-3

I'm new to programming in html/php/javascript so I don't know how to start.

I'm trying to execute a .sh file (on linux) with a button on a webpage (so html I guess).

I read that I'd have to make a button on html but put the execute code in php but I can't seem to make a code out of it.

Help would be greatly appreciated

This isn't a duplicate, I said I'm new and I don't know how to do this with a button, thats where it's a diffrent question.

Thomasttw
  • 67
  • 2
  • 9

2 Answers2

0

What you need to do is call the file with a program. Call it with bash or sh as suggested in the comment:

echo shell_exec('sh /home/scripts/fix-perm.sh');

Another option could be:

$contents = file_get_contents('/home/scripts/fix-perm.sh');
echo shell_exec($contents);

I think the first option would be better however.

It is important to note that all commands for executing external programs expect actual commands and not a filepath or something else. This goes for shell_exec, exec, passthru and others.

Shaig Khaligli
  • 4,955
  • 5
  • 22
  • 32
0

Most simple way is using GET Method and send a request to the script. This works even without fancy php coding.

Simple Link

http://example.com/script.sh?name=value&name2=value2&name3=value3&

CGI-Scripts can process the Request via QUERY_STRING variable.

In combination with SSL and POST u can send Data after the url, so your requests will be secured a bit.

Html-form

<form action="script.sh" method="POST">
<input type="hidden" name="name3" value="value3">
<input type="hidden" name="name2" value="value2">
<button name="name" value="value">Click me</button>
</form>

The Script should react on POST Request and read stdin for the data deliverd. For the beginning the most important variables are REQUEST_METHOD and QUERY_STRING.

hope this helps a bit.

Here is a simple JavaScript variation to request data from cgi...

var query_string = "name=value&name2=value2&name3=value3&";
var request = new XMLHttpRequest();
request.open("POST", "script.sh");
request.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
request.addEventListener('load', function(event) {
    if (request.status >= 200 && request.status < 300) {
        console.log(request.responseText);
    } else {
        console.warn(request.statusText);
    }
});
request.send(query_string);

This code as an event like .addEventListener("click", functionname);

I can also imagine u want to create a Bash-Script by ur own. If so u have to consider many things. I walk u though as simple as possible ...

To react on a request u need to send back the content-type as first, followed by an empty line.

echo "Content-Type: text/html"
echo ""

There are many many more options for CORS, but content-type is the most important.

Next step would be checking the request.

case "$REQUEST_METHOD" in
POST)
    if [ "$CONTENT_TYPE" = "application/x-www-form-urlencoded" ]; then
        read -n "$CONTENT_LENGTH" QUERY_STRING_POST
            QUERY_STRING_ENC=$(echo -e $(echo "$QUERY_STRING_POST" | sed 's/+/ /g;s/%\(..\)/\\x\1/g;'))
    else    
        echo -e "Error\t777\ņReceived header has a bad CONTENT_TYPE.\nThe value has to be application/x-www-form-urlencoded."
    fi
;;
*)
    echo -e "Error:\t555\nReceived header has wrong REQUEST_METHOD.\nThe value has to be POST only."
;;
esac

This code part checks for a valide REQUEST_METHOD and reads the stdin. Then it html-decode the query_string via sed.

some security questions...

DOMAIN="example.com"
if [ "$HTTP_CONNECTION" != "keep-alive" ] || [ "$HTTP_HOST" != "$DOMAIN" ] || [ "$SERVER_NAME" != "$DOMAIN" ] || [ "$SERVER_PORT" -ne 443 ]; then
    echo -e "Error:\t666\nCorrupted connection refused."
fi

This checks for a valide connection. All envirement variables are listed in the manual of the http-server.

Note that the environment variables like REQUEST_METHOD and QUERY_STRING can be processed by the shell directly. One must filter the input to avoid cross site scripting. Filter out "<>&*?./" to avoid trouble from hackers!

After these steps u can put what ever u want in stdout. But keep in mind that every envirement-variable and stdin can be a threat and u need to filter all out before processing these things.

cat << EOF
<!DOCTYPE html>

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>CGI Test</title>
</head>
<body>
    <h1>Hello World</h1>
</body>
</html>
EOF

Addition:

To test all step by step I created me envtest.sh and inputtest.sh. U can copy inputtest.sh into /usr/lib/cgi-bin/ and make them executable.

Terminal

cd /usr/lib/cgi-bin
chmod +x inputtest.sh

Now u can learn the html side first. Or the JavaScript variation. Or php and phyhon ...

inputtest.sh

#!/bin/bash

exec 2>&1       # every error gets redirected into the html too


echo "Content-type: text/html"
echo ""
echo "<html>"
echo "<head>"
echo "<title>Test</title>"
echo "<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">"
echo "</head>"
echo "<body>"

case "$REQUEST_METHOD" in
GET)
    echo "<p>QUERY_STRING: ${QUERY_STRING}</p>"
;;
POST)
    if [ "$CONTENT_TYPE" != "" ]; then
        read -n "$CONTENT_LENGTH" QUERY_STRING_POST
        echo "<p>$QUERY_STRING_POST</p>"
    else
        echo "<p>Error while REQUEST_METHOD=POST and CONTENT_TYPE=${CONTENT_TYPE}</p>"
    fi
;;
*)
    echo "<p>Error wrong REQUEST_METHOD: \"${REQUEST_METHOD}\"</p>"
esac

echo "</body></html>"

exit 0

The link will look like ...

http://example.com/cgi-bin/script.sh
Mario
  • 679
  • 6
  • 10
  • Ill check this out in a few hours when I'm back at my computer – Thomasttw Mar 05 '17 at 15:01
  • I added some more info. – Mario Mar 05 '17 at 16:57
  • Is all of this nesecary because I don't understand too much of what this all is. btw, the code I need doesn't have to be safe for hackers because it will never come online, neither do I have any domain. I only understand very basic things because html php and javascript are very new to me – Thomasttw Mar 05 '17 at 18:14
  • sure u can do it all without the error response and without filter. but that wont change the fact that u have to create a cgi-script and respond to that request. Using pure html via form and GET/POST, or using any other language doesnt matter. But the server needs to process the data somehow. – Mario Mar 05 '17 at 18:24
  • At the moment I don't really understand what I have to do, maybe you can make it more like a step-by-step guide? – Thomasttw Mar 05 '17 at 18:32
  • I would recommend u should learn one thing after an other. BTW most of the code I had posted is Bash-Script. – Mario Mar 05 '17 at 18:39
  • I added a file that u can copy and use to test the REQUEST_METHOD and QUERY_STRING. GL & HF – Mario Mar 05 '17 at 18:56
  • ok I cleared my post a bit. Does it help, or do u still need help ? – Mario Mar 05 '17 at 19:38
  • I found my way out but when I press the button it just opens the php instead of executes it – Thomasttw Mar 05 '17 at 20:20
  • This has to do with server rights. u have to activate cgi-scripts on the server, or the file has no rights to execute. – Mario Mar 05 '17 at 21:51
  • I used chmod 777 on php, html and sh. still doesnt work – Thomasttw Mar 05 '17 at 21:55
  • the script only need to be executable. what directory is the script in ?... it hast to be in **/usr/lib/cgi-bin**. other wise look in your /etc/apache/conf-enabled/ direcory for a file called cgi. if it not exist u have to create it. how this goes depends on ur apache version. +2.2... **a2enconf serve-cgi-bin** – Mario Mar 05 '17 at 22:21