I need to make use of the PHP function shell_exec(). Unfortunately I'm using shared hosting and shell_exec() has been disabled for security reasons.
With the cron job php -q /home/user_name/exec_test.php >/dev/null 2>&1 I found out, shell_exec() is only disabled in /home/user_name/public_html/ but not in /home/user_name/, which I can access via cron job.
Of course, I cannot access the directory /home/user_name/ via browser. (I would prefer not to use cron job.)
My idea was to include (include "/home/user_name/exec_test.php";) my exec file from a php script in the browser accessible direction. Unfortunately this gives me the same error: shell_exec() has been disabled for security reasons
Is there a way I can reach what I want? Is there a way to execute /home/user_name/exec_test.php without include it in /home/user_name/public_html/ directory?
Related
PHP's exec() function is turned off in my hosting server and it's not possible to change it (for security reasons). Are there alternatives for the exec() function?
Here is more info about my problem:
What I want to do: I want to use .jar file in host server.
This is how it looks on my localhost:
function generateReqXML() {
exec('"C:\Program Files\Java\jdk1.7.0_21\bin\java.exe"
-jar vaiisis.jar auth', $out);
}
This .jar file help my system to generate XML code.
This code work perfect for my local machine, but its facing the problem when I am trying to use it in my host server.
Alternatives to exec are:
system(); passthru(); shell_exec();
You can check if these are available with echo ini_get("disable_functions");
But since these are probably disabled there are only non-PHP options left.
Do you have to use the exec() function via PHP?
You could for example write a shell script, which can be invoked via cron to do your job.
What are you exactly trying to accomplish?
It might be kind of a nooby question but ...
How can I possibly run a php command like php /path/to/script.php on a hosted web-server?
I have no access via SSH or something.
You can check if the program execution commands like exec() have been disabled on the server side using:
function execEnabled()
{
$arrDisabled = explode(',', ini_get('disable_functions'));
return (!in_array('exec', $arrDisabled));
}
A list of all system execution commands can be found here:
http://us.php.net/exec
If exec(), passthru() etc. have been disabled, there is no way to execute shell commands.
As Christian Ciupponi asked, why would you execute a PHP script using shell command? You could simply include the file to run it if file access to the script is permitted.
Have a look at this function, maybe it will help: http://it1.php.net/function.exec
By the way why can't you just visit the page you need? In this way the script will run
EDIT:
How to use the exec function:
The exec function allow you tu execute an external program when you do not have access to an ssh consolle. (note that this function can be disabled by the sysadmin )
For example you can use:
$whoami = exec('whoami');
I have a php webpage located on Webserver1, which is from Host1.
I also have a bash script located in Gameserver1 which is from Host2.
Is there any way to send a command from Webserver1 to Gameserver1 to execute the bash file? The webpage and file are on different VPSs. Both are running Debian 7.
The script is literally one line, to execute a java command via a screen, so the server can start if a player notices it's down. The command's available already so it doesn't need to be a secure way of hiding what the command is.
There are 2 ways I can think of. either create a bash file in Webserver1 that connects through ssh and executes the bash script you need on Gameserver1. then run it through php with exec() command.
Or you can create a php file in Gameserver1 that uses exec() to execute the bash script you need on Gameserver1 and call it using file_get_contents() on Webserver1, which is not that secure since anyone can call that file and run your script.
Is there any reason why I can not complied files in PHP's shell_exec/exec/system function?
Example of something that does work in command line and PHP's shell_exec function:
<?php
$data = shell_exec("ls");
echo $data;
?>
Example of something that does not work in PHP's shell_exec function but will work in command line (I can confirm that):
<?php
$data = shell_exec("./c-compiled-file argv1 argv2 argv3");
echo $data;
?>
Is there anything I can do on my server so this will work? I've looked everywhere and no solutions I found fixed the problem. The compiled file is in the same directory as the PHP script as well, it just won't execute it. Also if you're asking, yes I have tried this with SSH2 and it still will not execute.
Also PHP is not in safe mode and NO functions are disabled.
Some common glitches when executing external commands from PHP that work fine from shell:
Command uses relative paths but PHP is launched from an arbitrary location:
Use getcwd() / chdir() to get/set working directory
PHP and shell run with different user credentials. This is often the case when PHP runs through a web server.
PHP and shell run different commands. Many people call stuff like exec("foo $bar") and doesn't even check what "foo $bar" contains.
No error checking is done. The bare minimum is to capture and print standard output, standard error, status code and, of course, all PHP error messages including warnings and notices.
You can redirect stderr to sdtout
You can use a PHP function that allows to capture more information, such as exec()
The web server is disallowed to execute the command at operating system level.
Lookout for SELinux or similar tools.
Just a guess, but the binary you're trying to execute might not have the proper permissions. Prepeding it with ./ in the command line forces it to execute, but PHP probably strips that for security purposes. Try this:
chmod +x c-compiled-file
You want to use system in the second case, and not shell_exec.
system executes an external program and displays the output.
shell_exec executes a command via shell and returns the complete output as a string.
and for good measure:
exec simply executes an external program.
Furthermore you want to make sure your external program is executable and (though you have stated it, I'll restate this) has execute permissions for the user which is running the web server. You also want to make sure the directory your external program is running in has the ability to write to its directory or /tmp or whatever output directory you have set.
Finally you should always use absolute paths for executing things like this in cron or php or whatever... so don't use ./c-compiled-file argv1 argv2 argv3, but instead use /home/username/c-compiled-file argv1 argv2 argv3 or whatever the full path is.
So I want to execute a bash command from PHP on my web server. I can do this using shell_exec. However, one of the commands I want to execute is curl. I use it to send a .wav file to another server and record its response. But when invoked from PHP, curl doesn't work.
I reduced the error to the following small example. I have a script named php_script.php which contains:
<?php
$ver=shell_exec("curl -F file=#uploads/2013-7-24-17-31-43-29097-flash.wav http://otherserver");
echo $ver
The curious thing is that when I run this php script from command line using php php_script.php, the result I get is
Status: 500 Internal Server Error
Content-type: text/html
However, if I run curl -F file=#uploads/2013-7-24-17-31-43-29097-flash.wav http://otherserver directly, I get the response I was expecting:
verdict = authentic
(Edit:) I should probably mention that if I put some bash code inside the shell_exec argument which does not contain curl, the bash command executes fine. For example, changing the line to $ver = shell_exec("echo hello > world"); puts the word "hello" into the file "world" (provided it exists and is writable). (End edit.)
Something is blocking the execution of curl when it is invoked from PHP. I thought this might be PHP's running in safe mode, but I found no indication of this in php.ini. (Is there a way to test this to make 100% sure?) What's blocking curl and, more importantly, how can I bypass or disable this block?
(And yes, I realize PHP has a curl library. However, I prefer to use commands I can run from the command line as well, for debugging purposes.)
cheers,
Alan
The reason is the administrative privileges when you run the command directly you are running it as root and thus the command gets executed. But, when you run the command through PHP it runs as an user. By, default user has not the privileges to run the shell_exec commands.
You have to change the settings of shell_exec through CPanel/Apache config file. But, it is not recommended to provide the shell_exec access to the user as it help hackers to attack on server and thus, proper care should be taken.
It would be more appropriate to use the curl library provided in PHP.