Jump to content

shell_exec() madness... [mod edit: was start_exec()]


krattai

Recommended Posts

NB: oh yeah, the specs:  PHP 5.5.9-1ubuntu4.4  Server version: Apache/2.4.7  Ubuntu 14.04-4

 

OK, this is driving me completely nuts.

 

Yes, the first problem is, I'm modifying someone else' code, so I'm trying to cludge this, but I don't have the time resources to write the entire application, at least not at this prototype stage.

 

That said, start_exec() works wonderfully in a standalone, test script, so there's nothing wrong with the server or php mods / version.

 

The scenario, on clicking an href or button, I want a script to run (it loads files from a remote sftp and also wgets from another server).  One would think this isn't much of a problem, so here's where it becomes crazy making.

 

The code I'm working with is generating the html with print() in the form of print "<html>";

 

I've tried the usual examples for doing this function, but none of them are using embedded php in embedded html.

 

So this:

print"<tr><td class=leftsub><div   width=100% class=info id=tasks>
<a href='windows.php?pull=true'><img src=images/explore.gif width=16 height=16> <u>Pull files from server</u></a><br>

does not invoke this:

if ($_GET['pull']) {
  # This code will run if ?pull=true is set.
  shell_exec('pull.sh');
}

Which is all in the local function.

 

And this doesn't work either:

 print "<img src=images/extract.gif onClick='shell_exec('./pull.sh')' class=button title='Pull files'>";

Nor does this:

 print ("<form method='post'><p><button name='button'>Run Perl</button></p></form>");

seem to call this:

 if (isset($_POST['button'])) shell_exec('./pull.sh');

There are other ways I could perform the same, even just a cron that pulls and pushes on some regular interval, of couse which is checking to see if the files are open before pulling or pushing, but I'd rather it be on demand.

 

Am I just going to drive myself nuts without re-writing the entire code?  Should I rather just have the requests call a different php script which then inline shell_exec()'s the shell script?

 

Any insight and feedback is very much appreciated.

 

Cheers,

 

Kevin

Edited by krattai
Link to comment
Share on other sites

hi qoc, yeah as mentioned in my initial post, the script works fine as a stand alone (run from cli) and also runs from a test php, so yeah...  it's executable.  :D  in fact, www-data is the owner, but I also chmod 777 the whole freakin' thing and can also exec as root, user, anonymous...  lol

Link to comment
Share on other sites

I was just posting results on that, yes.  :)  Your original response led me to try a test.

 

I was trying to figure out how to debug this, so I decided to try to add a benign shell_exec('touch button'); into the button example above, and it worked.  ok, that was to be expected, but the results were a little more...  interesting...

 

It seems my working directory is different than my root directory.  The root for the application is mastercontrol/, but the button file is created in the mastercontrol/mc/, yet the pull.sh is located in root mastercontrol/, so that was totally unexpected.

 

The script runs as current or pwd (i didn't want to hard code paths in the script), so the assumption (wrongly) was that everything was using mastercontrol as working directory.  The way it works is actually good, but now I have to figure out paths.

 

I think I'll stick with the button option above, as it is more "pleasant" or intuitive, I think.  But with the button, I have been getting errors on dir so I think that's where I have to focus my attention (even though it adds no paths in the code, as shown above).

Link to comment
Share on other sites

Yeah, that's where I'm probably going to end up, with this.  For right now, I'm prototyping proof of concept, so I'm brute forcing when I shouldn't be (end client not spending money on R&D kind of stuff).

 

Eventually, the whole thing (as much as possible) on an ICB will be coded in C / ASM (and some Go) and all of this will be moot...  lol

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.