Free website hosting limitations

Started by AllerPar, Sep 18, 2023, 07:59 AM

Previous topic - Next topic

AllerParTopic starter

I am developing a PHP website using Yii2 framework (
Each user has a list of tasks in C++ that they need to solve and enter the corresponding code.
Consequently, there is a need to compile their code.
The website is hosted for free and does not allow the use of functions like system(). I am aware that purchasing a VPS would grant me more freedom and flexibility, right?


On the same website, but with tasks in PHP instead of C++.
While executing tasks in C++ involves writing to a file, compiling, and running the code, it is not as straightforward when it comes to PHP.
How can I securely execute PHP code submitted by users? I have asked this question before, but I would like to reiterate it. Last time, we were advised to use eval(). Is this the only viable option?

Specifically, I need to execute the following line of PHP code:
$code = '<?php echo 5;'

Any insights or suggestions would be greatly appreciated.


1) Yes, purchasing a VPS (Virtual Private Server) would grant you more freedom and flexibility compared to a free hosting service. With a VPS, you have complete control over the server and can install any software or libraries required for your project, including ones that allow you to compile C++ code. This will give you the ability to use functions like system() if needed.

2) When it comes to executing PHP code submitted by users, using eval() is one option, but it can also introduce significant security risks if not used carefully. It allows arbitrary code execution, making it possible for malicious users to exploit vulnerabilities.

Another approach you can consider is using a sand-boxing technique, where you execute the user-submitted code in a controlled environment with limited permissions and resources. This can help mitigate potential risks. There are existing libraries and tools available for this purpose, such as "voku/PhpSandbox" or "php-sandbox-wrapper."

It's important to note that even with sandboxing, you should thoroughly review and sanitize the user-submitted code before executing it. This helps prevent common security issues like SQL injection, cross-site scripting (XSS), or code that could potentially harm your server.

Overall, evaluating the potential risks and finding a balance between security and functionality is crucial when executing user-submitted code.


To maintain security and efficiency, my suggestion would be to utilize a dedicated server, whether it is virtual or physical. On this server, Docker can be installed and utilized to run the code. It's important to ensure that the code runs exclusively in a clean and isolated environment, with appropriate timeouts and resource limitations. This approach will greatly enhance the overall performance and protection of the system.

In addition to these precautions, regularly updating and monitoring the Docker software, as well as implementing security measures such as firewall rules and access controls, could further strengthen the overall system's security.


If the hosting provider is rational and has a server that is configured properly, they are unlikely to grant you permission to create such massive projects. Of course, there may be ways to bypass these restrictions, but it greatly relies on the particular system, libraries, and various other factors. And without a doubt, such information is certainly not meant for public consumption ;)

Are you looking for extravagance and luxury? Come aboard the dedicated VPS :)
Within the boundaries of the user agreement, you have the freedom to do whatever you desire.