I am working on a webapp made by someone else which uses Bottle routing. I want to create a simple login page which requires some PHP. If I return the PHP page as a static_file, any HTML will be executed but PHP won't, for obvious reasons. How should I serve the PHP file so that it is dynamic?
Not working:
#route('/login')
def serve():
return static_file('login.php', root='.')
In order to server PHP files, you need to have PHP installed on the web server. Additionally, the webserver needs to be configured to detect PHP files and execute them.
Serving PHP files from Python is kinda useless and not recommended.
I'd recommend you to take the time to translate this script from PHP to Python.
I wanted to do the same thing yesterday, but the answers I got to my question made it clear it was either impossible or extremely difficult. I came up with writing a small python program to run the PHP built in server. NOTE: PHP needs to be able to run from the command line for this to work.
#Import the os package so that this code can run commands
import os
#Get the port that the user wants to host on
port = str(input("What port would you like to host on?"))
#Add wanted port to the command that hosts the php server
cmd = "php -S localhost:" + port
#Actually run the command to host php server
os.system(cmd)
#Now the PHP server will take over until you
#use ctrl + C to quit hosting
Just remember that the port needs to be 4 numbers. When you host this, you can return any file from the folder you ran this code in by simply typing it in the browser. Example:
localhost:8080/login.php
Returns login.php (if it is there) on the localhost port that you asked for.
Related
I'm debugging my PHP app on CentOS7 using Apache.
My application is a Web GUI to manage the Torque batch system and I used the qmgr, which is a command line tool provided by Torque to do the management work.
Because only the root user can execute the qmgr and the Apache server cannot be running as root user, I have written a C program as a wrapper for anyone to execute commands as root user.
But the PHP application always give the following output:
socket_connect_unix failed: 15137
qmgr: cannot connect to server (errno=15137) could not connect to trqauthd
This means the PHP app cannot raise a socket connection to connect the Torque server.
Here is some additional information:
The command called by the PHP application can be executed correctly in the shell
The same PHP app can be executed correctly on a CentOS6 server with Apache
SELinux and the firewall are disabled
I have tried the two versions (5.1 and 4.10) of Torque, the result is the same
Apache and PHP are used with the default RPM's of CentOS7.
I thought there are some new security limits that maybe influence Apache on the CentOS7 server.
Please give me some suggestions, thank you!
I had the exact same problem.
The cause is that newer Apache.httpd versions default to having the systemd property PrivateTmp set to true. This causes the httpd service to see a private /tmp directory that is actually mapped to some other location in the file system, instead of the real /tmp directory. PHP, running in the Apache process, has the same /tmp directory as the Apache service, and so do any processes forked from PHP (e.g. using exec or system etc). So when PHP calls qsub (etc), that too will see the private /tmp directory.
This causes the error you mentioned because qsub internally uses the unix socket /tmp/trqauthd-unix to communicate with trqauthd. But qsub sees the "fake"/private /tmp directory instead of the real one, so it doesn't find the socket.
This explains why the command works when you run it manually in a console--in that case, qsub sees the real /tmp directory, as opposed to the private one it sees when forked from PHP (running the Apache service).
One solution is to simply change the PrivateTmp property in the file httpd.service from true to false. You can find this file under the /etc/systemd directory. The subfolder it is in probably depends on the linux distribution, so use the find command to locate it:
find /etc/systemd -name httpd.service
This really helped me!
I have been struggling a lot having a php script using exec()-command. For some reason I got permission denied. Having tried vary many things, including running my scripts in shell as the www-data user, but with no success, this was finally the solution to my problem.
BTW, for Ubuntu the apache service config file is located at cat /etc/systemd/system/multi-user.target.wants/apache2.service
I'm trying execute a python script from php function shell_exec(), but this script require root privileges.
The python code is very simple. Using libraries wifi python does a scan of all the SSID and provides in output the information on the various wireless networks to which he had a scan in JSON format. WiFi libraries are scanning using iwlist that requires root privileges. If it is performed by a user who does not have root privileges, it returns only the information referring to the wifi where you are connected.
If I plug in my code the string
<?php
echo 'Current script owner:'. get_current_user ();
?>
I print screen "Current script owner: root", but if I try to run my code
<?php
$ Output = shell_exec ("python /home/acme/XDOMV2/conn1.py");
echo $ output;
?>
It will only return information about the network on which my debian system is connected.
How to use lighttpd webserver and I have followed several guides about getting to the only result of having to re-install lighttpd.
The question is, is there a way to run a python script as root from lighttpd?
Where am I wrong?
I would suggest to run the script as a user with proper privileages.
This will minimize the risk for exploits on the system.
Next step would be ro run the script in a cron environment as that user (or root in the worst case scenario) and deliver the result via a database or a cached environment. You could also deliver the result via sockets or file handles.
Never enable a web environment to run scripts or well anything as root, it's dangerous and not how the software(lighttpd) were meant to operate.
If you're a brave soul:
This question belongs on UnixExchange but you can check this out:
http://www.sunspot.co.uk/Projects/Joggler/lighttpd_as_root.html
And also check the docs for your lighttpd version, running as root is possible but not sound in any way.
I'm brand new to ruby and Watir, here's my issue...
I have a MySQL DB with test data that I need. I've done a lot in the past with this data and so I have a whole library of PHP tools for accessing this data, marking data as in use/used/bad/etc, and in general I have a lot of time invested in the PHP framework. So I'd really like to use the PHP framework as a wrapper around the Watir script - for example, use PHP to grab test user login data from the DB and pass it to the ruby script for processing.
I now have sites with javascript that need work/testing and PHP & cURL can't deal with this. So I'm working with Watir-WebDriver on Ubuntu 10.10 (Maverick, Desktop not Server) for these sites. The problem I'm having is with the use of PHP's shell_exec of the ruby script with all the Watir code.
The PHP shell_exec is executing the file - I can see it because I have some puts lines in the file which are being displayed. However, the code appears to be failing on the line
ff = Watir::Browser.new :firefox
I'm not getting an error from PHP.
The PHP line is:
echo shell_exec('ruby /var/www/watir_test.rb');
The ruby script works fine when I call it from a terminal window with the line:
ruby /var/www/watir_test.rb
I originally expected this was a permissions issue since it worked from the command line but not from a browser. However, since it can call the file well enough to return the hardcoded data I've provided for the test then ruby file permissions don't seem to be the issue. Could there be a permissions issue with opening a Firefox window from the www-data user?
When I run
ruby -d -v /var/www/watir_test.rb
I get:
{:extension=>:webdriver} {"app.update.enabled"=>"false"} {"browser.link.open_newwindow"=>"2"} {"browser.shell.checkDefaultBrowser"=>"false"} {"extensions.update.enabled"=>"false"} {"security.warn_entering_secure.show_once"=>"false"} {"webdriver_assume_untrusted_issuer"=>true} {"startup.homepage_welcome_url"=>"\"about:blank\""} {"browser.tabs.warnOnClose"=>"false"} {"extensions.update.notifyUser"=>"false"} {"toolkit.networkmanager.disable"=>"true"} {"security.warn_entering_weak.show_once"=>"false"} {"webdriver_firefox_port"=>"7055"} {"browser.download.manager.showWhenStarting"=>"false"} {"extensions.logging.enabled"=>"true"} {"network.manage-offline-status"=>"false"} {"network.http.max-connections-per-server"=>"10"} {"security.warn_submit_insecure"=>"false"} {"security.warn_entering_weak"=>"false"} {"security.warn_leaving_secure"=>"false"} {"prompts.tab_modal.enabled"=>"false"} {"security.warn_viewing_mixed.show_once"=>"false"} {"dom.max_script_run_time"=>"30"} {"webdriver_accept_untrusted_certs"=>true} {"browser.safebrowsing.enabled"=>"false"} {"security.warn_leaving_secure.show_once"=>"false"} {"signon.rememberSignons"=>"false"} {"javascript.options.showInConsole"=>"true"} {"app.update.auto"=>"false"} {"browser.EULA.3.accepted"=>"true"} {"browser.tabs.warnOnOpen"=>"false"} {"dom.disable_open_during_load"=>"false"} {"network.http.phishy-userpass-length"=>"255"} {"security.warn_entering_secure"=>"false"} {"browser.startup.homepage"=>"\"about:blank\""} {"browser.EULA.override"=>"true"} {"browser.dom.window.dump.enabled"=>"true"} {"browser.startup.page"=>"0"} {"browser.link.open_external"=>"2"} {"browser.search.update"=>"false"} {"browser.sessionstore.resume_from_crash"=>"false"} {"security.warn_viewing_mixed"=>"false"} {"dom.report_all_js_exceptions"=>"true"} {"webdriver_enable_native_events"=>false} {"devtools.errorconsole.enabled"=>"true"}
How do I get PHP to execute the shell_exec properly? The script works and my initial tests were run using firewatir (which shell_exec ran fine) but I am really wanting to use Watir-WebDriver instead of FireWatir - WatirWebDriver should be capable of running a Chrome browser (and IE on a Windows machine) while FireWatir can only run Firefox.
Thanks
Gabe
Here's my "Create Browser" code:
# Include the RubyGems file
require 'rubygems'
# Include the Watir-WebDriver file.
require 'watir-webdriver'
# Create the necessary objects
def create_browser(proxy)
# Setup the proper Firefox Profile
profile = Selenium::WebDriver::Firefox::Profile.new
profile.proxy = Selenium::WebDriver::Proxy.new :http => proxy
puts "<br>Using proxy " + proxy + "..."
#ff=FireWatir::Firefox.new :profile => profile
ff = Watir::Browser.new :firefox #, :profile => profile
puts "<br>Firefox ready..."
return ff
end
If the server is headless, you should install the headless gem so that Firefox can work.
require 'watir-webdriver'
require 'headless'
headless = Headless.new
headless.start
b = Watir::Browser.start 'www.google.com'
puts b.title
b.close
headless.destroy
See: http://watirwebdriver.com/headless/
It't a permission problem, the PHP script runs with the permissions of the server, normally apache.
You can do a sudo www and try to run the script then with rb to see if there is a problem when running ruby with the server user.
Put the two lines of code that is below at the very top of your PHP script. The result of this is that when you browse to your PHP page with your browser it will display exactly what the errors are, including any permission errors.
ini_set("display_errors",1);
error_reporting(E_ALL);
So a recent update to Firefox killed it's support for Watir (no JSSH update if I remember). As a result I rewrote what little code I had for Selenium::WebDriver. But I'm thinking that isn't particularly relevant (its included in case it is relevant I don't know it).
My ultimate solution was to use phpseclib. This allows me to SSH into the machine via their SSH2 PHP class. Once logged in as my typical username (with typical password) I was able to fire off a headless version of my script no problem. The only real issues this creates is that I now have to view everything that's going on through log files and screenshots but that was likely to be true no matter what solution I came up with.
phpseclib needs your username and password for the server (at least until you set some form of public private key pair). So I wouldn't want to do this on a publicly available machine without a couple of layers of security - like setting .htaccess to deny read access to the file with the login data, encrypting the password stored in the file, etc. However, for my purposes I'm logging into one machine on my LAN from another machine on my LAN. The password is only good on my LAN (not my web servers) and while my LAN can see out it should not be (easily) available to the rest of the world (to the best of my knowledge). So the security concerns are minimal.
I never did figure this out. Headless isn't the answer to getting PHP to exec the script. I'm pretty sure it is a permissions issue with Firefox's executable but I can't be positive until I find an actual fix.
Ultimately I've had to break up the tool where PHP manages the DB and task scheduling. Then PHP creates text files with all the data necessary for ruby to run the browser to right site, login, etc, etc... Then ruby moves the data file to one of a few different folders (success, failure, bad login, etc) and adds some text to the data file. Finally PHP parses all this info in the moved text files and updates the DB with that info.
It's less than ideal but it is getting the job done. Now I just need to figure out how to run all of this with mutliple threads...
Thanks for the help
First, I read some threads by people with similar problems but all answers didn't go beyond export DISPLAY=:0.0 and xauth cookies. So here is my problem and thanks in advance for your time!
I have developed a little library which renders shelves using OpenGL and GLSL.
Last few days I wrapped it in a php extension and surprisingly easy it works now.
But the problem is it works only when I execute the php script using the extension from commandline
$php r100.php(i successfuly run this from the http user). The script is in the webroot of apache and if I request it from the browser I get ** CRITICAL **: Unable to open display in apache's error_log.
So, to make things easier to test and to be sure that the problem is not in the library/extension, at the moment I just want to start xmms with following php script.
<?php
echo shell_exec("xmms");
?>
It works only from the shell too.
I've played with apache configuration so much now that I really dont know what to try.
I tried $xhost + && export DISPLAY=:0.0
In the http.conf I have these
SetEnv DISPLAY :0.0 SetEnv XAUTHORITY /home/OpenGL/.Xauthority
So my problem seems to be this:
How can I make apache execute php script with all privileges that the http user has, including the environment?
Additional information:
HTTP is in video and users groups and has a login shell(bash).
I can login as http and execute scripts with no problem and can run GUI programs which show up on display 0.
It seems that apache does not provide the appropriate environment for the script.
I read about some difference between CLI/CGI but cant run xmms with php-cgi too...
Any ideas for additional configuration?
Regards
Sounds bit hazard, but basically you can add even export DISPLAY=:0.0 to apache start-up script (like in Linux /etc/init.d/httpd or apache depending distro).
And "xhost +" need to be run on account which is connected to local X server as user, though I'm only wondering how it will work as php script should only live while apache http request is on-going.
Edit:
Is this is kind of application launcher?, you can spawn this with exec("nohub /usr/bin/php script.php &"); .. now apache should be released and php should continue working in background.
In your console, allow everyone to use the X server:
xhost +
In your PHP script, set the DISPLAY variable while executing the commands:
DISPLAY=:0 glxgears 2>&1
I work at a small computer shop, and we have to analyze windows minidumps all the time. My idea was to install the Windows Debugging Tools on a windows PC and use apache/PHP as an interface to it. That way I could just set up an HTML upload form that would accept the minidump file, run it through KD, then spit out the output.
It nearly works. I created a special user just for apache so I could assign it write privaleges to C:\symbols, and I use the following code:
<?php
$kdScript = "\"\\Program Files\\Debugging Tools for Windows (x86)\\kd.exe\" -c \"!analyze -v;Q\" -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -z ";
$kdScript .= $_FILES["myFile"]["tmp_name"];
$output = `$kdScript`;
print("<pre>$output</pre>");
?>
The problem I'm having is that the symbols are not downloaded as they should be. I've verified apache is running as the user I think it is by calling "whoami" from inside backticks. I've verified that I can run the windows version of wget from within backticks, so I have access to the network. I can file_put_contents() into a new file under C:\symbols, so I have file creation permissions.
Also, I tried having PHP simply output the command to the browser so I could copy and paste it into a terminal. I was able to run a command prompt as my apache user via "runas", paste the command from PHP's output into the prompt, and it worked as expected, downloading all the symbols it needed to C:\symbols. Of course, I had to point it to a dump file NOT in the PHP temp directory, but this shouldn't make a difference.
What could be the problem? Just as a side note, all of this is local on a trusted pc in a company that has a total of 3 employees/owners. Security for this project is irrelavent.
Not sure what your exact problem is, but the symbol server client code is finicky and not very debuggable, it took us lots of tinkering to implement our version of this. You can always direct folks there or use it yourself:
http://www.osronline.com/page.cfm?name=analyze
-scott