formatting and security fixes

.htaccess

@@ -0,0 +1,19 @@
+## WebGCC server configuration ##
+
+# Block access to generated text input #
+<Files "*.txt">
+Order Allow,Deny
+Deny from all
+</Files>
+
+# Block access to saved source codes #
+<Files "*.c">
+Order Allow,Deny
+Deny from all
+</Files>
+
+# Block access to executables #
+<Files "*.bin">
+Order Allow,Deny
+Deny from all
+</Files>

README.md

@@ -14,6 +14,7 @@ Features
 * Written in HTML and PHP.
 * Accepts code, standard input, command-line arguments, and text input.
 * Supports multiple execution sessions.
+
 More features will be added soon, like graphics, a nicer code editor and library selection support.
 Feel free to fork my project, modify it and merge the changes back to it.
 
@@ -59,6 +60,13 @@ Usage
 Just open the URL of the interface site. Rest is self-explanatory.
 
 
+Changelog
+---------
+
+* 15 Dec 2013: Fixed output display formatting. Now displays error list only when there is an error/warning. Now executes code only when executable file is present. Better cleanup of session files. Now displays stderr while execution. Added comments and fixed code indentation. Also included a .htaccess file for server security.
+* 14 Dec 2013: First release.
+
+
 More info and discussion
 ------------------------
 

header.html

@@ -1,7 +1,9 @@
-<!DOCTYPE html>
-<html>
-
-<h1 align="center">GCC web interface</h1>
-<p align="center">Test your C/C++ codes online. By Sunit Kumar Nandi</p>
-
-</html>
+<!DOCTYPE html>
+<html>
+
+<!-- Header page -->
+<!-- Centre-aligning the text -->
+<h1 align="center">WebGCC: simple GCC web interface</h1>
+<p align="center">Test your C/C++ codes online. By Sunit Kumar Nandi.</p>
+
+</html>

index.html

@@ -1,18 +1,24 @@
-<!DOCTYPE html>
-<html>	
-
-<head>
-<title>Web interface for GCC compiler</title>
-</head>
-
-
-<frameset rows="20%,80%">
- <frame name="header" src="header.html">
-   <frameset cols="60%,40%">
-      <frame name="input" src="input.html">
-      <frame name="output" src="output.php">
-   </frameset>
-</frameset>
-
-
-</html>
+<!DOCTYPE html>
+<html>	
+
+<!-- Interface page -->
+<head>
+<title>Web interface for GCC compiler</title>
+</head>
+
+
+<!-- Create two horizontal frames of 20% and 80% height -->
+<frameset rows="20%,80%">
+<!-- Load the header -->
+<frame name="header" src="header.html">
+<!-- Create two vertical frames of 60% and 40% width -->
+    <frameset cols="60%,40%">
+    <!-- Load the input frame -->
+    <frame name="input" src="input.html">
+    <!-- Load the output frame -->
+    <frame name="output" src="output.php">
+    </frameset>
+</frameset>
+
+
+</html>

input.html

@@ -1,19 +1,25 @@
 <html>
 
 <body>
+<!-- Specifying how the form data should be processed -->
 <form name="form1" method="post" target="output" action="output.php?saving=1">
 Write your program here:
 <br>
+<!-- Accepting program code -->
 <textarea name="data" cols="80" rows="10">
 </textarea>
 <br><br><br>
+<!-- Accepting standard input -->
 Standard input: <input type="text" name="stdin">
 <br><br>
+<!-- Accepting command-line agruments -->
 Command line arguments: <input type="text" name="args">
 <br><br>
+<!-- Submit button goes here -->
 <input type="submit" value="Run">
 </form>
 <br>
+<!-- Provide a link to text input option -->
 <a href="textinput.php" target="output">Click here to submit text file input</a>
 </body>
 

output.php

@@ -2,39 +2,51 @@
 
 <body>
 <?php
-$saving = $_REQUEST['saving'];
-if ($saving == 1){ 
-$data = $_POST['data'];
-$args = $_POST['args'];
-$stdin= $_POST['stdin'];
-$unique = rand(1, 10000);
-$file = "prog".$unique.".c";
-$srcpath = "./".$file;
-$executable = "./"."prog".$unique;
-$fp = fopen($file, "w") or die("<p>Couldn't open $file for writing!</p>");
-fwrite($fp, $data) or die("<p>Couldn't write values to file!</p>"); 
+$saving = $_REQUEST['saving']; //check whether a saving request is provided
+if ($saving == 1) //do if saving request is provided
+{ 
+    $data = $_POST['data']; //extract the code from the form into a variable
+    $args = $_POST['args']; //extract the command-line arguments from the form into a variable
+    $stdin= $_POST['stdin']; //extract the standard input from the form into a variable
+    $unique = rand(1, 10000); //generate a random number for the current execution session
+    $file = "prog".$unique.".c"; //declare the file name
+    $srcpath = "./".$file; //declare the source file path
+    $executable = "./"."prog".$unique.".bin"; //declare the executable path
+    $fp = fopen($file, "w") or die("<p>Couldn't open $file for writing!</p>"); //open file for writing
+    if(!fwrite($fp, $data)) //write the code to file
+    {
+        shell_exec("rm -rf $srcpath");
+        die("<p>Couldn't write values to file!</p>"); //clean up and exit if unable to write
+    }
 
-fclose($fp); 
-echo "<p>Saved to $file successfully!</p>";
+    fclose($fp); //close and save the file
+    echo "<p>Saved to $file successfully!</p>"; //notify the user that file has been saved
 
-echo"<p>
-Compiling the program $file<br>
-Error list:<br>";
-$output1 = shell_exec("g++ $srcpath -o $executable 2>&1");
-echo "$output1";
-echo "</p>";
-echo "<p>Running the program:<br>";
-$output2 = shell_exec("echo $stdin | $executable $args");
-echo "$output2";
-echo "<br>
-</p>";
-
-shell_exec("rm -rf $srcpath $executable");
+    echo"<p>Compiling the program $file<br>"; 
+    $output1 = shell_exec("g++ $srcpath -o $executable 2>&1");
+    /* try compiling the program with GCC and collect errors and warnings */
+    if($output1!=NULL)
+    {
+        echo "Error list:<br><pre>$output1</pre>"; //display the errors and warnings if present
+    }
+    echo "</p>";
+    if(file_exists($executable)) //check if executable exists
+    {
+        echo "<p>Running the program:<br>";
+        $output2 = shell_exec("echo $stdin | $executable $args 2>&1");
+        /* execute the file providing the necessary inputs and collect the output */
+        echo "<pre>$output2</pre>";
+        echo "<br></p>";
+    }
+    
+    shell_exec("rm -rf $srcpath $executable"); //clean up the session files
 }
-else {
-echo "<p>Enter your code in the left frame and hit run to display the output.</p>";
+else //do if saving request is not provided
+{
+    echo "<p>Enter your code in the left frame and hit run to display the output.</p>";
+    /* tell the user to  fill up the form on the left frame */
 }
 ?>
 </body>
 
-</html>
+</html>

textinput.php

@@ -2,33 +2,38 @@
 <body>
 <?php
 $saving = $_REQUEST['saving'];
-if ($saving == 1){ 
-$data = $_POST['data'];
-$unique = rand(1, 10000);
-$file = "text".$unique.".txt";
+if ($saving == 1)
+{ 
+    $data = $_POST['data'];
+    $unique = rand(1, 10000);
+    $file = "text".$unique.".txt";
 
-$fp = fopen($file, "w") or die("<p>Couldn't open $file for writing!</p>");
-fwrite($fp, $data) or die("<p>Couldn't write values to file!</p>"); 
+    $fp = fopen($file, "w") or die("<p>Couldn't open $file for writing!</p>");
+    fwrite($fp, $data) or die("<p>Couldn't write values to file!</p>"); 
 
-fclose($fp); 
-echo "<p>Saved to $file successfully! You may now use $file as a text input for your program.</p>";
+    fclose($fp); 
+    echo "<p>Saved to $file successfully! You may now use $file as a text input for your program.</p>";
 }
+/* Code for taking text input. Similar to the first part of output.php */
 ?>
 
 <p>
 <form name="form1" method="post" action="?saving=1">
 Write your text here:
 <br>
+<!-- Text box to take text input for program -->
 <textarea name="data" cols="50" rows="10">
 This is the file you can use to provide input to your program and later on open it inside your program to process the input.
 </textarea>
 <br>
+<!-- Submit button goes here -->
 <input type="submit" value="Save">
 <br>
 <br>
+<!-- Link to close text input -->
 <a href="output.php">Click here to close text input</a>
 </form>
 </p>
 
 </body>
-</html>
+</html>