OK, having issues. My PHP script works except for 1 line.
This line tries to execute an outside command with exec().
I get:
Warning: exec(): Unable to fork
I tried searching for an answer. Several sites say I have to set the permissions on cmd.exe. Whether I do that in system32 or syswow64, I'm not sure.
Also not sure what user to add. ISUR or the user (lime) I get from get_current_user().
Windows won't let me add any users to the security list (right click on file, properties, security, edit).
It also won't let me use icacls cmd.exe /grant IUSR:F (access denied in system32)(The handle is invalid in syswow64)
I've already added full access rights (ISUR, SYSTEM, SERVICE, NETWORK SERVICE, lime, Everyone, and IIS_ISURS) to the folder where a file will be created. I realize this is overkill, and have to pare this down.
I'm going to have to do this in both Windows 7x64 (dev machine) & Windows Server 2012 (production).
So many examples I find are either geared for previous systems, or don't go into enough details.
Can someone please help me? I need to get the script working. Thanks
You do not provide enough information to answer your question...
If your PHP script is going to be executed in a Windows OS, perhaps you could have a look at the COM functions, instead of exec(). COM functions will give you way more control over what you're trying to do (Office automation, perhaps?)
COM is much more powerful than exec(), as it allows you to control the resulting application window itself, if there is one. For example, you can start a new process with an invisible window, or a minimized window.
Some examples can be found in the PHP exec() page itself.
Basically, you can do something like the following, to get an application running:
$shell = new COM("WScript.Shell");
$shell->Run("notepad.exe");
$shell = null;
Googling for "php WScript.Shell" will yield a lot of results on the subject.
Edit: Also, you'll need to add this into your IIS web.config:
<identity impersonate="true" userName="youruser" password="yourpass"/>`
This will set the user that IIS will impersonate when launching processes.
Related
What I'm looking for is an easy way to get either individual core usage or total CPU usage for the system that the PHP Script is running on.
However I'm unable to do so. I've looked all over for all manner of solutions from using perf (with and without passthru) to using winmgmts through COM.
The issue is, some of these will work on Windows if you use Apache, but with IIS the security restrictions stop PHP from being able to use for example winmgmts through COM so I just get back a null object.
How can I solve this? - I've honestly tried every solution I can find on the internet and while there is lots of information about how to raise the permissions all the guides point to IIS 7 or earlier and are no longer applicable to IIS 8.5 with literally the suggested option changes being non-existent.
If anyone could help me with this I'd be really appreciative, a workaround like using a third party application that could provide this data would also be acceptable if I can query the data through PHP either from a file or network etc Even a asp.net script that I could query? (I don't know anything about asp.net but I could use it for this single thing if it'd work?)
Thank you.
I managed to solve this and I hope it helps someone else.
What you must do is convert the folder where your PHP (or asp) will execute to an Application. So the structure will look like this:
Website Name
-> Application Name
Then you want to select the parent folder, the Website Name folder and go to "Basic Settings" in the far right actions pane and select "Connect As..." and connect as an Administrator account.
Once you've done this the application will inherent the credentials you specified on the parent website folder and you'll now have full access to perf, wmi and so on.
If you only give the credentials directly to the application it doesn't work and it also doesn't work if you don't convert your folder where your scripts will execute to an application. This is where I was being tripped up and the documentation online is very sparse.
I'd like to thank the good people at the phpsysinfo github for their IIS documentation which pointed me on the right track on needing to convert a site to an application which was part of the puzzle I was missing.
Disclaimer: I did not think through the right language to use for this project before I developed it. I should have used Python for the webbrowser.open() function knowing that I needed to open browsers. But anyways.. A shot in the dark.
I am working on a PHP command line application. I am almost done, and the last feature allows the user to open a browser using the command line, much like redmine-cli's redmine-cli open [issue #] command.
Checking the source, I can tell that Redmine CLI uses the webbrowser.open.. But I am using PHP [the worst language to make a CLI app out of?].
I knew they wouldn't work, but a shot at the dark, I tried to user the header() function in PHP, as well as embedding the window.open() JS.. Which, obviously doesn't work.
I want to open a web browser in my PHP cli app. Is it possible, or should I just rewrite the app [sigh] in Python?
I have an HTML form which I am submitting to a PHP script. I am using PHP to write an XML file based on the form input, and then I would like to have PHP execute an ANT buildfile that will use the XML as input for an XSLT task. All of this is part of a much larger application, none of which is exposed beyond our LAN, so security is not a huge concern of mine. My problem is that I cannot get the PHP exec task to start ANT. I have tried seemingly every combination of executing a BAT that calls ANT, using the full path to the ANT binary, calling ANT with java, etc. All roads lead to:
Error occurred during initialization of VM
Could not reserve enough space for object heap
Could not create the Java virtual machine.
I am running PHP 5.3 on Windows Server 2008 running IIS7. The PHP is located in inetpub/wwwroot/etc. Ant is installed in C:\Program Files. I personally don't believe it's a permissions issue, but I could be wrong. I have scoured the web in search of the answer, but I have only found the question unanswered or suggestions similar to those mentioned below.
I am currently attempting to install phing, and will consider another server-side scripting language to accomplish the same job (I am just way more comfortable in PHP). But if anyone knows of the issue and how I can work around it that would be awesome.
Cheers!
Is there any way to get JavaScript to run apt-get install gimp on the user's computer when on a link click so that, The user will know the software is being installed.
I've tried googling it.
If there is no way of doing this, please say as after a day, I will mark it as the answer.
there is link shortcut for that on ubuntu :
gimp
but it does not install automatically, it just launch the package manager
Few answers above mention that if it exists, then it will be unsafe.
But the fact is that there is an existing solution already for ubuntu and its safe too.
The mechanism is called apturl. see here:
https://help.ubuntu.com/community/AptURL
https://wiki.ubuntu.com/AptUrl
It is supported by firefox, konqueror atleast. It needs "apturl" package to be installed(which is installed by default ). When user click on apt-url link as shown in answer above by #atrepp , then the defult package launcher will start to install with asking for appropriate authorization(password), as if you would have clicked in "Ubuntu Software Center". Its completely safe as much as you would have installed via "Ubuntu Software Center" or "apt-get" directly.
And i am confident that no such solution exists for RHEL or SuSE.
If this would be possible, it would be a huge security issue! Just imagine a similar link, but running something like rm -rf ~... As far as I know, JavaScript in browsers has no support for child process creation.
On the other hand, Java is able to create child processes (as your apt-get), so you might use a (signed) Java applet for this; in that case, the user will be prompted to authorize the applet to run, to make him aware of the potential security risk.
if you could do that I will never use the internet because it will be full of spams.
javascript and all the client side scripts have very limited privileges, so making a shell command is impossible
Hmm No, It is not possible to run a shell command on the clients computer directly from JavaScript. Sure there are JavaScript shell functions but they are limited to what they can do. But under no circumstance does a client side code on the web has the authority to access a root level command such as apt-get install.
You could possibly write a python/ruby/perl script that does that. Have the user download it and execute it manually.
Aside from that I'm sorry buddy, its simply not possible (at least from what I've read throughout the years on the web).
I've been trying to execute a .exe file server-side.
In other words, what I really want is after the user uploads a file to the server a .exe file (which converts this file) is executed.
I've tried opening notepad to see if the problem was on my executable file or in the php code and it doesn't run neither (although if I check the task manager I can see it has a notepad.exe process belonging to the SYSTEM user). My guess this is going against some security measure on windows
I should probably say that I'm running XAMPP on windows 7 x64.
This is what I'm doing:
exec("cd ../../ConvertObj/ && ConvertObj.exe", $data, $ret);
//for debuggging
var_dump($data);
var_dump($ret);
As you can see I'm also trying to read the output in an attempt to find the problem.
Now, you're probably wondering why I tagged this as unity3d as well. This executable file is a Unity3d standalone .exe . For what i've read there is a commandline argument which allows Unity3d to run without a GUI but, unfortunately, this is a PRO only argument... I don't really mind to see the GUI on the server xD
So, the output I get (using the unity3d .exe) is
array (size=2)
0 => string 'Mono path[0] = 'C:/xampp/htdocs/ConvertObj/ConvertObj_Data/Managed'' (length=67)
1 => string 'Mono path[1] = 'C:/xampp/htdocs/ConvertObj/ConvertObj_Data/Mono'' (length=64)
I though it was kinda weird. My guess is windows is blocking all GUI applications on the server since dir commands work flawlessly and I think these two lines are Unity3D complaining about something...
Any thoughts?
I've had to do this before.
In a closed (lan) environment with restricted users I hacked together this.
(for the record this isn't something I'm proud of, but it worked and continues to work to this day, I would NOT recommend this if this is for general public use)
In XP you could just check "allow this service to interact with the desktop" on the apache service. This doesn't work in W7, Also in my experience what the comment above suggested, set the service to use the apache user... this didn't work either.
In W7 the only way I know of to make it work was to stop running apache as a service in the services menu (set startup to manual). Then take httpd.exe and create a shortcut in your startup items.
Also, I had to use complete absolute paths for some reason eg. c:\Progra...
Again this is a terrible hack and 99% of the time I'd say there is going to be a better way to do what you're doing. Try rethinking your approach.