• Registered: 2005-11-12
  • Posts: 2

Topic: php in posts

I am in the process of making a punbb mod for a community I am involved in. However I am having a problem.

The mod involves a set of bbcode tags which surround a number. I need to use that number in a mysql query and the results need to be displayed in the post. I have edited parser.php to include a php query into the post. However I can seem to get php to work at all in posts. And when i look in the source code my php code has been imported into the post but it is highlighted in pink.

So my question is how do I get php to work in posts, without leaving huge security holes?

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: php in posts

You can't, if you let users post php they can easily do anything they want to your site.

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • Registered: 2005-11-12
  • Posts: 2

Re: php in posts

Thanks for the reply, but it was the reply i didn't want to hear sad

Is it possible to run a javascript function?

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: php in posts

Well, then a malicious user can write one to steal passwords of anyone who visits the page.
Anyway, there is a mod for what you want (that does it securely I think, only admins are supposedly allowed to use PHP): http://www.punres.org/desc.php?pid=118
Of course, you need to write the script in a seperate file (since this mod just allows includes)