Perform system external command in PHP

zhaozj2021-02-16  87

PHP is a task such as a server-side scripting language, like writing simple or complex dynamic webpage, it is entirely competent. But things are not always the case, sometimes in order to implement a feature, you must use the external program of the operating system (or a command), this can be done.

So, can you call an external command in the PHP script? If you can, how do you do it? What are the concerns? I believe that after you read this article, it must be able to answer these questions.

Is it possible?

The answer is yes. PHP and other programming languages, you can call external commands in the program, and it is very simple: just use one or several functions.

Precondition

Since PHP is basically developed for web programs, security has become an important aspect of people's consideration. So the PHP designer added a door to PHP: security mode. If you run in safe mode, then the PHP script will be subject to the following four aspects:

External command

Some restrictions when opening a file

Connect to mySQL database

HTTP-based authentication

In safe mode, only external programs in a particular directory can be executed, and calls to other programs will be rejected. This directory can be specified in the php.ini file, or in compiling PHPs to be specified, the default is / usr / local / pHP / bin by default.

If you call an external command that should be able to output the result (meaning the PHP script is not wrong), the result is a blank, then it is likely that your network management has put PHP in security mode.

How to do?

Calling an external command in the PHP can be implemented as the following three methods:

1) Special functions provided with PHP

PHP provides a total of 3 dedicated execution external commands: system (), exec (), passthru ().

SYSTEM ()

Prototype: string system (string command [, int Return_var])

The system () function is similar in other languages, which performs a given command, output, and return results. The second parameter is optional, used to get the status code after the command execution.

example:

System ("/ usr / local / bin / webalizer / webalizer");

?>

Exec ()

Prototype: string exec (string command [, string array [, int return_var]])

The exec () function is similar to system (), and the given command is also performed, but does not output the result, but the last line of the result. Although it only returns the last line of the command result, the second parameter Array can get a complete result, and the method is to append the result to the end of Array. So if Array is not empty, it is best to use unset () before calling. Only the third parameter can be used to obtain the status code executed by the command only when the second parameter is specified.

example:

EXEC ("/ bin / ls -l");

EXEC ("/ bin / ls -l", $ r);

Exec ("/ bin / ls -l", $ RES, $ RC);

?>

Passthru ()

Prototype: void passthru (string command [, int Return_var])

The passthru () only calls the command, not returning any result, but outputs the result of the command directly to the standard output device. So the passthru () function is often used to call the program that is like PBMPLUS (a tool for processing pictures under UNIX, the output of the binary original picture). Also it can also get the status code executed by the command. example:

Header ("Content-Type: Image / GIF");

Passthru ("./ ppmtogif hunte.ppm);

?>

2) Open the process with the popn () function

The above method can only perform the command simply, but cannot interact with the command. But sometimes you must enter some things to the command. When you add Linux system users, you want to call SU to change the current user to root, and the su command must enter the root password on the command line. In this case, the method mentioned above is obviously not possible.

The POPEN () function opens a process pipe to perform a given command, return a file handle. Since returning is a file handle, you can read and write it. In PHP3, you can only do a single mode of operation on this handle, write or read; start from PHP4, you can read and write at the same time. Unless this handle is opened in a mode (read or written), you must call the PCLOSE () function to close it.

Example 1:

$ fp = popen ("/ bin / ls -l", "r");

?>

Example 2 (This example comes from the PHP China Union website http://www.phpx.com/show.php?d=col&i=51):

/ * How to add a system user in PHP

Below is a routine, add a user name for James,

The root password is Verygood. for reference only

* /

$ sucommand = "su --login root --command";

$ uSERADD = "useradd";

$ rootpasswd = "verygood";

$ us = "james";

$ user_add = Sprintf (""% s "% s% s", $ sucommand, $ usradd, $ us);

$ fp = @Popen ($ USER_ADD, "W");

@fputs ($ FP, $ ROOTPASSWD);

@pclose ($ fp);

?>

3) Use anti-apostrophe (`, that is, the one under the keyboard, and ~ in the same top)

This method has not been classified in PHP before, and is existing as a secret. The method is simple. It is enclosed as an expression with two anti-divisions to execute, and the value of this expression is the result of the command execution. Such as:

$ RES = / bin / ls -l;

Echo

. $ rs.  ;

?>

The output of this script is like:

Hunte.gif

Hunte.ppm

Jpg.htm

Jpg.jpg

PASSTHRU.PHP

What should I think about?

To consider two problems: security and timeout.

First see safety. For example, you have a small online store, so you can sell the product list in a file. You have written an HTML file with a form, let your user enter their email address, then send this product list to them. Suppose you don't use the PhP's mail () function (or never heard of), you call the Linux / UNIX system's Mail program to send this file. The program is like this:

System ("Mail $ TO

Echo "Our product catalog has been sent to your mailbox: $ TO";

?>

With this code, the general user does not have any danger, but there is a very large security vulnerability. If there is a malicious user entered such an email address:

--BLA; Mail someone@domain.com

Then this order will eventually become:

Mail --Bla; Mail someone@domain.com

I believe that no matter which network management personnel see such a command, it will scare a cold sweat.

Fortunately, PHP provides us with two functions: escapeshellcmd () and escapeshellarg (). Functions Escapeshellcmd put all the characters that may have passed the shell in a string to perform the character escape of another command. These characters have special meanings in the shell, icon semicolon (), redirect (>), and from file read (<), etc. The function escapeshellarg is the parameter used to handle the command. It adds single quotes on both sides of a given string and transfers the single quotes in the string so that this string can be safely used as a parameter of the command.

Let's take a look at the timeout problem. If the command to be executed takes a long time, then this command should be placed in the background of the system. However, by default, the function such as System () should wait until this command runs until it is returned (actually the output result of the order), which will definitely cause the PHP script timeout. The solution is to redirect the output of the command to another file or stream, such as:

System ("/ usr / local / bin / order_proc> / tmp / null &");

?>

转载请注明原文地址:https://www.9cbs.com/read-13710.html

New Post(0)