Topic: Allow admin/moderators to embed PHP in posts?
Is there a way to do this in PunBB? A BBCode [php] tag perhaps that only gets parsed if the user has certain permissions?
- Connorhd
- Former PunBB Developer
- Offline
Re: Allow admin/moderators to embed PHP in posts?
moved, it could not be a plugin.
Re: Allow admin/moderators to embed PHP in posts?
Cool. So I take it a Mod like hasn't been created yet?
Re: Allow admin/moderators to embed PHP in posts?
Correct: I'm curious though, why in the world would you want someone to be able to run arbitrary PHP on your server?
Re: Allow admin/moderators to embed PHP in posts?
For me ... I see one example 
I can put inside a post FILMS from http://www.sortons.net/cinema/ I can put the list of the pubs, discotheques from http://www.sortons.net/ousortir ... I can copy/paste of course in CORE html ... but with this system, it's in real time.
6 2005-09-21 14:31 (edited by shauninman 2005-09-21 14:32)
Re: Allow admin/moderators to embed PHP in posts?
Not anyone, just an Admin. I want to include a custom polling script. I'll be posting my mod in a few minutes. It's hairy but it works for me.
Re: Allow admin/moderators to embed PHP in posts?
As Rod said, one good use for this is posts which update themselves from content stored elsehwere e.g. a dynamically updated to do list, bug list or faq.
Re: Allow admin/moderators to embed PHP in posts?
Posted the mod here in case anyone is interested: http://punbb.org/forums/viewtopic.php?id=8862
Re: Allow admin/moderators to embed PHP in posts?
I dream ... the great shauninman, which gives me the love of CSS, is here ... ARGHHHHHHHHHH
(going see the mod)
Re: Allow admin/moderators to embed PHP in posts?
Paul wrote:
As Rod said, one good use for this is posts which update themselves from content stored elsehwere e.g. a dynamically updated to do list, bug list or faq.
Yeah, but when I read the post I was thinking about the security implications of mods (and even admins) being able to write arbitrary PHP 
The include makes me feel a bit better
Re: Allow admin/moderators to embed PHP in posts?
You guys might be interested in the "chip-list" I embedded into a thread using this mod: http://www.haveamint.com/forum/viewtopic.php?id=336 Or maybe not.
Re: Allow admin/moderators to embed PHP in posts?
So I understand nothing I have changed my http://www.sortons.net/agenda_forum.php with 0% of HTML as you told to me ... and the result is http://www.sortons.net/forum/viewtopic.php?id=5012 (incredible to see the result OUTSIDE of the post)
or I see your topic ... and see a HTML TABLE !!! grrrrrrrrrrr ... where is the secret ?
13 2005-09-23 02:59 (edited by shauninman 2005-09-23 03:01)
Re: Allow admin/moderators to embed PHP in posts?
Rod, the script you include cannot send any HTML to the browser. If you can view the page you are trying to include in a browser and you see any HTML then it's not going to work. All HTML must be added in string form to the $return variable. That $return variable is then inserted into the post text in place of the [inc] BBcode.
If you don't need the PunBB variables in your include script then you can create a proxy script that uses file_get_contents() to add the output of the script you are trying to include to the $return variable. My script piggybacks atop Pun's user permissions so I don't use this technique but it should work.
Example PunBB post:
This is my include:
[inc]/relative/path/to/proxy.php[/inc]Example proxy.php script:
<?php $return = file_get_contents('http://www.yourdomain.com/path/to/include.php'); ?>Example include.php:
I ? <?php echo 'PunBB'; ?>Using this proxy should result in the your post looking like this:
This is my include:
I ? PunBB
Just make sure you use the full url for your include file in proxy.php. Using a relative one will result in the actual PHP source code being sent to the browser potentially exposing any database passwords contained within the script. Also, do not use a variable passed in by the query string to choose which file to include in proxy.php--that would open up a nasty security hole.
14 2005-09-24 11:47 (edited by snoogly 2005-09-25 01:18)
Re: Allow admin/moderators to embed PHP in posts?
I tried the proxy method, and typed all pathes correctlt, but I failed to get the php file contents to load in the post. Viewing the page source in the browser showed only this :
<!-- ME -->
Also this error message: Undefined index: g_id in /home/(path to)/include/parser.php on line 308
Any idea what might have gone wrong?