I am trying to print generated forms / receipts through PHP (the printers will be installed on the server, I am not attempting to print to a user's local printer). I have decided to try the following methodology:
IN PHP:
Generate a PDF file and save it on the server.
Call a perl script to print said PDF file.
IN perl:
Use system() to "open" Reader and print the given PDF silently.
What works:
I can generate PDFs in PHP.
I can call a perl script.
If the script has errors, they report to the browser window. ie: If I purposely change file paths it fails, and reports the appropriate reason.
functions such as printf seem to work fine as the output displays in the browser.
The exact same perl script (with the "non-functioning" line mentioned below) works properly when executed from the command line or the IDE.
What doesn't work:
In perl: system('"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe" /N /T "C:\\test.pdf" 0-XEROX');
What happens:
NOTHING! I get no errors. It just flat out refuses to open Adobe Reader. All code below this line seems to run fine. It's like the function is being ignored. I am at a loss as to why, but I did try a few things.
What I've tried:
Changed permissions of the AcroRd32.exe to Everyone - Full Control.
Output the $? after the system() call. It is 1, but I don't know what 1 means in this case.
Verified that there are no disable_functions listed in php (though I think this is unrelated as shell_exec seems to be working, since some of the perl code is ran).
Various other configurations that at least got me to the point where I can confirm that PHP is in fact calling the perl script, it just isn't running the system() call.
Other info:
Apache 2.2.1.7
PHP 5.35
Perl 5.12.3 built for MSWin32-x86-multi-thread
WampServer 2.1
I'm at a loss here, and while it seems like this is an Apache / permissions problem, I cannot be sure. My experience with Apache is limited, and most of what I find online is linux commands that don't work in my environment.
Try this:
my #args = ('C:/Program Files (x86)/Adobe/Reader 10.0/Reader/AcroRd32.exe');
if (system(#args) != 0) {
# Can't run acroread. Oh Noes!!!
die "Unable to launch acrobat reader!\n";
}
The thing about system() is that it does two different things
depending on the number and type(s) of argument it gets. If the
argument is an array or if there are multiple arguments, Perl assumes
the first is the program to run with the rest as its arguments and it
launches the program itself.
If, however it's just one string, Perl handles it differently. It
runs your command-line interpreter (typically CMD.EXE on Windows) on
the string and lets it do what it wants with it. This becomes
problematic pretty quickly.
Firstly, both Perl and the shell do various kinds of interpolation on
the string (e.g. replace '//' with '/', tokenize by space, etc.) and
it gets very easy to lose track of what does what. I'm not at all
surprised that your command doesn't work--there are just so many
things that can go wrong.
Secondly, it's hard to know for sure what shell actually gets run on
Windows or what changes Perl makes to it first. On Unix, it usually doesn't matter--every shell does more or
less the same with simple commands. But on Windows, you could be
running raw CMD.EXE, GNU Bash or some intermediate program that
provides Unix-shell-like behaviour. And since there are several
different ports of Perl to Windows, it could well change if you
switch.
But if you use the array form, it all stays in Perl and nothing else
happens under the hood.
By the way, the documentation for system() and $? can be found here and here. It's well worth reading.
Related
First, as a background I am trying to encrypt data we have on the server when a new entity is made. This is on a legacy system which originated as a Perl CGI system, and has a separate portion which is PHP. The Perl part creates the groups, the PHP was later implemented to encrypt it.
I am trying to execute the PHP encryption script from a Perl CGI file. I have tried using:
exec("/path/to/file arg1 arg2")
system("/path/to/file arg1 arg2")
backtick operator /path/to/file arg1 arg2
open ("/path/to/file arg1 arg2 |)
I have also tried pointing directly to /bin/php and passing the file as an argument with each case. The only things I have had happen so far are:
Printing the output of exec/system... produces the Perl file (not even the php file) as text, which I haven't seen any mention of this happening anywhere else, but all I've seen is Perl, not CGI and Perl together.
No data. If I output $! from Perl I get an illegal seek error when using system, but the others leave it blank. All of them return 0 as if the exec/system/... has run, but nothing server side has changed.
From what I have read online I think that CGI may be running in some form of a "protected" mode which disables the exec/system/open/backtick commands on certain files, but am not certain that is the issue. As far as I can tell though, there is no indication of permission being restricted. If anyone has any insights that is much appreciated. If you need anymore information, let me know.
A few notes:
Show us actual, mimimal and complete test programs along with their output so we can see what you are doing.
system shares its filehandles with the parent program, so if the external program sends something to STDOUT, that's where it's going. If that's before you send your CGI headers, then things will get messed up.
backticks will capture standard output, but not standard error. Stuff might still go to an error log.
exec turns your program into some other program. That is, your Perl program does some setup and then becomes the thing that you exec, then never comes back (unless things fail).
Some things to help with debugging:
Make a small CGI program that simply calls another program you know that should work, such as date or something similar. Verify that you can do that much.
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
my $rc = system '/bin/date';
print "result was <$rc>";
Then, run php to show its version. Verify that you can run php.
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
my $rc = system '/usr/bin/php', '-v';
print "result was <$rc>";
Slowly add to the complexity. Find out where things stop working.
If your arguments to PHP come from user input, consider using taint checking and careful cleansing (perlsec). Notice I use the list version of system so the shell doesn't get a chance to interpret metacharacters.
I'm wondering if there's a way to display Box-Drawing characters in PHP CLI (Command Line Interface) under MS-Windows (i.e. using C:\wamp\bin\php\php5.5.12\php.exe -f "myscript.php"). Any attempt I've made shows up unreadable characters.
Furthermore I would like to know if there's a way to obtain a CLS (clear screen) under PHP CLI under MS-Windows. I tried system('cls') and exec('cmd /c cls') without success.
All my attempts failed up to now.
System calls are the most inefficient way of doing this, those often involve creating one or more processes. All you need to do is emit some ANSI escape sequences, you just echo the right characters and you can do anything screen-wise.
What you probably want is NCurses which is a library that does things like drawing boxes, windows and so on.
I have a php script which should use some preset system aliases. I.e. "alias ll=ls -l"
In terminal "ll" works but from php system("ll") outputs
sh: ll: command not found
How do I exit "sh" and execute my terminal commands?
P.S.: May be I missunderstood the basic linux components shell and bash. In this case, please correct me/the post
The PHP docs aren't clear about this, but presumably PHP's system is a reflection of Standard C's system(3), which hands the argument command to the command interpreter sh(1). If you want to avoid the shell, you'll need to use another feature of PHP besides system (like explicit fork/exec). That's context, but it won't help you solve your problem.
In your case it seems you just want the aliases in an rcfile. Scripts invoked by system calls aren't going to read your rcfile unless you take extraordinary steps to make that happen, and even if you do, it's going to be non-obvious to the maintenance programmer. I'd strongly advise you to put the alias in the script or command argument itself, or simply call the command explicitly (ls -al).
You can also manually source the rcfile from your script, or call system(csh -i 'yourcommands') to force csh to be invoked as an interactive shell (which should cause your rcfile to be read). I think this is a bad idea because it is effectively forcing the shell to behave inconsistently with its environment, but I'm including it here for completeness.
Most of the above I got from a quick read through the Startup and shutdown section of the csh manual on my Mac (Mavericks). There are other potential solutions there that I haven't laid out, as well.
Hello I have a couple questions about PHP exec() and passthru().
1)
I never used exec() in PHP but I have seen it is sometimes used with imagemagick. I am now curious, what is some other common uses where exec is good in a web application?
2)
About 6 years ago when I first started playing around with PHP I did not really know anything, just very basic stuff and I had a site that got compromised and someone setup there own PHP file that was using the passthru() function to pass a bunch of traffic throught my site to download free music or video and I got hit with a 4,000$ bandwidth charge from my host! 6 years later, I know soo much more about how to use PHP but I still don't know how this ever happened to me before. How can someone beable to add a file to my server through bad code?
1] Exec() is really useful when you:
A) Want to run a program/utility on the server that php doesn't have a command equivalent for. For example ffmpeg is common utility run via an exec call (for all sorts of media conversion).
B) Running another process - which you can block or NOT block on - that's very powerful. Sometimes you qant a pcnt_fork though, or similar, along with the correct CL args for non blocking.
C) Another example is when I have to process XSLT 2.0 - I have to exec() a small java service I have running to handle the transformations. Very handy. PHP doesn't support XSLT 2.0 transformations.
2] Damn that's a shame.
Well, lots of ways. Theres a family of vulnerability called, "remote file include vulns", that basically allow an attacker to include arbitrary source and thus execute it on your server.
Take a look at: http://lwn.net/Articles/203904/
Also, mentioned above, say your doing something like (Much simplified):
exec("someUnixUtility -f $_GET['arg1']");
Well, imagine the attacker does, url.come?arg1="blah;rm -rf /", your code will basically boil down to:
exec("someUnixUtility -f blah; rm -rf /");
Which in unix, you separate commands w/the ; So yeah - that could be a lot of damage.
Same with a file upload, imagine you strip the last four chars (.ext), to find the extension.
Well, what about something like this "exploit.php.gif", then you strip the extension, so you have exploit.php and you move it into your /users/imgs/ folder. Well, all the attacker has to do now is browse to users/imgs/exploit.php and they can run any code they want. You've been owned at that point.
Use exec or when you want to run a different program.
The documentation for passthru says:
Warning
When allowing user-supplied data to be passed to this function, use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.
Someone had probably found a security hole in your script which allowed them to run arbitrary commands. Use the given functions to sanitise your inputs next time. Remember, nothing sent from the client can ever be trusted.
exec() allows you to use compiled code that is on your server, which would run faster than php, which is interpreted.
So if you have a large amount of processing that needs to be done quickly, exec() could be useful.
Specifically, I need to automate the encoding of audio files into mp3 with LAME. You don't need to know LAME to answer this, I could be talking about svn or some other program..
I know how to use LAME on the command line to do this, for one file at a time.
I would like to do this via a php script however, so I can convert a bunch at once (for instance, all the files in a directory)
So what I am confused about, is how I should invoke the program, LAME. I could definitely use
shell_exec()
http://php.net/manual/en/function.shell-exec.php
But is that a "screwy" way to do it, since I am going through the shell?
Should I be using lame_enc.dll somehow instead, instead of lame.exe?
It seems like I could somehow do it with exec() also http://php.net/manual/en/function.exec.php
But in that case, how would I supply the arguments?
Or is there a better way to do it, maybe a .bat file? I am running windows
Should I be using lame_enc.dll instead of lame.exe somehow?
You can use exec() and specify arguments just like you would on the command line. Other options are outlined on the Program Execution manual page for PHP.
It's possible to do it with PHP. Not a typical use case scenario but it can be done. Since you are on Windows, a bat file would be better suited since then you don't need the PHP parser to run the script.
Put the same commands you would run in the console to convert your audio files with LAME in a *.bat. Then run the bat as if it was a regular executable file.