp_mysql_connect($server, $user, $pass) or die(mysql_error());

	}

	public function cl_mysql_select_db($dbase) {

		$this->dbase = $dbase;
		tmp_mysql_select_db($dbase) or die(mysql_error());

	}

}

$MySQL = new MySQL();

runkit_function_add('mysql_connect', '$server, $user, $pass', 'global $MySQL; $MySQL->cl_mysql_connect($server, $user, $pass);');
runkit_function_add('mysql_select_db', '$dbase', 'global $MySQL; $MySQL->cl_mysql_select_db($dbase);');
mysql_connect("localhost", "root", "");
mysql_select_db("warped");
?>

now time to recreate a bunch of functions and create a secure mysql class ;) WOOT! Thanks for all the help. I might post the finished product here.

#12 skarecrow

skarecrow
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 18 October 2006 - 08:07 AM

Seems like a good idea skarecrow, but why not just use runkit_function_remove and then define it with the same name as the one you removed instead? You should also note that those functions are experimental and that they require a PECL extension installed, so if you are programming for a client, then you will require them to have the runkit extension, but the client may be at a shared host and therefor not having access php.ini to load the extension (or can it be done using dl()?).


hehe, i think i just got what you meant. ;) that would have helped me if i understood that a while ago. lol
i will give that a shot, will look alot nicer also ;) Thanks for the sugestion!


[EDIT]

Never mind on that, good idea but it isnt letting me do it that way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users