graham23s Posted September 24, 2007 Share Posted September 24, 2007 Hi Guys, i'm thinking of doing a cut down version of a myspace/community type site, planning it on paper just now but 1 thing i can't figure out is how the users add html to the dynamic pages, i take it the html is stored in myslq (in the users membership details) just to echo out like any other piece of information you grab from mysql but would that not disrupt the entire layout of the site for the user if thay put in non-proper code? is there a better way i could do this? any info or advide would be appreciated Graham Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/ Share on other sites More sharing options...
Wuhtzu Posted September 24, 2007 Share Posted September 24, 2007 It is the way to do it. You just need to have some validation in place which will strip improper tags... Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354146 Share on other sites More sharing options...
graham23s Posted September 24, 2007 Author Share Posted September 24, 2007 ah i see then maybe some preg_match code to make sure the proper tags are implemented? cheers Graham Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354154 Share on other sites More sharing options...
Wuhtzu Posted September 24, 2007 Share Posted September 24, 2007 Yes. You'll have to use some regular expression to test for improper tags, tags which aren't closed ect. For example you wouldn't want any <body>, <head> or <title> tags. So strip those... Further more you would want your users "site" to be contained within a single div or something like that so it can't mess up the entire site Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354167 Share on other sites More sharing options...
rarebit Posted September 24, 2007 Share Posted September 24, 2007 Just to confuse... You could allow them to put in php and evaluate it with 'eval()' (http://uk3.php.net/manual/en/function.eval.php)... Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354170 Share on other sites More sharing options...
Wuhtzu Posted September 24, 2007 Share Posted September 24, 2007 He could but that would pose a greater risk than a messed up layout. If he evaluate user submitted php without disallowing certain functions the user would be able to delete files ect. But cool idea... it's certainly doable Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354173 Share on other sites More sharing options...
rarebit Posted September 24, 2007 Share Posted September 24, 2007 Mine does, but only admin priv for php... Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354175 Share on other sites More sharing options...
Wuhtzu Posted September 24, 2007 Share Posted September 24, 2007 Can your admins use unlink() ? Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354179 Share on other sites More sharing options...
rarebit Posted September 24, 2007 Share Posted September 24, 2007 At the moment, they can use anything they want, a whole section of site just mimics a directory set full of php pages which are wrapped up into a cms template... But I know what you mean and it is possible to parse out offending words, however I want it so that script structure is not damaged and errors out (e.g. thinking about spliting on ';' and then checking each line, but not sure, future devs!). Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354182 Share on other sites More sharing options...
graham23s Posted September 24, 2007 Author Share Posted September 24, 2007 hey guys, "You could allow them to put in php" so aswell as the user being able to put in html they could also put in php? that sounds pretty nifty:) Graham Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354218 Share on other sites More sharing options...
rarebit Posted September 24, 2007 Share Posted September 24, 2007 I use eval() to evaluate code saved in my mods' settings. They can have a hook which returns a variable structure, for which can be used to store setting in for a block, then when called it is evaluated and used. A one size fits all idea... Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354269 Share on other sites More sharing options...
graham23s Posted September 24, 2007 Author Share Posted September 24, 2007 ah thanks for the tips guys will add them to my list:) Graham Link to comment https://forums.phpfreaks.com/topic/70501-advice-on-myspace-type-site/#findComment-354282 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.