I've been trying to execute a .exe file server-side.
In other words, what I really want is after the user uploads a file to the server a .exe file (which converts this file) is executed.
I've tried opening notepad to see if the problem was on my executable file or in the php code and it doesn't run neither (although if I check the task manager I can see it has a notepad.exe process belonging to the SYSTEM user). My guess this is going against some security measure on windows
I should probably say that I'm running XAMPP on windows 7 x64.
This is what I'm doing:
exec("cd ../../ConvertObj/ && ConvertObj.exe", $data, $ret);
//for debuggging
var_dump($data);
var_dump($ret);
As you can see I'm also trying to read the output in an attempt to find the problem.
Now, you're probably wondering why I tagged this as unity3d as well. This executable file is a Unity3d standalone .exe . For what i've read there is a commandline argument which allows Unity3d to run without a GUI but, unfortunately, this is a PRO only argument... I don't really mind to see the GUI on the server xD
So, the output I get (using the unity3d .exe) is
array (size=2)
0 => string 'Mono path[0] = 'C:/xampp/htdocs/ConvertObj/ConvertObj_Data/Managed'' (length=67)
1 => string 'Mono path[1] = 'C:/xampp/htdocs/ConvertObj/ConvertObj_Data/Mono'' (length=64)
I though it was kinda weird. My guess is windows is blocking all GUI applications on the server since dir commands work flawlessly and I think these two lines are Unity3D complaining about something...
Any thoughts?
I've had to do this before.
In a closed (lan) environment with restricted users I hacked together this.
(for the record this isn't something I'm proud of, but it worked and continues to work to this day, I would NOT recommend this if this is for general public use)
In XP you could just check "allow this service to interact with the desktop" on the apache service. This doesn't work in W7, Also in my experience what the comment above suggested, set the service to use the apache user... this didn't work either.
In W7 the only way I know of to make it work was to stop running apache as a service in the services menu (set startup to manual). Then take httpd.exe and create a shortcut in your startup items.
Also, I had to use complete absolute paths for some reason eg. c:\Progra...
Again this is a terrible hack and 99% of the time I'd say there is going to be a better way to do what you're doing. Try rethinking your approach.
Related
What I'm looking for is an easy way to get either individual core usage or total CPU usage for the system that the PHP Script is running on.
However I'm unable to do so. I've looked all over for all manner of solutions from using perf (with and without passthru) to using winmgmts through COM.
The issue is, some of these will work on Windows if you use Apache, but with IIS the security restrictions stop PHP from being able to use for example winmgmts through COM so I just get back a null object.
How can I solve this? - I've honestly tried every solution I can find on the internet and while there is lots of information about how to raise the permissions all the guides point to IIS 7 or earlier and are no longer applicable to IIS 8.5 with literally the suggested option changes being non-existent.
If anyone could help me with this I'd be really appreciative, a workaround like using a third party application that could provide this data would also be acceptable if I can query the data through PHP either from a file or network etc Even a asp.net script that I could query? (I don't know anything about asp.net but I could use it for this single thing if it'd work?)
Thank you.
I managed to solve this and I hope it helps someone else.
What you must do is convert the folder where your PHP (or asp) will execute to an Application. So the structure will look like this:
Website Name
-> Application Name
Then you want to select the parent folder, the Website Name folder and go to "Basic Settings" in the far right actions pane and select "Connect As..." and connect as an Administrator account.
Once you've done this the application will inherent the credentials you specified on the parent website folder and you'll now have full access to perf, wmi and so on.
If you only give the credentials directly to the application it doesn't work and it also doesn't work if you don't convert your folder where your scripts will execute to an application. This is where I was being tripped up and the documentation online is very sparse.
I'd like to thank the good people at the phpsysinfo github for their IIS documentation which pointed me on the right track on needing to convert a site to an application which was part of the puzzle I was missing.
OK, having issues. My PHP script works except for 1 line.
This line tries to execute an outside command with exec().
I get:
Warning: exec(): Unable to fork
I tried searching for an answer. Several sites say I have to set the permissions on cmd.exe. Whether I do that in system32 or syswow64, I'm not sure.
Also not sure what user to add. ISUR or the user (lime) I get from get_current_user().
Windows won't let me add any users to the security list (right click on file, properties, security, edit).
It also won't let me use icacls cmd.exe /grant IUSR:F (access denied in system32)(The handle is invalid in syswow64)
I've already added full access rights (ISUR, SYSTEM, SERVICE, NETWORK SERVICE, lime, Everyone, and IIS_ISURS) to the folder where a file will be created. I realize this is overkill, and have to pare this down.
I'm going to have to do this in both Windows 7x64 (dev machine) & Windows Server 2012 (production).
So many examples I find are either geared for previous systems, or don't go into enough details.
Can someone please help me? I need to get the script working. Thanks
You do not provide enough information to answer your question...
If your PHP script is going to be executed in a Windows OS, perhaps you could have a look at the COM functions, instead of exec(). COM functions will give you way more control over what you're trying to do (Office automation, perhaps?)
COM is much more powerful than exec(), as it allows you to control the resulting application window itself, if there is one. For example, you can start a new process with an invisible window, or a minimized window.
Some examples can be found in the PHP exec() page itself.
Basically, you can do something like the following, to get an application running:
$shell = new COM("WScript.Shell");
$shell->Run("notepad.exe");
$shell = null;
Googling for "php WScript.Shell" will yield a lot of results on the subject.
Edit: Also, you'll need to add this into your IIS web.config:
<identity impersonate="true" userName="youruser" password="yourpass"/>`
This will set the user that IIS will impersonate when launching processes.
I am trying to print generated forms / receipts through PHP (the printers will be installed on the server, I am not attempting to print to a user's local printer). I have decided to try the following methodology:
IN PHP:
Generate a PDF file and save it on the server.
Call a perl script to print said PDF file.
IN perl:
Use system() to "open" Reader and print the given PDF silently.
What works:
I can generate PDFs in PHP.
I can call a perl script.
If the script has errors, they report to the browser window. ie: If I purposely change file paths it fails, and reports the appropriate reason.
functions such as printf seem to work fine as the output displays in the browser.
The exact same perl script (with the "non-functioning" line mentioned below) works properly when executed from the command line or the IDE.
What doesn't work:
In perl: system('"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe" /N /T "C:\\test.pdf" 0-XEROX');
What happens:
NOTHING! I get no errors. It just flat out refuses to open Adobe Reader. All code below this line seems to run fine. It's like the function is being ignored. I am at a loss as to why, but I did try a few things.
What I've tried:
Changed permissions of the AcroRd32.exe to Everyone - Full Control.
Output the $? after the system() call. It is 1, but I don't know what 1 means in this case.
Verified that there are no disable_functions listed in php (though I think this is unrelated as shell_exec seems to be working, since some of the perl code is ran).
Various other configurations that at least got me to the point where I can confirm that PHP is in fact calling the perl script, it just isn't running the system() call.
Other info:
Apache 2.2.1.7
PHP 5.35
Perl 5.12.3 built for MSWin32-x86-multi-thread
WampServer 2.1
I'm at a loss here, and while it seems like this is an Apache / permissions problem, I cannot be sure. My experience with Apache is limited, and most of what I find online is linux commands that don't work in my environment.
Try this:
my #args = ('C:/Program Files (x86)/Adobe/Reader 10.0/Reader/AcroRd32.exe');
if (system(#args) != 0) {
# Can't run acroread. Oh Noes!!!
die "Unable to launch acrobat reader!\n";
}
The thing about system() is that it does two different things
depending on the number and type(s) of argument it gets. If the
argument is an array or if there are multiple arguments, Perl assumes
the first is the program to run with the rest as its arguments and it
launches the program itself.
If, however it's just one string, Perl handles it differently. It
runs your command-line interpreter (typically CMD.EXE on Windows) on
the string and lets it do what it wants with it. This becomes
problematic pretty quickly.
Firstly, both Perl and the shell do various kinds of interpolation on
the string (e.g. replace '//' with '/', tokenize by space, etc.) and
it gets very easy to lose track of what does what. I'm not at all
surprised that your command doesn't work--there are just so many
things that can go wrong.
Secondly, it's hard to know for sure what shell actually gets run on
Windows or what changes Perl makes to it first. On Unix, it usually doesn't matter--every shell does more or
less the same with simple commands. But on Windows, you could be
running raw CMD.EXE, GNU Bash or some intermediate program that
provides Unix-shell-like behaviour. And since there are several
different ports of Perl to Windows, it could well change if you
switch.
But if you use the array form, it all stays in Perl and nothing else
happens under the hood.
By the way, the documentation for system() and $? can be found here and here. It's well worth reading.
im trying to implement on my site a system who let the user download a file that have to be change before the download.
I have a master file (a .exe program), that inside have a variable who has to be change for every different user.
The most simple solution is to change a variable inside a xml file every time the user want his personalized exe and then make the exe file to read the external file. BUT i dont want the user to download more than one file.
Is this possible? using php can i change a parametter inside a compiled program? Thanks for any help and suggestions!
If you really really know what you're doing and you know exactly the bits that need to be flipped inside the file, then yes, it's possible to modify the .exe file with PHP. Otherwise you have to make changes to the source or other files the .exe is built with and compile the program on the server before sending it to the user.
In theory it's certainly possible (PHP is turing complete), but as stated in other answers it will be hardly worth the hassle (considering the fact that you have to ask whether it is possible shows you'd have to investigate at last for days into the standard exe-format).
I'd recommend one of the following:
1) Zip the program with the configuration file; either use a separate launcher (e.g. Java [a JAR is a ZIP file]) or add a configuration file that is read by the program itself. There is a number of PHP libraries for generating ZIP files.
2) compile the program with the changed source on the server itself; however this can also become quite complicated depending on your server configuration and the programming environment you use. If you have never administered a virtual server I would not even slightly recommend that as an option.
3) If you can assume that the user got somewhat stable Internet access you might also consider to let hir download a standard executable, where additional configuration will be downloaded later on by the program itself (e.g. by transmitting the username to the server). However this creates dependencies you might want to avoid (your user probably can't use it on machines without Internet access and you should assert that your server is up most of the time).
While it's probably possible, I doubt it's worth the hassle. Unless you're trying to fight piracy or something. Why don't you just serve the user a custom .zip file with the .exe and a config .xml?
[edit after OP commented]
I presume what you're trying to edit is the facebook ID/username? Well, try to compile the base file with some unique string like "THISNEEDSTOBEREPLACED", then use some binary safe function to replace it. Though remember things can and will get tricky if the string lengths don't match.
I'm trying to make a web app that will manage my Mercurial repositories for me.
I want it so that when I tell it to load repository X:
Connect to a MySQL server and make sure X exists.
Check if the user is allowed to access the repository.
If above is true, get the location of X from a mysql server.
Run a hgweb cgi script (python) containing the path of the repository.
Here is the problem, I want to: take the hgweb script, modify it, and run it.
But I do not want to: take the hgweb script, modify it, write it to a file and redirect there.
I am using Apache to run the httpd process.
Ryan Ballantyne has the right answer posted (I upvoted it). The backtick operator is the way to execute a shell script.
The simplest solution is probably to modify the hgweb script so that it doesn't "contain" the path to the repository, per se. Instead, pass it as a command-line argument. This means you don't have to worry about modifying and writing the hgweb script anywhere. All you'd have to do is:
//do stuff to get location of repository from MySQL into variable $x
//run shell script
$res = `python hgweb.py $x`;
You can run shell scripts from within PHP. There are various ways to do it, and complications with some hosts not providing the proper permissions, all of which are well-documented on php.net. That said, the simplest way is to simply enclose your command in backticks. So, to unzip a file, I could say:
`unzip /path/to/file`
SO, if your python script is such that it can be run from a command-line environment (or you could modify it so to run), this would seem to be the preferred method.
As far as you question, no, you're not likely to get php to execute a modified script without writing it somewhere, whether that's a file on the disk, a virtual file mapped to ram, or something similar.
It sounds like you might be trying to pound a railroad spike with a twig. If you're to the point where you're filtering access based on user permissions stored in MySQL, have you looked at existing HG solutions to make sure there isn't something more applicable than hgweb? It's really built for doing exactly one thing well, and this is a fair bit beyond it's normal realm.
I might suggest looking into apache's native authentication as a more convenient method for controlling access to repositories, then just serve the repo without modifying the script.