niriuic

Yes that's true - we have shifted our front-end code using css html and javascript. It's just the server side code that retrieves data and show to user. On a side note, I was curious to see a working example of javascript authenticating against an office 365 Tenant and then retrieving mailbox information. Thank you.

I think it's time to switch from PowerShell to REST API. Code conversion might take some time but I find REST API route useful in the near future. Thank you very much for all your help. Appreciate it.

So my initial ask was how to execute a script/external program with a click of "button". If browser doesn't allow then how someone cloud build a solution that can execute a local powershell script? https://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/ Thanks.

Error message as reported in cgi log: 20210427T130408: domain.com/wp-content/uploads/get-process.php PHP Parse error: syntax error, unexpected 'pscripta' (T_STRING) in /hermes/bosnacweb01/bosnacweb01au/b375/ipg.acc56021/wp_site_1618028062/wp-content/uploads/get-process.php on line 33

While hosting provider is in the process of enabling php logging (not sure why would it take so long for them to enable), I have a few things to clarify: Since I am executing get-process.php script (above) from a URL (https://domain.com/wp-content/uploads/get-process.php), can browser allow a script to access local file (powershell.exe) and allow an execution of a script from local folder? If answer to above question is no then how would someone execute a script on a click of button? In other words, allowing a browser script to access local files is a security risk. Thank you.

Yup. I've asked hosting provider to enable php logging to see actual error message. Thanks for your help.

Now correcting the path and then running the script from browser throws below error:

here it is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Testing PowerShell</title> </head> <body> <?php // If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: if(!isset($_POST["submit"])) { ?> <form name="testForm" id="testForm" action="get-process.php" method="post" /> Your name: <input type="text" name="username" id="username" maxlength="20" /><br /> <input type="submit" name="submit" id="submit" value="Do stuff NowNew" /> </form> <?php } // Else if submit was pressed, check if all of the required variables have a value: elseif((isset($_POST["submit"])) && (!empty($_POST["username"]))) { // Display the alert box echo '<script>alert("Welcome to Geeks for Geeks")</script>'; // Get the variables submitted by POST in order to pass them to the PowerShell script: $username = $_POST["username"]; // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.: // $username = cleanData($_POST["username"]); $psPath = 'C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe'; $psDIR = 'C:/TestNew/'; $psScript = 'pscripta.ps1'; $runScript = $psDIR. $psScript; $runCMD = $psPath.' '.$runScript.' 2>&1'; echo '\$psPath $psPath <br>'; echo '\$psDIR $psDIR <br>'; echo '\$psScript $psScript <br>'; echo '\$runScript $runScript <br>'; echo '\$runCMD $runCMD <br>'; exec( $runCMD,$out,$ret); echo '<pre>'; print_r($out); print_r($ret); echo '</pre>'; } // Else the user hit submit without all required fields being filled out: else { echo 'Sorry, you did not complete all required fields. Please go back and try again.'; } error_reporting(E_ALL); ?> </body> </html>

Thank you both for your directions. Now after changing script as suggested this is what I see: It says PowerShell.exe not found. I can see PowerShell.exe in above path. I was reading somewhere about making PowerShell.exe globally available so it is available to that user when executed from browser, but I am not sure how to make it available globally. Thanks.

How this is considered as a wrong path? C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1 Can you be bit more specific? Thanks

This is what I see: $psPath C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $psDIR C:\TestNew\ $psScript pscripta.ps1 $runScript C:\TestNew\pscripta.ps1 $runCMD C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1 Array ( [0] => sh: 1: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe: not found ) 127

Hello, PowerShell script stored locally can never be executed after I click on button: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Testing PowerShell</title> </head> <body> <?php // If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: if(!isset($_POST["submit"])) { ?> <form name="testForm" id="testForm" action="get-process.php" method="post" /> Your name: <input type="text" name="username" id="username" maxlength="20" /><br /> <input type="submit" name="submit" id="submit" value="Do stuff NowNew" /> </form> <?php } // Else if submit was pressed, check if all of the required variables have a value: elseif((isset($_POST["submit"])) && (!empty($_POST["username"]))) { // Display the alert box echo '<script>alert("Welcome to Geeks for Geeks")</script>'; // Get the variables submitted by POST in order to pass them to the PowerShell script: $username = $_POST["username"]; // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.: // $username = cleanData($_POST["username"]); $psPath = "C:\\Windows\\SysWOW64\WindowsPowerShell\\v1.0\\powershell.exe"; $psDIR = "C:\\TestNew\\"; $psScript = "pscripta.ps1"; $runScript = $psDIR. $psScript; $runCMD = $psPath." ".$runScript." 2>&1"; echo "\$psPath $psPath <br>"; echo "\$psDIR $psDIR <br>"; echo "\$psScript $psScript <br>"; echo "\$runScript $runScript <br>"; echo "\$runCMD $runCMD <br>"; exec( $runCMD,$out,$ret); echo "<pre>"; print_r($out); print_r($ret); echo "</pre>"; } // Else the user hit submit without all required fields being filled out: else { echo "Sorry, you did not complete all required fields. Please go back and try again."; } ?> </body> </html> Thank you for your help!