Execute SSH and close process it runs

[EffakT]

So, I posted a while ago about a problem with this same project, and I managed to fix it myself so marked it was solved.

 

But, I came across another error, being if multiple users are using the website and 2 people send a request at the same time or within a very small time, One of them will fail (normally only the first one works).

 

What happens is that the user will send some Node script to the PHP page, the PHP will then execute the script via popen, then run a CURL to get the resulting generated page, close the handle. This doesn't close the node.exe process, so I run a exec of 'taskkill /F /IM node.exe' to close the process.

This is where the problem lies.

 

Since I am closing ALL of the node.exe processes, if multiple people send a query within say 1-2 seconds (time it takes to execute and retrieve the result of the script) the first close will close the new processes, resulting in the other processes failing.

 

My execution code is:

$h = popen("start node ".$file, "r");

// Create a curl handle
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].':'.$port);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
$output = curl_exec($curl);
$errno = curl_errno($curl);
$err = curl_error($curl);
curl_close($curl);

pclose($h);
exec('taskkill /F /IM node.exe');

Does anybody have any suggestions for fixing this problem?
 

Thanks

 

 

--EffakT

[trq]

You might be best to describe what (overall) you are actually trying to do. Sounds like you are going through a bunch of hoops, some of which might not even be required.

[EffakT]

What it is is like a online school of sorts where I give a challenge where they must write a script in Node where the page must output certain content to a page, or read a certain file and output the file content onto a page, then I run a CURL to see if the user's script outputs what I am expecting. If it is, I let them proceed to the next lesson, otherwise I don't let them proceed. The validation and result checking is in JavaScript.

All PHP does is run the Node script.

 

Does that help explain?

[boompa]

Do you understand the huge security hole you've got here? There's absolutely nothing stopping someone from writing a node.js script that destroys your system.

[EffakT]

I check some things before executing.

 

They can not use port 80, 8080 or 0.

They MUST write to the response (httpServer),

They MUST end the response.

 

The script is only open for a second or so (however long it takes to run a CURL on it), therefore no port is open for an extended amount of time, and the process is closed right after the CURL finishes.

 

Also, the script is deleted off the server as soon as I have my result, so there is nothing that could clog my hard drive.

Edited April 8, 2014 by EffakT

[trq]

Does that help explain?

Nope, not at all. Where are these "scripts" the your users must write? I assume they are on some remote http server otherwise why would you be accessing them via curl. But then there is the execution of node? Why does that get executed from php?

 

Still, your issue makes little sense.

[EffakT]

its all on the same server.