Solved

popen does not yield any results

Posted on 2002-07-16
12
462 Views
Last Modified: 2006-11-17
I've been trying to use popen to execute "sendmail" at a provider that hosts a client, but I've been unable to make it work at all. It is as if it was disabled, or something. In my own computer things work properly, of course. I've enabled all error reporting, and examined all the returned variables, but I get *no error* message whatsover. I've also tried functions such as passthru to see if I had any luck. None. I reduced the problem to just trying to "touch" a file, so that I do not depend on output. It does not work (even though I have permissions to write to the directory). The program below should create files y1, y2 and test2, and also output information about the resources, and "yes". There, "test2" is created by simple "fopen" (just to make sure of permissions). It creates only the latter -- does not create y1 or y2, does not output "yes". The full output is:

'Resource id #1'; resource 'Resource id #2'; resource

Any help is appreciated.

Zorzella

******************

<?
error_reporting(E_ALL);

$test = popen ("touch y1","r");
echo "'$test'; " . gettype($test) . "\n";
pclose ($test);

$test2 = popen ("/usr/bin/touch y2","r");
echo "'$test2'; " . gettype($test2) . "\n";
pclose ($test2);

passthru ("/bin/echo yes");

$test2 = fopen ("test2", "w");
fwrite ($test2, "test2");
fclose ($test2);

?>



0
Comment
Question by:zorzella
  • 5
  • 4
  • 3
12 Comments
 
LVL 40

Expert Comment

by:RQuadling
ID: 7159106
From the PHP manual.

Note: If the command to be executed could not be found, a valid resource is returned. This may seem odd, but makes sense; it allows you to access any error message returned by the shell:

<?php
error_reporting(E_ALL);

/* Add redirection so we can get stderr. */
$fp = popen('/path/to/spooge 2>&1', 'r');
echo "'$fp'; " . gettype($fp) . "\n";
$read = fread($fp, 2096);
echo $read;
pclose($fp);
?>
 



Can you try this script.

Also, can you add the full path to touch, just to see if that makes a difference.

Richard.
0
 

Author Comment

by:zorzella
ID: 7160072
If you look carefully at my script, I try "touch" with and without a full path -- that's why I do it twice. I tried several other executables, as well, to minimize the chance of them just not being there.

As for the script proposed, I saw the same help at the php help pages, and I added the very same echoing of the return variable, plus its type, to both "touch" popens. The output of both is the same in the hosting box as I have in my own box (where they work properly):

'Resource id #1'; resource

for the first and

'Resource id #2'; resource

for the second.
0
 
LVL 8

Expert Comment

by:GEM100
ID: 7181873
Can it be that your host disabled that function?
0
 

Author Comment

by:zorzella
ID: 7185812
You mean disabled popen? I thought about the same thing, but I do not know how would one go about it. Is there a configuration where popen (and its "cousins") may be disabled? Where is it? How do I find out?

Thanks,
0
 
LVL 8

Expert Comment

by:GEM100
ID: 7187420
Try this:
<?php
echo phpinfo();
?>

then search for "safe_mode" in the output and see if it's ON. Function popen() is disabled if PHP is run in Safe Mode. I would just suggest to go with fopen()...
0
 

Author Comment

by:zorzella
ID: 7188429
I'll try that, thanks! Would you care to tell me:

1) how to configure safe_mode ON/OFF?

2) how to use fopen for the kind of thing I need (execute a binary)?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 40

Expert Comment

by:RQuadling
ID: 7189090
If the ISP has disabled the use of popen and others and they know what they are doing, then you will probably NOT be able to open any shell commands.

But, have you tried ...

Execution Operators
PHP supports one execution operator: backticks (``). Note that these are not single-quotes! PHP will attempt to execute the contents of the backticks as a shell command; the output will be returned (i.e., it won't simply be dumped to output; it can be assigned to a variable).


$output = `ls -al`;
echo "<pre>$output</pre>";
 

Note: The backtick operator is disabled when safe mode is enabled or shell_exec() is disabled.

See also escapeshellcmd(), exec(), passthru(), popen(), shell_exec(), and system().

Regards,

Richard.
0
 

Author Comment

by:zorzella
ID: 7189256
I think they might have set "safe_mode" without really meaning to do it (they are not very proficient in php, as they, themselves, say). I think they would open it up, if I told them how to (they allow shell execution in perl, why not php?). BTW, at this point, I have worked around my problem by using the native "mail" command, so the question is just for future work that I may do with them: how to find out about and disable the safe_mode?

PS: I did try some other approaches, such as "passthru", as I originally posted.
0
 
LVL 8

Accepted Solution

by:
GEM100 earned 500 total points
ID: 7190004
In the php.ini file, check for "safe_mode" and see if it's on or off.

Also check for "disable_functions" and see if it has popen disabled manually.


Then try to run something like this:

<?php
$fd = popen("/usr/sbin/sendmail -t","w");
fputs($fd, "To: myaddress@mydomain.tld\n");
fputs($fd, "From: Me \n");
fputs($fd, "Subject: Test\n");
fputs($fd, "X-Mailer: PHP3\n");
fputs($fd, "Testing.\n");
pclose($fd);
?>

Just modify params as per your requirements.
0
 
LVL 40

Expert Comment

by:RQuadling
ID: 7190069
You (i.e. a PHP script) cannot disable Safe mode. What would be the point in having it!

Check the INI file for safe_mode.

Regards,

Richard.
0
 
LVL 8

Expert Comment

by:GEM100
ID: 7190166
he never said he will do it via PHP script...

"I think they would open it up, if I told them how to "
0
 

Author Comment

by:zorzella
ID: 7191271
Yeap! That seems to be the case. Other people would also deserve points for their remarks, but yours was certainly the one to be awarded the points.

Thanks,

Z
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
advertisement module in core php 4 94
lastpass auto fill login form 5 25
How to fetch your row in php 14 13
PHP JSON Clean up 5 11
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now