Can I permit RDP based connections from a website using PHP/JS/etc? I've read that RDP session files can be placed on the web server but would prefer to implement it via code. I am looking for the best way to offer a centralized management of windows machines and allow direct RDP connections.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa383019%28v=vs.85%29.aspx
This looks like it could potentially work, although it requires IIS as the web-server and requires a role to be installed on all remote machines. If possible, I would like to find a solution permitting this to work under a Nix based web-server and without any need for modifications on the remote servers.
This problem was resolved by creating an .rdp session file with PHP. Not to cleanest approach as a embedded solution would be better, but is the most viable I have found.
<?
$file = 'screen mode id:i:2
desktopwidth:i:1436
desktopheight:i:925
session bpp:i:16
auto connect:i:1
full address:s:<SERVERIP>:<SERVERPORT>
compression:i:1
keyboardhook:i:2
audiomode:i:2
redirectdrives:i:0
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
displayconnectionbar:i:1
alternate shell:s:
shell working directory:s:
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
bitmapcachepersistenable:i:1
winposstr:s:0,3,0,0,800,600
redirectclipboard:i:1
redirectposdevices:i:0
drivestoredirect:s:
autoreconnection enabled:i:1
authentication level:i:0
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
allow desktop composition:i:0
allow font smoothing:i:0
disable cursor setting:i:0
gatewayhostname:s:
gatewayusagemethod:i:0
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0';
header("Content-Disposition: attachment; filename=filename.rdp");
header("Content-Type: application/rdp");
print $file;
exit();
?>
Related
I use third part framework (exe file) for conneting one php application with taxt service.
Framework is open source, exe file sign xml, give soap cover and send it to central information tax system.
When i open this in batch file (run.bat), all working good:
Raverus.FiskalizacijaDEV.EXE.exe GetInvoice "" "C:\xampp\htdocs\get\racun.xml" "C:\xampp\htdocs\get\OutInvoice.xml" true true "C:\xampp\htdocs\get\certifikat.pfx" "Pwd"
but when i open in PHP using "echo exec('run.bat');" server give me this error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Does anybody have idea how i can resolve this? When i mannualy open batch file (in windows) all working. I use Xampp server.
The PHP user doesn't have the needed configuration or access rights.
If you are unsure which user is running your PHP script, you can use something like this to find out:
<?php
echo '<pre>';
system('set', $retval);
echo ' </pre>';
it should give out information as to which user your PHP is using. Then set up the env for that user so he can run your batch file. This might include importing the certificate for that user.
I am running a socket server using PHP. The socket server runs fine because I can connect to it using PHP.
Now, I have a flash application that is trying to connect to it:
this.socket.addEventListener(Event.CONNECT, onSocketConnect);
this.socket.addEventListener(Event.CLOSE, onSocketClose);
this.socket.addEventListener(IOErrorEvent.IO_ERROR, onIOError);
this.socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecError);
try {
this.socket.connect("myip", 9999);
} catch (ioError:IOError) {
this.debugLbl.text += "ioError1 "+ioError.message;
} catch (secError:SecurityError) {
this.debugLbl.text += "secError1 "+secError.message;
}
When I run the application locally, it works! However, when I upload it to my server I get a sandbox security error (#2048). The flash app is actually hosted on the same server as the socket server, and there is cross domain policy file in place.
Is it possibly you need to use a php proxy? I had to do that, doc'd it here. Although you did mention that the app's on the same server and theres a crossdomain.xml in place, so i'm probably off the mark there (btw, Flash 10 needs a different crossdomain.xml than prev versions as far as I know).
Are you actually loading the cross domain policy file? As far as I know, Flash Player only tries to load automatically the following file: http://www.example.com/crossdomain.xml. If your file is in another place, you should load it:
Security.loadPolicyFile("http://www.example.com/subfolder/crossdomain.xml");
Also, even if the app is on the same server, Flash Player believes "http://www.example.com" to be different from "http://example.com", so you should make sure you cover this possibility in the cross domain policy file:
<allow-access-from domain="*.example.com"/>
You need to pass the crossdomain.xml file by the socket, because when you work with socket dont work any policy file in the root of the app web.
Here the sample : http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
How do i check if php server allows connecting via curl to external sites before buying hosting package (or registering on free host)? I noticed that in some hosting reviews users were complaining that servers that have curl enabled often don't allow external connections...
I'd like to check this before purchasing/registering. Maybe there's some string in phpinfo which i can check (hosts sometimes link to their phpinfo so i don't need to be registered and create it myself) or something else i can do to check this without having account?
If I have to register first... maybe there are some phpinfo-like scripts with more extensive informations that i could upload and run to quickly test host?
Create a file like this:
<?php
phpinfo();
?>
or
<?php
echo "<pre>";
var_dump(curl_version());
?>
That will tell you instantly.
Also, most free hosts do not offer Curl by default, due to abuse by spammers.
You'll definitely need to buy an account before testing the server's capacities.
But some hosts allow you to test their site with a monthly contract or a XX days money back guarantee. From the top of my head, Host gator is such host.
Then when you have that account, try a small script like this (check the path to curl with your host helpdesk or documentation):
<?php
$var = echo shell_exec("/usr/bin/curl -L http://www.google.com");
?>
In our application, authentication is handled via set of Controller Plugins that validate the user etc.
I want to serve a large (video) file only to authenticated users- the obvious way to do this is via readfile() in the controller, but I'm finding it hits the PHP memory limit - presumably the output from the controller is buffered somewhere.
How can I turn off buffering just for this one controller?
EDIT: Thanks for all the useful tips about flushing any existing output buffering - I guess I was specifically looking for a way of doing this within the framework though?
Interesting problem... You could try:
// ...
public function largeFileAction()
{
// this clears all active output buffers
while (ob_get_level()) {
ob_end_clean();
}
readfile('path/to/large/file');
exit(); // to prevent further request handling
}
// ...
Ok, I might be totally wrong here, but I think to have read somewhere OB has to be enabled for ZendLayout and placeholder helpers to work, so you'd have to disable them for the downloadAction (you probably aint gonna need them for serving the file anyway).
Would something like this achieve what you want to do?
class DownloadController
{
public function downloadAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
// authenticate user if not done elsewhere already
header( /* ... the usual stuff ... */);
filepassthru(/* some path outside webroot */);
exit;
}
}
As Tyson wrote, your best choice (if you have full control over the server) is to validate users credentials and redirect him (302 temporary redirect) to the URL where he can download the file.
To prevent reuse of this URLs we are using Lighttpd and its mod_secdownload that allows you to generate a hash that is valid for the specified amount of time.
nginx has X-Accel-Redirect and Apache has mod_xsendfile.
If you decide to implement a separate lightweight web server there are other benefits as well (mainly lower memory consumption while serving static files and faster response times).
If you decide to go this route you will either have to add another IP address to the server and bind Apache only to the one IP address, and the other server (lighty of nginx) to the other because they are web servers the both listen on port 80. And changing the port for one of the servers is not a good idea because a lot of people do not have access to higher ports.
If adding another IP address is not an option you can install nginx on port 80 and use it as a reverse proxy to pass the dynamic requests to Apache which can listen on another port and serve all of the static files.
Considering using an external script to output the file, and stream it to the browser using PHP's passthru function.
If on a Linux-based system, you could try something like passthru("cat video_file.flv");
However, a better practice is to avoid this streaming (from within PHP) altogether and issue the client a 301 HTTP redirection to the URL of the actual static resource so that the webserver can handle streaming it directly.
I don't think you can actually. As far as i know php buffers all output before sending it to the requester.
you could increase the memory limit using ini_set()
$handle = fopen('/path/to/file', 'r');
$chunk_size = 8192;
while ($chunk = fread($handle, $chunk_size)) {
echo $chunk;
ob_flush();
}
This will probably need some tweaking, such as adding correct headers and reading in binary mode if necessary, but the basic idea is sound. I have used this method successfully to send 50+ MB files, with a 16 MB PHP memory limit.
within PHP (XAMPP) installed on a Windows XP Computer Im trying to read a dir which exists on a local network server. Im using is_dir() to check whether it is a dir that I can read.
In Windows Explorer I type \\\server\dir and that dir is being shown.
When I map a network drive a can access it with z:\dir as well.
In PHP I have that script:
<?php if( is_dir($dir){ echo 'success' } ) ?>
For $dir I tried:
/server/dir
//server/dir
\server\dir
\\server\dir
\\\\server\\dir
and
z:\dir
z:\\dir
z:/dir
z://dir
But I never get success?
Any idea?
thx
I solved it by changing some stuff in the registry of the server as explained in the last answer of this discussion:
http://bugs.php.net/bug.php?id=25805
Thanks to VolkerK and Gumbo anyway!
I love stackoverflow and their great people who help you so incredibly fast!!
EDIT (taken from php.net):
The service has limited access to network resources, such as shares
and pipes, because it has no credentials and must connect using a null
session. The following registry key contains the NullSessionPipes and
NullSessionShares values, which are used to specify the pipes and
shares to which null sessions may connect:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Alternatively, you could add the REG_DWORD value
RestrictNullSessAccess to the key and set it to 0 to allow all null
sessions to access all pipes and shares created on that machine.`
add RestrictNullSessAccess=0 to your registery.
You probably let xampp install apache as service and run the php scripts trough this apache. And the apache service (running as localsystem) is not allowed to access the network the way your user account is.
A service that runs in the context of the LocalSystem account inherits the security context of the SCM. The user SID is created from the SECURITY_LOCAL_SYSTEM_RID value. The account is not associated with any logged-on user account.
This has several implications:
...
* The service presents the computer's credentials to remote servers.
...
You can test this by starting the apache as console application (apache_start.bat in the xampp directory should do that) and run the script again. You can use both forward and backward slashes in the unc path. I'd suggest using //server/share since php doesn't care about / in string literals.
<?php
$uncpath = '//server/dir';
$dh = opendir($uncpath);
echo "<pre>\n";
var_dump($dh, error_get_last());
echo "\n</pre>";
Try the file: URI scheme:
file://server/dir
file:///Z:/dir
The begin is always file://. The next path segment is the server. If it’s on your local machine, leave it blank (see second example). See also File URIs in Windows.
Yes, I know this is an old post, but I still found it, and if anyone else does...
On Windows, with newer servers, verify the SMB is installed and enabled on the target machine.