I have googled this a lot but none of the results I have found worked for me. So far, I have only tried to do this with php, but cgi, javascript or whatever works is fine with me, as long as it gets the job done.
I would like to access a certain URL on my debian webserver. Once opened in the browser, this file shall execute the following shell commands. No buttons or links. If possible, I'd like to just open the URL, then have the script being started.
ssh user#192.168.189.12 <<'ENDSSH'
osascript ~/Desktop/Scripts/script.scpt
When running this as a regular .sh file it works fine. I have created lockkeys so that no password is prompted when connecting from A to B. What can I do to trigger this from, for example, the browser on my smartphone?
I am not trying to connect directly from any device to the Mac containing script.scpt. It is essential that the debian server triggers it and that it is executed by the webserver.
I just started learning about terminal comments, scripts and so on, so I have very basic knowledge of the subject. Please be patient with me.
Thanks in advance for your help :)
for simplicity I prefer to create a bash script. Let's call it
/var/NONwebroot/sshcoolstuff.sh
#!/bin/bash
ssh user#192.168.189.12 <<'ENDSSH'
osascript ~/Desktop/Scripts/script.scpt
make sure it is executable
<?php
exec('/var/NONWwebroot/sshcoolstuff.sh');
?>
Now I'd recommend putting some protection on that PHP script. Either limit who has access to it by IP address, or a password, or both.
here is a test bash script for you
#!/bin/sh
cat > test << EOF
Hello World!
This is my test text file.
You
can also
have
a whole lot
more text and
lines
EOF
Related
What I'd like to do:
When mydomain.com/index.php is viewed, run a script, that logs in on another machine (different from the one serving the index.php) in the local net of the server and runs a Python script.
What I have so far:
In the index.php I call
shell_exec('/var/www/dir/save.sh '.$ARG1.' '.$ARG2);
The script save.sh:
#!/usr/bin/expect -f
set cmd "python /path/to/python_script.py"
set file [lindex $argv 0]
set content [lindex $argv 1]
spawn ssh usr#local_ip "$cmd $file $content"
expect "assword:"
send "PWD\r"
interact
I ran sudo chmod www-data+x save.sh to enable the PHP-Site to run the command. When I run sudo -u www-data ./save.sh arg1 arg2 in the terminal, everything works as expected and I can see the output of python_script.py (that I print for testing).
However, when calling index.php and echoing the output of the shell_exec-Call, I see everything up to user#ip's password: but not the output of python_script.py and I can check, that the script has not been invoked on the other machine.
Any idea, what I'm missing?
I'm glad for any help! :)
UPDATE
Thanks for the quick responses. Sorry for not making myself clear enough.
First of all: This is not used for a public/commercial/elaborate website but rather for private fun and mydomain.com is locked by auth_basic.
My setup: Server1 is hosting mydomain.com. Server2 is running some stuff for private entertainment, e.g. smart home software and Telegram bots.
What I want to do: When calling mydomain.com/index.php, I want to save same parameters (actually just True or False) to Server2, to use them for some of the scripts running there. Server1 and Server2 are in the same local network but only Server1 is reachable from the outside, hence the idea to login via SSH and run a Python-Script.
I appreciate any advise on how to do this in a better way or to make my inteded solution work. :)
UPDATE 2:
Thanks symcbean for pointing to errors in the script. I have to admit, that I copy pasted it from other stackoverflow threads.
Thanks also to ADyson for pointing out better ways to handle the issue. I will definetly keep them in mind for bigger projects.
In the meantime I was able to get the script running. It is still very basic, does not track excection of the Python script and does not handle errors. Again, I wan't to point out, that I use this for private usage only and mydomain.com/index.php will only be up for limited time (it will be an andvent calender and will be taken offline after xmas). But just for completeness sake, here is what I came up with:
#!/usr/bin/expect -f
set cmd "python /path/to/python_script.py"
set file [lindex $argv 0]
set content [lindex $argv 1]
spawn ssh usr#local_ip
expect "assword:"
send "PWD\r"
expect "*\$ "
send "$cmd $file $content\r"
expect "*\$*"
send "exit\r"
interact
Leaving aside the peculiar choices before you got to that point, what exactly were you expecting to happen when the expect script gets to
interact
?
There is nothing in your shell script to start the python script, nor to track its execution, nor to exit the shell. Meanwhile you PHP code is blocked until the local script exits.
While there are lots of ways of fixing this, I am hesitant to suggest any without a better understanding of why you chose such an elaborate mechanism to handle the invocation.
Currently, I have to navigate to the example directory of solr and execute java -jar start.jar.
However, I want users to have the ability of running the server automatically by selecting an option. Lets say,
1.The user downloads the `solr` directory on his/her server.
2.Enters the location of the example directory he/she just downloaded.
3.Selects/Clicks an option saying "Start Solr server".
4. And the server is started.
Is this possible? I'm looking to do this through php.
If you can do it via command line, you can do it via php's exec() assuming that is not disabled on your server.
Note: This is a very dangerous function if you allow user input to go through it.
I think you need something like the following command to do this. Just add the path to the given command:
<?php
exec("nohup java -jar start.php > output.log 2>&1 &");
?>
nohup is important to decouple the solr process from your php request.
Your idea is dangerous, because you allow the user to enter any location to start their scripts. So you really need to think about path validation to ensure that only solr is started and nothing else.
I have been trying unsuccessfully so far to write a php script that will run when a page is opened and that will launch metasploit!
I ve tried shell_exec and exec and all the other alternatives but although I can get it to do simple things (i.e. ls, cds etc) if I try msfconsole it doesnt do anything!
I have also tried a different script that launches firefox and again nothing happens!
Now i know that php runs on the server and I m not expecting to see a console or firefox opening in the clients machine! Instead in order to check if it works I am trying to echo out the output of the shell_exec!But anyway since im hosting the files on my machine (i.e. this is the server and a VM is the client) if it could actually launch firefox i should be able to see the app opening here in the same way as by just doing this from the command line!
What am I missing?
Is there any other way to do this?(i.e. Launch metasploit everytime a user opens up my page)
NOTE: I've tried specifying the full path for msfconsole but that didnt work either!
Heres what I have so far:
$output = shell_exec('/opt/local/libexec/metasploit3/msfconsole;show');
echo "<pre>$output</pre>";
The ";show" bit was used in order to actually make it run something and print some stuff but didnt make any difference!
When you run a gui application from the command prompt in a X window system, it will use the default display. When you run it using php which is embedded in apache webserver, the program may not know where to display the gui application.
there are 2 things to make this work.
The program that executes the gui application must have permission to use display
you need to tell the program which display to use.
I used the following in my php script
<?php
$cmd = `export DISPLAY=:0; gedit`;
shell_exec($cmd);
?>
and ran the script from terminal using php -f test.php
I got the gedit up and running.
You can test the same with the script in apache too.
Please add apache user with privileges to access display server
update: I just added the following in /etc/apache2/apache2.conf (I am using ubuntu)
User poomalai
Group poomalai
and restarted the web server
sudo service apache2 restart
now I accessed localhost/test.php
and Presto!! I got the gedit :)
Hope this helps
I'm unsuccessfully trying to execute a shell command from php. The goal is to switch on/off my music player of my computer/server via internet (with my phone for example). Here is what I would be able to do :
I have a very simple file "play.sh" :
Code:
xdotool key XF86AudioPlay;
echo "switched";
if I run it ./play.sh, that works (music player switches on/off)
then I have an other very simple php file "play.php" :
Code:
<?php echo shell_exec("./play.sh"); ?>
These two files are in the main folder of my server which is a partition of my computer. (I'm using lampp) But music is playing from my computer.
But when I'm going on localhost/play.php, I can see "switched" that showed me the sh file as been executed, but the sound doesn't turn off .
I just tried exec(), shell_exec(), passthru(), system(), .. with ./play.sh and /opt/lampp/.../play.php the result is exactly the same, and there is no error message.. :/
But that's weird, I'm not sure, but I think that what I run on my computer side is not the same than what I run on my server side. I mean that it's like the sound was turning on/off on the virtual server but had no link with the sound of my computer. That could be an explanation.. but then, how to execute a script on my computer from internet/my server..?
Does someone have an idea to do that ? Is it a configuration of apache..?
Thanks !
EDIT :
Here is how I solved my problem :
xhost + local:www-data
Thanks for all your replies
It may be a permissions issue - keep in mind that when PHP runs a command, it's run as the user the webserver is running as, e.g. www-data or apache or whatever. If your music player is running as your own personal user, your script may not have the ability to change it when run as a different user.
Shell_exec works. Try to put in your .sh script absolute path to the executables
/usr/bin/xdotool key XF86AudioPlay;
First, I read some threads by people with similar problems but all answers didn't go beyond export DISPLAY=:0.0 and xauth cookies. So here is my problem and thanks in advance for your time!
I have developed a little library which renders shelves using OpenGL and GLSL.
Last few days I wrapped it in a php extension and surprisingly easy it works now.
But the problem is it works only when I execute the php script using the extension from commandline
$php r100.php(i successfuly run this from the http user). The script is in the webroot of apache and if I request it from the browser I get ** CRITICAL **: Unable to open display in apache's error_log.
So, to make things easier to test and to be sure that the problem is not in the library/extension, at the moment I just want to start xmms with following php script.
<?php
echo shell_exec("xmms");
?>
It works only from the shell too.
I've played with apache configuration so much now that I really dont know what to try.
I tried $xhost + && export DISPLAY=:0.0
In the http.conf I have these
SetEnv DISPLAY :0.0 SetEnv XAUTHORITY /home/OpenGL/.Xauthority
So my problem seems to be this:
How can I make apache execute php script with all privileges that the http user has, including the environment?
Additional information:
HTTP is in video and users groups and has a login shell(bash).
I can login as http and execute scripts with no problem and can run GUI programs which show up on display 0.
It seems that apache does not provide the appropriate environment for the script.
I read about some difference between CLI/CGI but cant run xmms with php-cgi too...
Any ideas for additional configuration?
Regards
Sounds bit hazard, but basically you can add even export DISPLAY=:0.0 to apache start-up script (like in Linux /etc/init.d/httpd or apache depending distro).
And "xhost +" need to be run on account which is connected to local X server as user, though I'm only wondering how it will work as php script should only live while apache http request is on-going.
Edit:
Is this is kind of application launcher?, you can spawn this with exec("nohub /usr/bin/php script.php &"); .. now apache should be released and php should continue working in background.
In your console, allow everyone to use the X server:
xhost +
In your PHP script, set the DISPLAY variable while executing the commands:
DISPLAY=:0 glxgears 2>&1