I'm currently building a website that allows people who own a server for an online video game to better control their server without typing in console commands. In order to do this, the user enters their game server's IP address and port, and my script attempts to make a tcp connection using fsockopen(). It then sends a command (using the source server query protocol) using fwrite and listens for the expected response.
So far the functionality is working beautifully but I'm concerned about allowing an fsockopen connection to literally any address. For security, what could happen if the user has full control over the connecting server? Is there any code execution or other serious concerns I should be aware of?
Thank you very much.