PHP - online lambda functions

Question

PHP - online lambda functions

Asked 9 years, 3 months ago

Viewed 79 times

2

Dear, I have a system where the user (with development permission) can program some online routines, to be executed within the system, without the need to create file and call via require / include.

To perform this function, I use create_function, but the problem is that when creating this function within a loop for example, the error "cannot redeclare class xxxx".

If the routine is created like this: class aaa{/codigo/}

And I make a loop for execution:

for ($i = 1; $i <= 5; $i++) {
  $funcao = create_function('', $codigoLidoDoBD);
  $funcao();
}

The error occurs because even having a different function name, the aaa class has already been declared and registered somewhere :S

Obs: You could use class_exists in each class, but there are many to change...

Obs2: Sometimes, even declaring the create_function outside the loop and calling only to $funcao(), the error also occurs.

Does anyone know how to solve?

Who defines the class name is the system or the user?

– Papa Charlie

2015/03/18 at 18:56
5

This will be a maintenance and security nightmare.

– Maniero

2015/03/18 at 18:56
http://stackoverflow.com/questions/20394721/why-is-there-a-function-create-function-php

– Daniel Omine

2015/03/19 at 12:29
@Papacharlie who defines is the user himself.

– Diogo

2015/03/19 at 19:35
@bigown is not no, because the place where these functions and classes are set is protected by security groups and tals.. what I still need to do is determine when and how the routine can be performed..

– Diogo

2015/03/19 at 19:41
@Danielomine is not quite that, but thanks anyway man!

– Diogo

2015/03/19 at 19:41
@user3123816 goes for it, the worst part is you don’t know what you’re getting yourself into. You can protect as much as you want, you can use the latest innovation in safety, what you’re doing is intrinsically insecure, and there’s only one way to not create huge maintenance problems if it’s a failure. I’m warning you because I have experience with this scenario but I think you’ll only know if you do and succeed if you’re actually used. See that several people agreed with me.

– Maniero

2015/03/19 at 19:44
@user3123816, there seems to be a collision with the class names when you carry two or more with the same name. I believe you have to rename the class. You can use a type ID class UserFulanoDeTal_ID_01{/codigo/}. Even if there are 2 classes with the same name, the system will replace to avoid collision.

– Papa Charlie

2015/03/19 at 20:01
@user3123816, posted the link only to reinforce what others have warned about what you are using.. Often finding a solution to something "crooked" is worse than remaking and undoing..

– Daniel Omine

2015/03/20 at 03:08

Show 4 more comments

2 answers

Browser other questions tagged php lambda-expressions anonymous-function

You are not signed in. Login or sign up in order to post.

by Guilherme Viebig • **466** points · Answer 1 · 2015-03-18T23:13:07+00:00

Unless you create a parser for before actually running the validated code you will have problems.

The dynamic inclusion of code without rules or interfaces provides several problems and risks.

What you could do is test code compatibility before running it with block try..catch

Another possibility is to add dynamic namespaces like this, but even if it works it’s a bad practice.

Another point is to always try to compile these inclusions into files and use this file instead of pulling from the database. Of course, by changing the database the compilation is executed again and in case there is an error you can alert the user and not carry out the compilation,

I hope it helps.

by Papa Charlie • **8,721** points · Answer 2 · 2015-03-19T20:15:04+00:00

My proposal would be to rename the class to avoid loading and collision between two or more classes with the same name. Would make a <textarea> where the user can register all functions of the class you want.

// <textarea>

// functions
public function myname()
{
    echo 'Papa Charlie';
}

public function myage()
{
    echo 'Quase 33 :)';
}

At the time the user submits the form, you create the class name using the user’s name as a reference - or your ID - and ensure that there will be no collision with the names.

$content = 'class UserFulanoDeTal_ID_User
{
    ' . $_GET['myfunctions'] . '
}';

When you record $content in your DB, it will already be renamed. When loading just use the USER NAME and the USER ID of the user to invoke the class and its functions.