6

I want to execute a .exe file on my Apache server using a php script. the procedure is as follow:

  1. user comes, fills a html form

  2. it goses to a php script

  3. php script executes the name.exe file

  4. php prints the output of the name.exe file on the page.

I execute the name.exe normally from windows like this:

run--> cmd--> D:\name [command]

the name.exe needs to communicate with other files like libraries in the same directory.

the complete comand in cmd at windows is like this:

D:\name library.dll [input from user]

then program executes and prints some results in cmd window.

I actually want to run this program on my server form my clients. I don't know how, but I now there is a way to do this.

Another related question, is there any shell that I can install on Linux server and execute name.exe in it?

Improve this question

5 Answers 5

Reset to default
6

Please rethink your solution as this will likely create more problems (particularly security issues) than it solves. By having a PHP script execute your program you run the danger of a user entering the following into your form:

John Doe; rm \windows\*

or 

John Doe; rm d:\name\*

You want to limit user input to a very controlled subset so that you won't get malicious command injection.

PHP does provide an exec() but be very careful.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks i will. That is a good poit. I can check the input with my format before allowing it to execute by php script. But is the problem is solvable with exec() ? so I can study using it.
Executing external programs isn't that much of a problem with some care and escaping all incoming data with escapeshellarg().
2

You should escape the user input with escapeshellarg before sending it to the command.

$saferinput = escapeshellarg($input);
system('D:\name library.dll '.$saferinput);
Improve this answer

Comments

2

You probably want passthru() or exec().

As for Linux, if name.exe runs well under WINE, you would probably want to use passthru() or shell_exec() and call WINE to run name.exe. I have no idea what name.exe does, so even if it runs under WINE, there's no guarantee that it will actually work.

There is, however no magic shell that allows Linux to execute arbitrary Windows executables.

As noted, be very careful of what you allow to get to exec() or passthru() or anything else that executes code outside of your script. I'm not going to go as far as to say you probably should not be doing whatever it is that you are doing, but I'm not the one working on whatever you are working on :)

Improve this answer

4 Comments

There's also no requirement that PHP not be run under Windows/IIS.
Actually, exec will return the last line after command execution. Whereas passthru works as OP wants.
I think the passthru command is better, cause I have couple of lines as a result of the name.exe
@David Lively - I wasn't saying don't run php under windows. The OP asked if he could also get the code to work under Linux. I edited for clarity, thanks :)
0

This is a very bad idea. Aside from having to grant ridiculous permissions to the user account under which your web server is executing, which effectively gives anyone visiting your site the power to run executables, your run the risk of thread safety issues, file system locking problems, and others.

If you absolutely must use this exe, create a queuing system. Have your site put the form request into a convenient repository (say, a database), and have a service poll the database periodically to run this process. This allows separation of user accounts and associated permissions for the website and the exe, eliminates any concurrent execution issues, and decreases response latency for your site.

Some (cough) languages allow you to create this service and your site code in the same language/techology, but in this case you'll have to break out the .NET or other compiled language in order to create such a service.

Improve this answer

7 Comments

thanks, but my first question is is that possible, my idea would work? then I will think of security matters, there is a login system and just my friends can use the system, I am sure about the security, but my queston is: is that idea is possible with PHP?
John, there's no way to ensure that only your friends will be using the system. That's why we're required to consider security in any application. Also, note that there are functionality issues in play, not just security.
We don't know anything about the 'name' command. Maybe it is safe? Maybe he runs his web server as a user who only have access to that command. Maybe the 'name' program can have multiple running processes at once without concurrency issues. Your points are still valid of course, but they aren't unsolvable.
@Emil, anything is solveable. Or, in drag racing terms: you can't turn a pig into a ballerina, but you can make a damn fast pig. Still, this is poor design, and I for one don't want to wind up maintaining this crap a few years down the road.
guys, this will be a private system for 5-6 of my friends. I am trying to make a unit system on web so that we can use it online. so I am sure about the users and security. the name.exe is a scientific mathematical program though.
|
0

I think we can do this by connecting to the server using PHP SSH. There is a library (http://phpseclib.sourceforge.net/) which allows you to connect to the server via SSH. Earlier I tried connecting to the server using telnet and execte .exe. But my school admin has blocked telnet due to security reasons, so I need to work on ssh.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.