- Joined
- Jan 5, 2005
I have a web server set up at home, and I wrote a little ajax/php console that lets me remotely execute code by feeding it via AJAX to a php page that just does eval($code) and then spits it into a results box. The idea is that if I need to do some quick code to figure something out I have access to this. It's password protected just in case. Here's the code:
console.php:
console_processor.php:
It works, for the most part. My problem is that if I try to send any code with loops (for loops, while loops, etc), it hangs. If I access it from the server, firefox crashes before anything happens. If I access it remotely, I get a fatal exceeded max execution time error.
I try code like this:
If I make a static page that has eval(<above code, escaped>), it works fine. Any ideas?
console.php:
Code:
<?php
session_start();
$error = "";
if ( array_key_exists("log", $_REQUEST) && $_REQUEST["log"] == 1 )
{
$_SESSION = array();
if ( isset($_COOKIE[session_name()]) )
setcookie(session_name(), '', time()-42000, '/');
session_destroy();
header('Location: console.php');
}
?>
<html>
<head>
<title>Server Console</title>
<script language="JavaScript" type="text/javascript">
function togglevis(obj_tog)
{
if ( obj_tog.style.display == "none" )
obj_tog.style.display = "block";
else
obj_tog.style.display = "none";
}
function php_eval(str_code,obj_result)
{
var xmlHttp;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
alert("Your browser does not support AJAX!");
return false;
}
}
}
xmlHttp.onreadystatechange=function()
{
if(xmlHttp.readyState==4)
{
obj_result.innerHTML=xmlHttp.responseText;
}
}
var str_fcode = "code=" + str_code;
xmlHttp.open("POST","console_processor.php",true);
xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xmlHttp.setRequestHeader("Content-length", str_fcode.length);
xmlHttp.setRequestHeader("Connection", "close");
xmlHttp.send(str_fcode);
}
</script>
</head>
<body>
<div align="right"><a href="console.php?log=1">Logout</a></div>
<div align="center">
<strong style="font-size:24pt">Server Console</strong>
<br />
<br />
<?php
if ( array_key_exists("pw", $_REQUEST) )
{
//Login
if ( md5($_REQUEST["pw"]) == "dabadc5ab1a3394e3f10440d8afed0aa" )
$_SESSION["pw"] = "dabadc5ab1a3394e3f10440d8afed0aa";
else
$error = "Incorrect Password<br />";
}
if ( !isset($_SESSION["pw"]) )
{
echo $error;
?>
<form method="post" action="console.php">
<input type="password" name="pw">
<input type="submit" value="Login">
</form>
<?
}
else
{
if ( $_SESSION["pw"] != "dabadc5ab1a3394e3f10440d8afed0aa" )
die("Invalid Session");
?>
<a href="javascript:togglevis(document.getElementById('codebox'))">Show/Hide Code</a>
<table border=0 width=100% height=500>
<tr align=center>
<td align=left valign=top>
<div id="codebox" style="display: block">
<form onSubmit="php_eval(this.code.value,document.getElementById('result')); return false" action="console.php#" method="post">
<strong>PHP:</strong>
<br />
<textarea name="code" cols=50 rows=20></textarea>
<input type="hidden" name="codetype" value="php">
<br />
<input type="Submit" value="Go!">
</form>
</div>
</td>
<td valign=top width=100%>
<div id="result"></div>
</td>
</tr>
</table>
<?php
}
?>
</div>
</body>
</html>
console_processor.php:
Code:
<?php
if ( array_key_exists("code", $_REQUEST) )
eval($_REQUEST["code"]);
?>
It works, for the most part. My problem is that if I try to send any code with loops (for loops, while loops, etc), it hangs. If I access it from the server, firefox crashes before anything happens. If I access it remotely, I get a fatal exceeded max execution time error.
I try code like this:
Code:
for ( $i = 0; $i < 3; $i++ )
{
echo $i;
}
If I make a static page that has eval(<above code, escaped>), it works fine. Any ideas?