I want to execute a .exe file on my Apache server using a php script.
the procedure is as follow:
user comes, fills a html form
it goses to a php script
php script executes the name.exe file
php prints the output of the name.exe file on the page.
I execute the name.exe normally from windows like this:
run--> cmd--> D:\name [command]
the name.exe needs to communicate with other files like libraries in the same directory.
the complete comand in cmd at windows is like this:
D:\name library.dll [input from user]
then program executes and prints some results in cmd window.
I actually want to run this program on my server form my clients.
I don't know how, but I now there is a way to do this.
Another related question, is there any shell that I can install on Linux server and execute name.exe in it?
Please rethink your solution as this will likely create more problems (particularly security issues) than it solves. By having a PHP script execute your program you run the danger of a user entering the following into your form:
John Doe; rm \windows\*
or
John Doe; rm d:\name\*
You want to limit user input to a very controlled subset so that you won't get malicious command injection.
PHP does provide an exec() but be very careful.
You should escape the user input with escapeshellarg before sending it to the command.
$saferinput = escapeshellarg($input);
system('D:\name library.dll '.$saferinput);
You probably want passthru() or exec().
As for Linux, if name.exe runs well under WINE, you would probably want to use passthru() or shell_exec() and call WINE to run name.exe. I have no idea what name.exe does, so even if it runs under WINE, there's no guarantee that it will actually work.
There is, however no magic shell that allows Linux to execute arbitrary Windows executables.
As noted, be very careful of what you allow to get to exec() or passthru() or anything else that executes code outside of your script. I'm not going to go as far as to say you probably should not be doing whatever it is that you are doing, but I'm not the one working on whatever you are working on :)
This is a very bad idea. Aside from having to grant ridiculous permissions to the user account under which your web server is executing, which effectively gives anyone visiting your site the power to run executables, your run the risk of thread safety issues, file system locking problems, and others.
If you absolutely must use this exe, create a queuing system. Have your site put the form request into a convenient repository (say, a database), and have a service poll the database periodically to run this process. This allows separation of user accounts and associated permissions for the website and the exe, eliminates any concurrent execution issues, and decreases response latency for your site.
Some (cough) languages allow you to create this service and your site code in the same language/techology, but in this case you'll have to break out the .NET or other compiled language in order to create such a service.
I think we can do this by connecting to the server using PHP SSH. There is a library (http://phpseclib.sourceforge.net/) which allows you to connect to the server via SSH. Earlier I tried connecting to the server using telnet and execte .exe. But my school admin has blocked telnet due to security reasons, so I need to work on ssh.
Related
I have setup a web server and based on an HTTP request and need to execute a script as a different user.
So with regard to that, can I run HTTP as the user I need?
Or can I provide password non interactively and include something like below as the first line of the bat file.
runas /user:dmn1\user1 cmd
First of all its not a good idea to execute bat,sh or any other files from the commands can be tricked any ways.
You can use php's exec() to execute system commands.
If you're trying to execute the command as a different user in the web server itself then I don't know how that is done but If you're trying to execute cmd via browser it can be achieved via .hta script which might not work with modern browsers except IE.
Windows lacks built-in sudo-like functionality.
Your options are:
Use a 3rd-party tool such as psexec (requires specifying password in cleartext; might be a bit glithy sometimes) or sudo for windows (allows webserver user unrestricted administrative access - insecure).
Run another web-server instance with the required user credentials on a different port and redirect requests there with .htaccess (this may be very insecure!)
You can only allow local access and use CURL from 1st webserver to make requests to the second one
Open "task scheduler" (taskschd.msc) and create a task, select the user as owner and enter their password.
To run the task use:
schtasks /run /s SERVERNAME /tn "SCHEDULEDTASKNAME"
You cannot pass parameters to the task directly - you can use a file but beware of overlaps if two people access the HTTP simultaneously
Run a BATCH file (or a python/powershell/autoit script) that monitors a directory for files. When a file appears, read parameters from there, run the task, and delete the file.
You can run the "server" script via task scheduler.
HTTP server should then create files in that folder with long random names.
If creating files is undesirable you may be able to use a named pipe or local TCP connection (netcat) or similar
write a system service yourself (you may need a tool such as NSSM to actually make it run as a service )
I have a little Apple script as follow:
beep
delay 2
tell application "Finder" to activate
It just makes a sound, wait 2 second and then bring the "Finder" window to the foreground.
When I run it from the command line, it works fine.
Then I want PHP to call that script using the exec() php function.
<?
$cmd = "/usr/bin/osascript \"myscript.scpt\"";
exec($cmd);
?>
It still works fine.
But when I call that same PHP script from the browser, it doesn't work! The PHP starts, the Apple script starts as well since I can hear the beep sound but its last line is not executed.
I thought that would be an environment variable thing so I made sure they were all the same way as in the terminal:
$cmd = "HOME='/Users/mikael' && … && /usr/bin/osascript \"myscript.scpt\"";
The variables are set properly (as check with env|sort) but still no luck with running my apple script inside a php script displayed in the browser and using the standard MacOS apache stuff.
Any idea?
When osascript runs from PHP, through the web server, it's not running with a login context, so it can't send Apple events to applications running on the desktop (like the Finder). You'll find that a similar issue arises if you try to use osascript over SSH.
Login contexts are a complex, poorly documented area of OS X. You may want to get your hands on a copy of Amit Singh's Mac OS X Internals: A Systems Approach if you want to learn more about them.
If you don't, though, the answer is generally pretty simple: don't depend on osascript working correctly from the web server.
OK, I may have found a way that allows the Apple script to be called from PHP from within a browser.
It is not fully satisfactory but this is what I'm going to do:
So basically instead of using the default macOS apache server, I use this one that sets up a web server & also MySQL: http://www.mamp.info/en/index.html
I mention MAMP but there may be other.
my Apple script is finally run fully using that solution.
I had the same trouble and realised that apache executes as user www.
You can change this by editing etc/apache2/httpd.conf . Change user to your user short name and group to staff.
Newly registered user here after being a long time lurker!
I have an Apache 2.2 web server running on Windows locally (for now) as a service, with PHP 5 installed. I'm using PHP's exec() to run a command line client (.exe) hosted on the server, which authenticates the user to a database and makes pre-defined SQL queries on behalf of the user.
My question is: How does Apache run programs requested by multiple users through the (same) PHP exec() command? In this case, will Apache be using the same one instance of the client for all users who will access it, or will Apache be creating a new instance of the client for each user?
Since the client was designed for use by a single user, if Apache does reuse the same instance of a client, it will be running into a lot of concurrency issues.
I appreciate any help I can get, thanks!
PHP launches the process every time PHP calls exec(), and it keeps running for as long as it takes to finish. As such, you will end up with multiple copies of the process running at once if multiple users are simultaneously accessing scripts your web site which trigger it.
Unless you are using some really weird sort of database, there is probably a better way to query it than launching a command-line tool. If there's an ODBC driver available for your database, for instance, you may be able to use it directly via the PHP ODBC extension.
I run an executable called Test.exe via exec which in turns runs Outlook.
I am able to run the Test.exe fine but I get the error:
Rejected Safe Mode action : Microsoft Office Outlook. in the windows event viewer.
If I run Test.exe myself via DOS it works fine and no errors. So its something to do with how PHP is running this exectuable. I've enabled apache to run as an admin account but the same thing happens.
What else should I be doing so that Apache can run the executable without any problems?
It works from the command line but not from the Apache process. Not surprisingly because Apache probably runs as a service, with a system account (Non-Desktop interactive).
If you reconfigure the service to run as a user with the right to logon locally and mark the service to be allowed 'Interaction with Desktop', I expect you could do this.
However, I'm at a total loss why anyone, at all, would want to start Outlook from a webserver application....
Sehe is right (but for some reason I cannot comment to his post, whatever...). Usually, you should access MS Office facilities via external code using specific OLE interfaces. You never use CreateProcess to start Outlook or Word from your program, it would be pointless because how can you control it after launching it?
I suggest you to check if you really need this, and if there's a more clean way to do it. You can try to create an external C#/VB.NET executable that performs all the automation you may need to do with Microsoft Outlook, indeed.
What is the actual scenario?
And, I don't like to correct people but if I don't, someone else will in the future and it'll be annoying. Don't say "via DOS" when you use a prompt under Windows. :D
i too am perplexed by would anyone would want to do this.
If you REALLY wanted to do this i guess you could run it as "start test.exe" or write a batch file that would run it. basically anything that would cause a different process to be the one actually launching the app.
I was wondering, whether knockd http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki would be a good was to be able to restart apache without logging into ssh. But my programming question was whether there is a way to send tcp/udp packages via PHP so I can knock via a webclient.
I am aware that this is not the safest way of doing it, but I will only want to do things like update the svn, restart apache without having any passwords in it like with using ssh to do that.
You may use fsockopen() functions... but what you are doing(and the way you are doing it) is very risky from a security standpoit.. as it had been said, ssh is the way:)
If you really want to restart the apache server by using remote access (non-ssh) you can create a small php-daemon, that just watches for a specific file,(ex: /tmp/restart.apache) and when that file appears run exec("/etc/init.d/apache restart") (or whatever the command is for your distribution). This daemon should run as root... and the thing is that the whole security thing is up to you this way, you have to make sure this cannot get arbitrarly executed...
Your portknock ideea... a simple port scanner may restart your apache by mistake:) portknock is recommented to be used in conjunction with a ssh auth , not directly with apache:)
Seriously, you do not want to do what your trying to do.
You should look into calling your remote server through some sort of secure protocol, like SSH. And on the client side, have a small PHP utility application/script that executes remote SSH commands (preferably with a keyfile only based authentication mechanism).
Why not have a PHP script that calls "svn update"? As long as the files are writeable by the user Apache runs as, it works great. Just hit that URL to update the website
For SVN you have whole PHP api, try search SVN on php.net