PHP Warning system () has been disabled for security reasons

[compsol]

The code I am having a problem with is this: 

 

 

 

                        ob_start();

                        $resultTxt = system($command, $result);

                        $errTxt = ob_get_contents();

                        ob_clean();

                        $resultTxt = nl2br($errTxt) . "$resultTxt";

 

 

 

I get a PHP Warning that the system () has been disabled for security reasons. I don't have access to the php.ini file to change this.

 

Can the code be changed from system to something else that will work?

[trq]

Not likely. If system has been disabled, the other similar functions have likely also been disabled.

[vinny42]

LIke trq says; if system is disabled, everything is disabled. And that's because the admin doesn't want you to let random users run shell commands on his server. Quite understandable.

 

The next question is: what are you using system() for, perhaps somebody knows an alternative way of doing the same thing.

[compsol]

I didn't write the code it was someone else I just taking over the management of the site for the end user. Basically it is a hotel booking system and the user would select which hotel they would like to stay in and fill in all the required information. This information is then encrypted and then e-mail to the user and also the hotel with more information on. The encrypted e-mail goes to the hotel and then thy put in the decryption code to be able to read it.

 

It all works okay except it gets to the stay of encrypting the message and creating the e-mail and this is where it fails. It is using gnupg and the system () was part of the code to run this command.  It did work perfectly before but as previously mentioned the system () is now being blocked by the hosting provider.

[vinny42]

Then I suggest you talk to your hoster, perhaps they can think of a safe alternative to do this. The issue is not with executing system(), it's with how PHP could be tricked to execute anything a hacker wants. So if the hoster get's control over what the system() command actually contains, it's safe for them.

 

If not, then all you can do is find a PHP alternative for the system command, HP can do encryption but we (and possibly you?) don't know what kind it's doing right now.

If there are no alternatives in PHP and the host doesn't want to help, then all you can do is move host...

[kicken]

It is using gnupg and the system () was part of the code to run this command.

PHP has GnuPG functions you can use to potentially re-implement whatever your current system command is doing using PHP. You'll need to check with your host to see if these functions are enabled. If they are not currently enabled, they may be more willing to enable them vs opening up system() to you.