I've seen people uploading .php files that give them command line access to a server by loading http://example.com/cli, similar to SSH, could you give me an example?
A client bought a shared hosting account from a web host that does not allow ssh and forces me to use cPanel. I abhor cPanel, it cripples my productivity by making me click around and wait for it to load a bloated gui. What I hate more is that i have to download files and then upload them to the host instead of a wget https://wordpress.org/latest.zip
I'll just ignore the unexplained downvotes this question received and keep it up because this might help someone else in the future:
Most people I've seen have called it a web based shell, or a php shell. It lets you execute arbitrary shell commands on php servers. Here are a few projects I've found:
PHP Shell: http://phpshell.sourceforge.net/
b374k: https://github.com/b374k/b374k
Just be sure to use a password, and to delete the shell when you're done so that someone doesn't accidentally find it in the future.
Related
We have a small office intranet, built in PHP (on an apache server - so WAMP), that allows us to create project folders on our file server. This works by copying a set of template folders to a new location using the shell exec xcopy command and the following switches /e /k /i /c.
We (fairly) recently upgraded to a new file server running Windows Server 2008 R2 Standard. Now the xcopy command no longer works from within PHP. However, I know that the xcopy command is correct because it works if I copy and paste it into a command prompt (on the same machine).
I can see no error message but I assume this is some kind of permissions issue related to the PHP 'user', but I don't know exactly what or how to solve it.
The apache server and the file server are two separate machines. If it's relevant, the apache server is a 32bit machine and the file server is a 64bit machine but, as I say, I can invoke the xcopy command from the CLI of the 32bit machine without a problem.
The Apache process user name is SYSTEM (although I can't seem to use the 'whoami' command to check this)
Any pointers would be greatly appreciated.
FWIW, the exec string looks like this...
echo "xcopy \"\\\\path\\to\\folder\\xxxx_Project\\*.*\" \"\\\\path\\to\\folder\\9876_NEWPROJECT\" /e /k /i /c";
which (I think) materializes as this...
xcopy "\\path\to\folder\xxxx_Project\*.*" "\\path\to\folder\9876_NEWPROJECT" /e /k /i /c
Obviously, the '9876_NEWPROJECT bit is really a variable.
OK. I seem to have got it working. Here's what I did - tell me if it's a bad idea although I should point out that this is an intranet so I'm a little less concerned about security...
Go to Control Panel->Administrative Tools_>Services
Select the Apache service and hit Properties
On the Log On tab, click 'This account:' instead of 'Local System account', and then find the User account of Windows user who's normally logged on to that terminal
Restart Apache
I also amended the user info in the httpd.conf file, but I'm not actually certain that that was necessary.
If there's a better solution, that can be explained in words of two syllables or less, I'm all ears!
get_current_user() will confirm the user your script runs as.
Then try to manually execute your command as this user with runas (or if your user really is SYSTEM then you will need something like psexec to do so).
Now, assuming that your script actually runs as SYSTEM, it is very likely that this user is not authorised on the remote file server. I don't think it is even possible to do that (except, perhaps, by allowing "Everyone"). If it is, I am not sure this is a good idea anyways.
I would instead run the apache service as a regular user, and on the file server, grant access to this user.
Alternatively, you could mount the remote location as a network drive (not tested, other answers in the thread might help too).
We have a small office intranet, built in PHP (on an apache server - so WAMP), that allows us to create project folders on our file server. This works by copying a set of template folders to a new location using the shell exec xcopy command and the following switches /e /k /i /c.
We (fairly) recently upgraded to a new file server running Windows Server 2008 R2 Standard. Now the xcopy command no longer works from within PHP. However, I know that the xcopy command is correct because it works if I copy and paste it into a command prompt (on the same machine).
I can see no error message but I assume this is some kind of permissions issue related to the PHP 'user', but I don't know exactly what or how to solve it.
The apache server and the file server are two separate machines. If it's relevant, the apache server is a 32bit machine and the file server is a 64bit machine but, as I say, I can invoke the xcopy command from the CLI of the 32bit machine without a problem.
The Apache process user name is SYSTEM (although I can't seem to use the 'whoami' command to check this)
Any pointers would be greatly appreciated.
FWIW, the exec string looks like this...
echo "xcopy \"\\\\path\\to\\folder\\xxxx_Project\\*.*\" \"\\\\path\\to\\folder\\9876_NEWPROJECT\" /e /k /i /c";
which (I think) materializes as this...
xcopy "\\path\to\folder\xxxx_Project\*.*" "\\path\to\folder\9876_NEWPROJECT" /e /k /i /c
Obviously, the '9876_NEWPROJECT bit is really a variable.
OK. I seem to have got it working. Here's what I did - tell me if it's a bad idea although I should point out that this is an intranet so I'm a little less concerned about security...
Go to Control Panel->Administrative Tools_>Services
Select the Apache service and hit Properties
On the Log On tab, click 'This account:' instead of 'Local System account', and then find the User account of Windows user who's normally logged on to that terminal
Restart Apache
I also amended the user info in the httpd.conf file, but I'm not actually certain that that was necessary.
If there's a better solution, that can be explained in words of two syllables or less, I'm all ears!
get_current_user() will confirm the user your script runs as.
Then try to manually execute your command as this user with runas (or if your user really is SYSTEM then you will need something like psexec to do so).
Now, assuming that your script actually runs as SYSTEM, it is very likely that this user is not authorised on the remote file server. I don't think it is even possible to do that (except, perhaps, by allowing "Everyone"). If it is, I am not sure this is a good idea anyways.
I would instead run the apache service as a regular user, and on the file server, grant access to this user.
Alternatively, you could mount the remote location as a network drive (not tested, other answers in the thread might help too).
I'm very new to socket programming, but do lot of coding with php.
I have tested some socket server example codes and worked fine with localhost. I use CLI to run the server. But my concern is how do I run the socket server .php file at my hosting server? Do hosting providers normally give access to CLI to run the servers? How do I make sure my server is always running? If the hosting server is restarted, what happens to my server? In case, my server crashes (whatever reason), do I have to run it manually?
Can someone help?
If you are talking about a hosting server I expect you are talking about shared hosting. In that case it will be difficult to keep it stable if you even manage to run the service etc. I would suggests using at least a VPS for it. That way you can run it in the background, automatically start it at reboot but also install software to check the process and restart it if it failed.
For example: Testing whether the reboot startup works is impossible at shared hosting.
I don't know if your provider give you ssh access. Some provider do it but this are managed server or root server.
Then you can run your script over the CLI.
When you can run your server over CLI and when you have enough rights you can insert the script to the runlevel. And there is something that is called "shebang". With this you can give your script direct the php interpreter and run the script without the php command before.
php test.php or /usr/bin/php testScript.php
You can run direct run your script with test.php or name your script only testScript.
When you put your script to /usr/local/bin (for debian) you can run it everytime over the command like the php command.
Edit: I have forgotten something. For this solution you have to copy the /etc/init.d/skeleton to /etc/init.d/runPHPSocketServer for example and change the script values on top. Then you can insert it to the runlevel.
#: testScript or runPHPSocketServer start
When the script is under a executable directory you can insert it to your system runlevel.
#: update-rc.d runPHPSocketServer defaults
So you see there are some solution but for the most solutions you need ssh access.
This problem occurred to me multiple times now, and it's time for me to do it the right way!
How can I upload a website to the server, where php has access to the folders for writing data.
Usually I use an FTP program, but I can't upload as root, so there are restriction problems all over the place...
How do you do stuff like this?
Thanks!
EDIT
I'm sorry, I accidentally added rails to the tags instead off php.
Probably I need to clarify my problem, since the answers didn't really help me out here:
I already have a server running apache, DirectAdmin and some other stuff like rails.
And the problem is when I upload a website like joomla or wordpress via FTP the restrictions always need to be set to 777/775 or these sites can't write to the folders..
So what I need to know is:
How can I upload these sites (via FTP/SSH) as a user (root) that is the same as php, so that php can create files in all folders it needs to write to?
Hope I'm being more clear now, thanks for the help so far!
Use a server with ssh access and full write access to wherever your Rails app is hosted (and usually ssh access is as the user that Rails runs as).
For me this usually means a VPS type server, I like Rackspace Cloud which turns out to be around $11 - $15 per month for a low traffic, low spec server. I've also heard good things about Linode
The solution
Upload your site with FTP
SSH to the server and go to the public_html folder
chown -R [user_name]:[group_name] [folder_name]
For me the right user was apache..
I run an executable called Test.exe via exec which in turns runs Outlook.
I am able to run the Test.exe fine but I get the error:
Rejected Safe Mode action : Microsoft Office Outlook. in the windows event viewer.
If I run Test.exe myself via DOS it works fine and no errors. So its something to do with how PHP is running this exectuable. I've enabled apache to run as an admin account but the same thing happens.
What else should I be doing so that Apache can run the executable without any problems?
It works from the command line but not from the Apache process. Not surprisingly because Apache probably runs as a service, with a system account (Non-Desktop interactive).
If you reconfigure the service to run as a user with the right to logon locally and mark the service to be allowed 'Interaction with Desktop', I expect you could do this.
However, I'm at a total loss why anyone, at all, would want to start Outlook from a webserver application....
Sehe is right (but for some reason I cannot comment to his post, whatever...). Usually, you should access MS Office facilities via external code using specific OLE interfaces. You never use CreateProcess to start Outlook or Word from your program, it would be pointless because how can you control it after launching it?
I suggest you to check if you really need this, and if there's a more clean way to do it. You can try to create an external C#/VB.NET executable that performs all the automation you may need to do with Microsoft Outlook, indeed.
What is the actual scenario?
And, I don't like to correct people but if I don't, someone else will in the future and it'll be annoying. Don't say "via DOS" when you use a prompt under Windows. :D
i too am perplexed by would anyone would want to do this.
If you REALLY wanted to do this i guess you could run it as "start test.exe" or write a batch file that would run it. basically anything that would cause a different process to be the one actually launching the app.