I'm trying to figure out if there's a way in PHP to open a file on a user's desktop (i.e., the user select a file from a file list shown on a PHP page, and then the file opens with the appropriate program on the user's desktop as if the user had double-clicked it in the GUI.) After searching for a while, I discovered that this is possible via some convoluted-looking code using the COM object in PHP, but that's only going to work for Windows users and I'm trying to keep this platform agnostic.
Has anyone else ever tried to do this and succeeded?
You can't execute an application on the user's machine without either a lengthy "user consent" process, or the user voluntarily (and, ideally, knowingly) installing some software component.
I think the cleanest way might be to use a (signed!) Java applet.
Otherwise you could try and make the user register a specific protocol, with a suitable protocol handler, that you would let download and install on the user's system to intercept a link such as exec://format%20C%2C ;-)
Unfortunately, the file:// protocol is (understandably) restricted. For example, in Firefox it will work (somewhat) if you insert manually "C:\" in the address bar and navigate. If you click on those links they will (somewhat) work. Copy the same links in a document in a different security context (e.g. Internet) and lo and behold, it won't work.
Another possibility would be to backdoor all the intranet clients with, um, REXECd (available on most platforms) or some clone. Then when the user clicks, you send the command from PHP to the user's workstation. Since nowadays PC's are multiuser platforms, you'll need some quick legwork to determine how to do the deed. E.g. on a Linux box you'd have to run a X application with the appropriate ownership and DISPLAY value.
You could also "recognize" the user's platform and let the user download an appropriate batch file, either .sh or .bat or .cmd; but they would need a click to download, one to approve, one to open the executable.
You can't run files on client. It's a big security hole and browser will not allow you do that.
On windows you can use ActiveX, but client must allow installing ActiveX component, and you will have many problems with it.
Related
I develop some python applications so I know how to do this in python locally, but am working with some PHP developers (I know nothing of PHP) who say this can't be done in PHP. This is the idea: A php driven remote website which creates / hosts files. Using a web browser I want to download from this website a series of folders and files onto the local machine overwriting already existing files/folders with the same name. So in my browser I click on a download button which asks me to browse to a local or network folder to download the folders and files to. Currently we are just downloading a single .zip file containing all these files and folders which we have to unzip and manually move, copy paste, etc, very messy and cumbersome. There must be a better way with PHP and some other language?
No, it's not possible to access from a PHP (server-side language) to the Client Machine (from a Browser) and manipulate directly his file system, hard drive, or something like that. This is not the way it works.
Just think about it for a moment, if it could be accomplish, we have serious security threat, for example we visit a page like somebadassdude.com and they have a PHP script that create unlimited folders and files to fill up all our HD... and that is soft.
But hopefully the browsers dont allow this by security design.
Look at this:
As you can see at the Diagram, the Browser and the Server response each other through HTTP Requests & Responses. There's no a communication between them like a local program running at the Client OS. You treat with his Browser, and there's no way to command the Browser to manipulate the client hard-disk, and if that can happend, look at the security consern that I mentioned before.
To be more clearer, your PHP script is running at your server, not at the client machine. It only response when a user/browser request a specific resource at your server, and response with a HTTP Response, and it can contain HTML, or Json, or a File (to be downloaded or visualized by external program), or whatever.
You have limited options:
If it is something for a Intranet, or
local network, and you have access to that network, locally or
remotely like with a VPN access. You could share a folder over
network, in that way you can use a Php Script or Python script in
order to create the folders and copy the files to it, without have to
download a zip, and unzip manually from the Browser.
Using a Java Applet. Why? Because a Java Applet runs
on the Client Side, so you have access to his computer (if the user
allow it), and you certeinly can manipulate (create, delete, read,
etc. folders and files) his hard-drive. So when the user choose the files to download,
you fire the Java Applet, and let em request to the server the files
that the user has marked. When you have the files downloaded, create
or overwrite the files on the client machine.
Create and run a program in the Client Machine, in detriment of a Web Page, by this way you gain the needed flexibility. But of course, it have his own complexities.
So IHMO i think the Java Applet maybe is the best suited solution for you:
Do not have to change much your actual business model
It doesn't require a large time investment.
It is cross-platform, Java can work on a plenty of operating systems, and Java Applets in the most popular browsers.
By the way, I personally dislike Java, but it's a tool, and you have to use the right tool for a job.
Cheers.
I am designing a web-based file-managment system that can be conceptualised as 3 different servers:
The server that hosts the system interface (built in PHP) where users 'upload' and manage files (no actual files are stored here, it's all meta).
A separate staging server where files are placed to be worked on.
A file-store where the files are stored when they are not being worked on.
All 3 servers will be *nix-based on the same internal network. Users, based in Windows, will use a web interface to create an initial entry for a file on Server 1. This file will be 'uploaded' to Server 3 either from the user's local drive (if the file doesn't currently exist anywhere on the network) or another network drive on the internal network.
My question relates to the best programmatic approach to achieve what I want to do, namely:
When a user uploads a file (selecting the source via a web form) from the network, the file is transferred to Server 3 as an inter-network transfer, rather than passing through the user (which I believe is what would happen if it was sent as a standard HTTP form upload). I know I could set up FTP servers on each machine and attempt to FXP files between locations, but is this preferable to PHP executing a command on Server 1 (which will have global network access), to perform a cross-network transfer that way?
The second problem is that these are very large files we're talking about, at least a gigabyte or two each, and so transfers will not be instant. I need some method of polling the status of the transfer, and returning this to the web interface so that the user knows what is going on.
Alternatively this upload could be left to run asyncrhonously to the user's current view, but I would still need a method to check the status of the transfer to ensure it completes.
So, if using an FXP solution, how could polling be achieved? If using a file move/copy command from the shell, is any form of polling possible? PHP/JQuery solutions would be very acceptable.
My final part to this question relates to windows network drive mapping. A user may map a drive (and select a file from), an arbitrarily specified mapped drive. Their G:\ may relate to \server4\some\location\therein, but presumably any drive path given to the server via a web form will only send the G:\ file path. Is there a way to determine the 'real path' of mapped network drives?
Any solution would be used to stage files from Server 3 to Server 2 when the files are being worked on - the emphasis being on these giant files not having to pass through the user's local machine first.
Please let me know if you have comments and I will try to make this question more coherant if it is unclear.
As far as I’m aware (and I could be wrong) there is no standard way to determine the UNC path of a mapped drive from a browser.
The only way to do this would be to have some kind of control within the web page. Could be ActiveX or maybe flash. I’ve seen ActiveX doing this, but not flash.
In the past when designing web based systems that need to know the UNC path of a user’s mapped drive I’ve had to have a translation of drive to UNC path stored server side. I did have a luxury though of knowing which drive would map to what UNC path. If the user can set arbitrary paths then this obviously won’t work.
Ok, as I’m procrastinating and avoiding real work I’ve given this some thought.
I’ll preface this by saying that I’m in no way a Linux expert and the system I’m about to describe has just been thought up off the top of my head and is not something you’d want to put into any kind of production. However, it might help you down the right path.
So, you have 3 servers, the Interface Server (LAMP stack I’m assuming?) your Staging Server and your File Store Server. You will also have Client Machines and Network Shares. For the purpose of this design your Network Shares are hosted on nix boxes that your File Store can scp from.
You’d create your frontend website that tracks and stores information about files etc. This will also hold the details about which files are being copied, which are in Staging and so on.
You’ll also need some kind of Service running on the File Store Server. I’ll call this the File Copy Service. This will be responsible for coping the files from your servers hosting the network shares.
Now, you’ve still got an issue with how you figure out what path the users file is actually on. If you can stop users from mapping their own drives and force them to use consistent drive letters then you could keep a translation of drive letter to UNC path on the server. If you can’t, well I’ll let you figure that out. If you’re in a windows domain you can force the drive mappings using Group Policies.
Anyway, the process for the system would work something like this.
User goes to system and selects a file
The Interface server take the file path and calls the File Copy Service on the File Store Server
The File Copy Service connects to the server that hosts the file and initiates the copy. If they’re all nix boxes you could easily use something like SCP. Now, I haven’t actually looked up how to do it but I’d be very surprised if you can’t get a running total of percentage complete from SCP as it’s copying. With this running total the File Copy Service will be updating the database on the Interface Server with how the copy is doing so the user can see this from the Interface Server.
The File Copy Service can also be used to move files from the File Store to the staging server.
As i said very roughly thought out. The above would work, but it all depends a lot on how your systems are set up etc.
Having said all that though, there must be software that would do this out there. Have you looked?
If iam right is this archtecture:
Entlarge image
1.)
First lets sove the issue of "inter server transfer"
I would solve this issue by mount the FileSystem from Server 2 and 3 to Server 1 by NFS.
https://help.ubuntu.com/8.04/serverguide/network-file-system.html
So PHP can direct store files on file system and dont need to know on which server the files realy is.
/etc/exports
of Server 2 + 3
/directory/with/files 192.168.IPofServer.1 (rw,sync)
exportfs -ra
/etc/fstab
of Server 1
192.168.IPofServer.2:/var/lib/data/server2/ /directory/with/files nfs rsize=8192,wsize=8192,timeo=14,intr
192.168.IPofServer.3:/var/lib/data/server3/ /directory/with/files nfs rsize=8192,wsize=8192,timeo=14,intr
mount -a
2.)
Get upload progress for realy large files,
here are some possibilitys to have a progress bar for http uploads.
But for a resume function you would have to use a flash plugin.
http://fineuploader.com/#demo
https://github.com/valums/file-uploader
or you can build it by your selfe using the apc extension
http://www.amwsites.com/blog/2011/01/use-a-combination-of-jquery-php-apc-uploadprogress-to-show-progress-bar-during-an-upload/
3.)
Lets Server load files from Network drive.
This i would try with a java applet to figurre out the real network path and send this to server, so the server can fetch the file in background.
But i never didt thinks like this before and have no further informations.
thanks all of you for patiently answering my question "About exec() function in PHP: About exec() function in PHP", it has given me an idea of how this works and so. Lots of them pointed the syntax error, my pardon forgot to include the quotes.
Actually I have got a requirement in normal conditions the customer has the .exe file which he needs to normally run from command prompt, where he needs to include the path for the license and config files manually, so that application is valid for installation.
Now he wants a php script where he will enter the web page with his valid login details and with the click of link he should be able to run the .exe file to install the software on his machine. Including the license and config file is my job which I have been working on, on the other hand I am still not clear that this is really possible to run the .exe file on the clients machine when the script runs on the php remote server. What can be the other alternatives to accomplish this. Can anyone clear my doubts?
You cannot run anything on the client machine from a PHP script running on the server. It's impossible. What you can do is create an archive (e.g. ZIP) that contains the executable file, the license file and the configuration. Then you can offer this archive to the user as download. After extracting the archive on his machine he then would be able to execute the application.
Other possibilities to execute something on the client machine would be a Java applet or a Flash application. Those are subject to a lot of security restrictions though.
Alternative:
1.Save settings to file
2.Compact programm to archive with setting file && license
3.Download archive
PHP is on the server, the server generates HTML/JS/CSS. The PHP process ends before the web page is displayed to the user.
There's no way, and a VERY VERY good reason why this can not or will never be able to be done.
And why would you want to run an .exe file on someone's computer other than malicious reasons?
You're on the Web, sell subscription, what licensing are you talking about?
There is no way to actually execute a program on the client machine directly from PHP. The best you can hope to achieve is to provide a download for the executable file and then the client can execute it manually. You could provide an archive file with the installation executable and config/license file(s), but the client would still have to execute the file manually.
You could potentially use client-side technologies such as Flash, Java or ActiveX to accomplish this, but this is not a simple task and requires fairly intimate knowledge of the languages on which these technologies are based.
If the file was an MSI, it would be theoretically possible to allow the server to remotely install it on the client machine, however there are some barriers to this:
You need a fully fledged Windows domain for this, and both the server and client machines would have to be members of that domain. There is no way around this.
You would most likely need to know the NetBIOS name of the client machine, and there is AFAIK no 100% reliable way to determine this from PHP.
Your PHP instance would need to be running under an account that has administrative privileges in the domain. This is unlikely to be the case at the moment, and it is not a very good idea to run like this anyway.
I am developing a web application.
I would like to extend my error messages (and their backtraces) so that I can click on the mentioned file, and have it opened automatically in my PHP IDE.
I would like to make this a easy-to-activate feature so that whoever works on the web application, can easily map the error message to point to their local copy of the site, and open their IDE.
What - short of developing a custom FF extension - is the simplest way you can think of to execute a local command (a batch file that calls the IDE) on click in Firefox on Windows(7)?
I have looked for extensions but had no luck. Maybe using another extension like Firebug or Greasemonkey?
Security is not an issue, as this is supposed to work on the developer's workstation only and I can change my local Firefox's settings.
You can add a new protocol (like "edit://") to windows (http://msdn.microsoft.com/en-us/library/aa767914(VS.85).aspx) and write a small handler program that picks a filename from the "edit://" url and passes that file to the editor. This way i taught windows to understand txmt links (http://blog.macromates.com/2007/the-textmate-url-scheme/) in the way my mac does.
There's not a way to do this with javascript. But it looks possible with a firefox addon. Have a look at this.
http://mozex.mozdev.org/
MozEX is an extension which allows the user to use external programs for these actions:
* edit content of textareas (possibly utilizing a spell-checker, color syntax etc.)
* view page source
* handle mailto, news, telnet and FTP links
* download files
* ... and many more :)
The universal handler lets you enter a list of protocol schemes, e.g., "abc://,def://" and a
command to handle them. So you just have your application generate a url that begins with
your chosen (made up) protocol, and mozex will intercept a click on the url and send the
url to your chosen command as a paramater.
I think this is exactly what you want.
I think that the closest you can get to this, is by having the configuration of the web browser associate a particular mime type with a given "helper application" (here the IDE program), and to have the HTTP server return such a file.
Otherwise, security concerns dictate that browser would not run any "abritrary" program/logic on the client.
Pekka,
After reading the thread so far, it seems that you want to build an application that somehow authenticates with the server--i.e.: the "average user" wouldn't have access to it. If this were the case, then delivering it through the browser is an impossibility without writing a custom extension.
Running authentication through GreaseMonkey is difficult, but once the client is authenticated, there is no real way to "run" the trace.
If the server generates a batch file or some kind of instruction set (script, shortcut, etc.), you can simply configure the browser (or have the local instance of your app configure the browser) to run the file. The problem here is that you have no way to automatically authenticate!
The only other way I can imagine that you could get this to work is via a Java applet, which would only be cumbersome and require Java to initialize every time you wanted to import a trace.
The problem you have is that the browser is inherently secure. It's designed to protect the computer from malware, rogue websites, etc etc., and so without developing a custom extension for the browser, there's no way to make the hop to any applications that run in tandem with the browser.
So on that note, I'll suggest that you reconsider writing a Firefox XUL extension as mentioned above. You'll probably need to implement some XPCOM code to make it work, too. Here are some resources that will help get you started:
https://developer.mozilla.org/en/xpcom
https://developer.mozilla.org/En/XUL
http://ted.mielczarek.org/code/mozilla/extensiondev/
https://developer.mozilla.org/en/XUL_Tutorial/Introduction
I don't know which IDE you're using, but in for example Eclipse you can also use the built-in webbrowser to test your webapp and the exceptions/traces in the Eclipse console log already have links to the source code in question. Easy as that. See if your IDE provides something similar.
I have a file where i m able to generate the pdf, but i want the path to be users desktop which would save it automatically.
$pdf->Output("sample.pdf");
What should be path.
No matter what you have server side you won't be able to automatically save a file on a user's system via their browser with no interaction from them as that would be a massive security hole. The user will always have to confirm the save of a file.
For similar reasons you won't be able to query the directory structure of a User's system via the browser, and even if you could I don't think you can give a browser a suggested directory in which to save something.
You can't do that with PHP. PHP runs on your server, not on your user's desktop. You probably want to store the file somewhere on the server, and then show the user a link to download the generated file.
Unless of course, you're talking about running PHP locally on your user's computer (i.e. apache or some other webserver is installed on your user's computer, in which case please clarify your question.
Assuming your php script is running as a client-side app through the Command Line Interface or PHP-GTK, you should first check if the system it runs on actually is a Win32 type machine.
Next you'd need to use the Windows Only Extensions to invoke the native Win32 API Function call returning a well-known location such as user's desktop folder, that is SHGetFolderPath() with a CSIDL_DESKTOP as a second parameter.
If however your script runs on a server, there's no way to put the file on user's desktop directly without her actually being instructed to do so.
You should output the PDF to the browser and provide the appropriate headers to have the file be recognised as PDF (or merely as downloadable to force a download). Also make sure not to output anything other than the PDF as that might corrupt the file.
EDIT: Note that if you use a webbrowser it is, for security reasons, not possible to FORCE an automatic download. You can only prompt a download, not activate it.
If you're talking about a PHP script (e.g. on a Linux workstation), you probably want to do something completely different. If the PDF library doesn't let you specify a path, do the same you would do in a web browser sans the headers and use an output buffer to catch the output and write it to a file -- if you run the script directly, it'll have the necessary privileges to write to your home directory.