I want to create web page acting as text Editor???

Hi every body,

What I am trying to do is to create a tutorial for my beginning
students for JavaScript and PHP, using a very simple online editor
like the one @ w3schools
So the left window will be the text file code, such as







And the right hand window would display

This is a test.

User can change the text file to make it display differently.

If the left hand side has PHP file, I just want it to be displayed as
a server-processed file, but not to endanger the system, any way to
avoid it from danger or hacking??

I know that I have to create the right side as a page and give it rwe
permissions but I don't understand how to execute the code of the left
side on the fly and output it in the right side page.

Thanks so much!
shror

Re: I want to create web page acting as text Editor???

On Dec 24, 4:42 am, shror wrote:
>
> What I am trying to do is to create a tutorial for my beginning
> students for JavaScript and PHP, using a very simple online editor
> like the one @ w3schools
> So the left window will be the text file code, such as
>
>
>
>
>
>
>
> And the right hand window would display
>
> This is a test.
>
> User can change the text file to make it display differently.
>
> If the left hand side has PHP file, I just want it to be
> displayed as a server-processed file, but not to endanger
> the system, any way to avoid it from danger or hacking??

Nope. You want to execute arbitrary PHP code on your server, so there
is no way of "avoiding danger or hacking"... The only half-safe
solution I can think of is that the PHP server on which the user-
supplied code runs is virtual (so whatever damage the hackers do will
disappear when the server is restarted) and separate from the server
on which the application is hosted.

Cheers,
NC

Re: I want to create web page acting as text Editor???

shror wrote:
> Hi every body,
>
> What I am trying to do is to create a tutorial for my beginning
> students for JavaScript and PHP, using a very simple online editor
> like the one @ w3schools
> So the left window will be the text file code, such as
>
>
>
>
>
>
>
> And the right hand window would display
>
> This is a test.
>
> User can change the text file to make it display differently.
>
> If the left hand side has PHP file, I just want it to be displayed as
> a server-processed file, but not to endanger the system, any way to
> avoid it from danger or hacking??

Use PHP CLI (Command Line Interpreter). That
way the PHP processing goes nowhere near the
server.

--
Regards,
Martin Leese
E-mail: please@see.Web.for.e-mail.INVALID
Web: http://members.tripod.com/martin_leese/

Re: I want to create web page acting as text Editor???

On Dec 24, 12:42=A0pm, shror wrote:
> Hi every body,
>
> What I am trying to do is to create a tutorial for my beginning
> students for JavaScript and PHP, using a very simple online editor
> like the one @ w3schools
> So the left window will be the text file code, such as
>
>
>
>
>
>
>
> And the right hand window would display
>
> This is a test.
>
> User can change the text file to make it display differently.
>
> If the left hand side has PHP file, I just want it to be displayed as
> a server-processed file, but not to endanger the system, any way to
> avoid it from danger or hacking??
>
> I know that I have to create the right side as a page and give it rwe
> permissions but I don't understand how to execute the code of the left
> side on the fly and output it in the right side page.
>
> Thanks so much!
> shror

its not a hard thing to do at all, many worms that ruin novice
instalations of wordpress and joomla do this in about 5 lines of code,
the act of securing such a service, limiting the function calls,
combinations thereof, then sharing resources, preventing dDOS, and
protecting the machine if something gets through, is quite hard
though, unfortaunately unless the works already 75% done somewhere,
it's not gonna be answered here! ;)

Re: I want to create web page acting as text Editor???

On Dec 24, 7:48 pm, NC wrote:
> On Dec 24, 4:42 am, shror wrote:
>
>
>
>
>
> > What I am trying to do is to create a tutorial for my beginning
> > students for JavaScript and PHP, using a very simple online editor
> > like the one @ w3schools
> > So the left window will be the text file code, such as
>
> >
> >
> >
> >
> >
>
> > And the right hand window would display
>
> > This is a test.
>
> > User can change the text file to make it display differently.
>
> > If the left hand side has PHP file, I just want it to be
> > displayed as a server-processed file, but not to endanger
> > the system, any way to avoid it from danger or hacking??
>
> Nope. You want to execute arbitrary PHP code on your server, so there
> is no way of "avoiding danger or hacking"... The only half-safe
> solution I can think of is that the PHP server on which the user-
> supplied code runs is virtual (so whatever damage the hackers do will
> disappear when the server is restarted) and separate from the server
> on which the application is hosted.
>
> Cheers,
> NC

Thanks for all your replies.
so now for doing this system what about having a free hosting account
that support the php do you think they could allow me host these
dangerous pages on their servers or they will close my account after
being attacked by any small danger.
also what is the w3schools doing in order to avoid the danger they
face, does any body know.

Thanks for all your help

shror

Re: I want to create web page acting as text Editor???

On Dec 24, 11:55 pm, shror wrote:
> On Dec 24, 7:48 pm, NC wrote:
>
> > You want to execute arbitrary PHP code on your server, so there
> > is no way of "avoiding danger or hacking"... The only half-safe
> > solution I can think of is that the PHP server on which the user-
> > supplied code runs is virtual (so whatever damage the hackers do will
> > disappear when the server is restarted) and separate from the server
> > on which the application is hosted.
>
> so now for doing this system what about having a free hosting account
> that support the php do you think they could allow me host these
> dangerous pages on their servers or they will close my account after
> being attacked by any small danger.

On a properly configured server, other customers will not be in
danger. Only you will have the risk of having your site defaced by
your students. So the hosting company probably wouldn't mind, unless
your students start using your site to send out substantial amounts of
spam.

> also what is the w3schools doing in order to avoid the danger they
> face, does any body know.

W3schools is not allowing arbitrary server-side code to run; they have
pages that allow you to test some JavaScript, whose code is executed
client-side (i.e., in browser).

Cheers,
NC

Re: I want to create web page acting as text Editor???

On Dec 26, 5:43=A0pm, NC wrote:
> On Dec 24, 11:55 pm, shror wrote:
>
> > On Dec 24, 7:48 pm, NC wrote:
>
> > > You want to execute arbitrary PHP code on your server, so there
> > > is no way of "avoiding danger or hacking"... =A0The only half-safe
> > > solution I can think of is that the PHP server on which the user-
> > > supplied code runs is virtual (so whatever damage the hackers do will
> > > disappear when the server is restarted) and separate from the server
> > > on which the application is hosted.
>
> > so now for doing this system what about having a free hosting account
> > that support the php do you think they could allow me host these
> > dangerous pages on their servers or they will close my account after
> > being attacked by any small danger.
>
> On a properly configured server, other customers will not be in
> danger. =A0Only you will have the risk of having your site defaced by
> your students. =A0So the hosting company probably wouldn't mind, unless
> your students start using your site to send out substantial amounts of
> spam.
>
> > also what is the w3schools doing in order to avoid the danger they
> > face, does any body know.
>
> 3schools is not allowing arbitrary server-side code to run; they have
> pages that allow you to test some JavaScript, whose code is executed
> client-side (i.e., in browser).
>
> Cheers,
> NC

yeah set it all up to run from some frames which use php pages on a
free site, great, but parse the output of these scripts so that you
dont get javascript being pushed back into your site (if you use
logins this allows one user to get at anothers data)
so you could have an array of allowed functions, together will strict
typing of inputs that are passed to those functions, and allow the
user to write some basic php, which is then line by line pregmatched
and then youre pretty safe, then paste the url here so we can have a
play, sounds like fun. I am surprised nothings out there already
though.

Re: I want to create web page acting as text Editor???

On Dec 27, 2:06 am, shimmyshack wrote:
> On Dec 26, 5:43 pm, NC wrote:
>
>
>
> > On Dec 24, 11:55 pm, shror wrote:
>
> > > On Dec 24, 7:48 pm, NC wrote:
>
> > > > You want to execute arbitrary PHP code on your server, so there
> > > > is no way of "avoiding danger or hacking"... The only half-safe
> > > > solution I can think of is that the PHP server on which the user-
> > > > supplied code runs is virtual (so whatever damage the hackers do will
> > > > disappear when the server is restarted) and separate from the server
> > > > on which the application is hosted.
>
> > > so now for doing this system what about having a free hosting account
> > > that support the php do you think they could allow me host these
> > > dangerous pages on their servers or they will close my account after
> > > being attacked by any small danger.
>
> > On a properly configured server, other customers will not be in
> > danger. Only you will have the risk of having your site defaced by
> > your students. So the hosting company probably wouldn't mind, unless
> > your students start using your site to send out substantial amounts of
> > spam.
>
> > > also what is the w3schools doing in order to avoid the danger they
> > > face, does any body know.
>
> > 3schools is not allowing arbitrary server-side code to run; they have
> > pages that allow you to test some JavaScript, whose code is executed
> > client-side (i.e., in browser).
>
> > Cheers,
> > NC
>
> yeah set it all up to run from some frames which use php pages on a
> free site, great, but parse the output of these scripts so that you
> dont get javascript being pushed back into your site (if you use
> logins this allows one user to get at anothers data)
> so you could have an array of allowed functions, together will strict
> typing of inputs that are passed to those functions, and allow the
> user to write some basic php, which is then line by line pregmatched
> and then youre pretty safe, then paste the url here so we can have a
> play, sounds like fun. I am surprised nothings out there already
> though.

Thnx for all your support and I will try to do some of the tests in
order to check safety and validity of my system, also to get your
support in getting a better contents to give to those students.

Thanks so much.

shror