0

So let me give you a brief context of what I am trying to do.

  1. Get the bitbucket input(like URL, username and password) from the user(I get this via normal for input).
  2. Invoke shell_exec and pass clone URL command.

Now, here is a trick. If the given URL is a public repo, it just clones without asking for any password or anything. But, if this is a private repo, then it prompts for a password.

I want to identify if the prompt is asking for password and enter the password through my PHP code.

Is there any way to achieve this in PHP? Is there any way I can tell shell_exec() to prompt me if the command is prompting for password? Is there another function in PHP instead of shell_exec() which will allow me to do this?

HELP PLEASE!!!

user3227262
  • 563
  • 1
  • 6
  • 16
  • 1
    perform a `HEAD` request (with curl or sthing) on the repo and test for a `HTTP/1.1 401 Authorization Required` header? – DarkBee Mar 21 '18 at 09:52
  • Fine. But my question is how can I enter the password through shell_exec() to the password prompt? – user3227262 Mar 21 '18 at 09:55
  • If it is basic authentication (with a popup), you can just change the `URI` to `http://username:password@example.com` – DarkBee Mar 21 '18 at 09:56

1 Answers1

0

It looks like performing a HEAD request on a private repo via CURL generates a 404 Not Found error. You can check for this error code as suggested above by @DarkBee. 

curl -I https://github.com/EvansDaniel/LocalLocker

This command yields this output (this is a private repository of mine):

HTTP/1.1 404 Not Found
Server: GitHub.com
Date: Wed, 21 Mar 2018 09:57:32 GMT
Content-Type: text/plain; charset=utf-8
Status: 404 Not Found
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Vary: X-PJAX
Set-Cookie: _gh_sess=eyJzZXNzaW9uX2lkIjoiNTE5YmE5NmI3ZjNhNDkzZTI3ODkyMmJjNTc2ZDU2YzYiLCJsYXN0X3dyaXRlIjoxNTIxNjI2MjUyMjc4fQ%3D%3D--896b8c3727dd9159a46262b6bd6fa2f405f2e674; path=/; secure; HttpOnly
X-Request-Id: 1fbd5a0c-2114-413b-b0f3-5b23bf1b6a43
X-Runtime: 0.016399
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; connect-src 'self'; form-action 'self'; img-src data:; script-src 'self'; style-src 'unsafe-inline'
X-Runtime-rack: 0.021113
X-GitHub-Request-Id: 404D:3341:9F6864:11DFCD2:5AB22C8C

If you get the 404 error code, you can try to take the user's username and password, try shell_exec with the git clone url command, and if that doesn't work out, tell the user that the repository doesn't exist i.e. the real reason for the 404 was that there is no repository at that url.

dbep
  • 647
  • 6
  • 20
  • Ok. How can I enter the password through shell_exec? – user3227262 Mar 21 '18 at 10:26
  • Apparently many other people have been able to do that via the method described here: https://stackoverflow.com/questions/10054318/how-to-provide-username-and-password-when-run-git-clone-gitremote-git – dbep Mar 21 '18 at 10:41