2

I have a program that users want to download. Instead of offering a link to download and they download the program and enter the information, I would rather have my PHP script do it.

My website requires a username and password to login, there is a private page where a user can download a file. When a user goes to the "download" page, there is specific options on the page the user must choose. Once the choices are selected and the user clicks "Download", I want PHP to go to my programs source, add the missing data inside the source, compile it into a .exe, and bring it back to the user.

Thing is, I have no idea how to do this and im scared that PHP will put the information for one user and accidently give one users information to everyone else.

How can I make it that each binary is different?

I'm currently making my program in Windows (using Code::Blocks) but im going to be hosting the files on a Linux or FreeBSD server. Just wanted to let that out incase there is something I need to know.

Improve this question
3
  • 3
    This sounds risky from a security perspective. Are you sure it's a good idea to update your source code based on user input from a website? Even if it's just a one-off download this seems like a bad way to set user preferences for an application. Commented Nov 15, 2012 at 3:12
  • 4
    use exec() to call your compiler, or better yet restructure your executable so that the user data is separate (e.g. as a dll) Commented Nov 15, 2012 at 3:12
  • @calvinf, this is not updating my source code, i control the program and the source code. Commented Nov 16, 2012 at 2:52

1 Answer 1

Reset to default
2

Since you're in effect allowing the user to enter arbitrary code onto your server, this seems like a serious security risk. Why is customization of the executable needed? Could it be a configuration file?

If you want to go ahead with this, it can be done pretty easily. Perhaps use a templating engine like Mustache (not the C++ language feature templates). Write your source files to include this mustache templates.

When the user has posted the info, you just need to run the command to apply the template to get the finished source, then run your makefile to generate the finished executable. Then you can give it like anything else.

If you want to make sure the users can't get the same binary, an easy way would be to delete the finished executable after each run. There's better ways of doing this, but this is easy.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for the security reason. I know about this, thats why its not like text-open file. It just a dropdown and they must select it. The rest of the info (such as who the users are and their choice) will be injected into the file by PHP.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.