12

A text box will be used to capture the command. I've been told that I have to use the exec() function to execute UNIX shell commands.

Something like this, user types ls in the text box. The exec() function will execute the UNIX command and the command will be displayed on the web page.

What I want to know how will I get the output of the shell command and display in the web browser using PHP.

I don't know where to start since I'm very new to PHP.

I'm using Ubuntu.

Apostle
  • 482
  • 2
  • 7
  • 23
user478636
  • 3,304
  • 15
  • 49
  • 76
  • 8
    You're probably going to hear this a lot, and it may not even be relevant, but hoo boy does this sound dangerous. – sdleihssirhc Apr 12 '11 at 07:10
  • Hopefully he just wants to write a web-based shell for himself. But in that case better use [Ajaxterm](http://antony.lesuisse.org/software/ajaxterm/) – ThiefMaster Apr 12 '11 at 07:12
  • 1
    You obviusly want this for a personal project, but as stated you should understand that someone can format your partitions from 1 simple command – RobertPitt Apr 12 '11 at 07:15
  • 10
    Even though this is dangerous, I don't think this should be downvoted because of that alone. It is better to educate then to scare! – gnur Apr 12 '11 at 07:16
  • 3
    I, for one, prefer educating *through* scaring. – Charles Apr 12 '11 at 07:20
  • @gnur, it was my downvote and I have revoked it now, you have a perfectly valid point. – RobertPitt Apr 12 '11 at 07:21

7 Answers7

13

exec?

system?

shell_exec?

passthru?

Backticks?

Pfah!

Real developers use proc_open! It has the major and distinct advantage of giving you three PHP streams to feed data into the process, and read both stdout and stderr. This is something that the other process execution functions simply don't do well.

It comes at the small cost of some boilerplate code, so it's a bit more verbose. I consider the trade-off to be excellent.

Oh, and running arbitrary commands from your users is perhaps one of the greatest security risks that you could ever conceive of, but I kind of assume you know this by now.

Charles
  • 50,943
  • 13
  • 104
  • 142
11

You could start looking at the php manual:

System program execution

But like sdleihssirhc mentioned, watchout this IS very dangerous and you should NOT allow everything to be executed!
If you still want to do it, to get the output of the shell, just use

exec
The output of the shell will be passed in the second parameter.

E.g.:

exec('ls -la', $outputArray);
print_r($outputArray);
enricog
  • 4,226
  • 5
  • 35
  • 54
5

Use $output = system($command);

See http://php.net/system and don't forget to read the warnings about security. If you let a user pass any data to system() (or exec() etc.) it's almost as if they had a shell on your server. The same applies if you don't sanitize arguments passed to programs executed through these functions properly.

ThiefMaster
  • 310,957
  • 84
  • 592
  • 636
3

Try $output = shell_exec('ls -lart');

doc shell_exec

Teneff
  • 30,564
  • 13
  • 72
  • 103
2

As long as it is one line you can just echo the return value of exec.

Like so:

echo exec('ls');

But it only displays the first line.

gnur
  • 4,671
  • 2
  • 20
  • 33
1
exec(escapeshellarg($userSuppliedInput), $output);

echo $output;
Peeter
  • 9,282
  • 5
  • 36
  • 53
0

You can use the backticks for this purpose. Like:

$output = `command-executable -switches`

In addition, some applications echo their output to the STD_ERR stream so you might not see output. On linux, you can redirect the error input to the 'normal' input by appending 2>&1 to the command string.

Richard Tuin
  • 4,484
  • 2
  • 19
  • 18
  • what if i want to execute the output of one command as an input to another. $op=exec('cd /root/Envs/ate/bin; pwd;source ./activate; python box_upgrade.py',$output,$status); Each of the command requires the previous command to be executed. – javalearner Mar 01 '16 at 19:18