1

I'm trying to execute a shell script from an HTML page using PHP. I have found a previous example here that I have been trying to follow but I'm having an issue. I'm not sure what the cause is but no errors are returned and no file is created from the bash script.

index.php:

<!DOCTYPE html>
<html>
<head>
<style></style>
</head>
<body>
<form action="./test.php">
    <input type="submit" value="Open Script">
</form>
</body>
</html>

test.php

<?php
    exec("./bash_script.sh");
    header('Location: http://local.server.edu/ABC/abc_test/');
?>

bash_script.sh

#!/bin/bash
touch ./test_file.txt

One thing I have noticed that may be the cause of the issue is that it seems the path on the local server doesn't match with the file system exactly.

If I switch all the relative paths in the scripts to absolute paths such as: /local/sequence/temp/abc_test/file.exe

Then after clicking the button to run the script I get an error saying: The requested URL /local/sequence/temp/abc_test/test.php was not found on this server

Edit: The three files They're located at /local/sequence/temp/abc_test And there is a symbolic link pointing to that directory at /export/www/htdocs/ABC

kevin41
  • 183
  • 2
  • 14
  • “The requested URL”? That doesn’t sound right. Have you tried executing bash_script.sh from the command line? Make sure that’s working as expected before adding the extra variable of php – Tim Morton Oct 20 '21 at 00:02
  • Yes, I have tested it on the command line and it works. Right now all it does is touch a file so not a very complicated bash script. – kevin41 Oct 20 '21 at 13:01
  • Agreed, just eliminating a confounding variable. The next thing I noticed is different file names. The error indicates it couldn’t find the test.php script. So the absolute path in the bash script isn’t even coming into play. Did you accidentally change the name or location of test.php? – Tim Morton Oct 20 '21 at 13:54
  • I haven't changed the name or location at all but maybe they weren't in the right spot to begin? They're located at `/local/sequence/temp/abc_test` And there is a symbolic link pointing to that directory at `/export/www/htdocs/ABC` – kevin41 Oct 20 '21 at 14:03
  • In your form action, I would use "/test.php" and make sure test.php is in your server’s document root (same as index.php). Or better yet, leave out the action value snd just use index.php to run the bash script. (I’ll explain that in an answer if that helps) – Tim Morton Oct 20 '21 at 17:10
  • Yes, if you wouldn't mind explaining these options a bit more in an answer that would be much appreciated! – kevin41 Oct 20 '21 at 17:23

2 Answers2

0

The error message seems to be indicating that test.php is not being found. As written, it needs to be in the same directory as index.php

You’ve tested the actual bash script, so we can proceed with the assumption that it’s in the execution of the script receiving the submission.

I would suggest putting all the web stuff into one page, because you can test sending and receiving input.

<?php
// for testing
// exec("./bash_script.sh");

// check for POST submission (this is not just reading data)
if(isset($_POST['runScript'])) {
     // die('Request received');

    exec("./bash_script.sh");

    // It’s always proper to redirect after post :)
    header('Location: http://local.server.edu/ABC/abc_test/');
    die;
}

// finished with logic; show form
?>

<!DOCTYPE html>
<html>
<head>
<style></style>
</head>
<body>
<form method="POST">
    <input type="submit" name="runScript" value="Open Script">
</form>
</body>
</html>

Note that I added the name attribute to the submit button, and made the form use POST method while submitting to the calling page (no action means submit to yourself).

I’ve also left a few commented actions to aid in debugging if necessary

You may have to adjust the path to the bash script. Currently it’s going to look in the same directory as index.php, which is not something you’d want to do in production.

Tim Morton
  • 2,614
  • 1
  • 15
  • 23
-1

You will be able to do that somehow, but its always very risky to allow such operations to execute from the php page.

MansoorShiraz
  • 118
  • 1
  • 8