Solved

running BAT file from php page (over ssl, authenticated)

Posted on 2008-10-07
6
1,062 Views
Last Modified: 2013-12-13
Hi

I'm trying to run BAT file from a web page. Php is on IIS (php5isapi win 2003 serv), the page is accessed via ssl (https://) and has anonymous access disabled. So I login on a page as my_user to access the page. Below is the php code that doesn't want to run as expected. When I login directly to the server as my_user I can run this bat file without any problem, so it's not a permissions problem (for this user).
The output looks like this:

kod: 1
ostatnia linijka:
string(0) ""

So as you see it returns an empty string with the return code 1.

This is the bat file:

echo off
echo "Usuwanie katalogu ze stara wersja"
rmdir /S /Q c:\archiwum\trunk
echo "Eksport z repozytorium (trunk)"
cd c:\archiwum
svn export svn://adso.nawigus.pl/test/nawigus/trunk
echo "Kopiowanie do test.nawigus.pl"
xcopy c:\archiwum\trunk C:\Inetpub\nawigus\test /f /s /e /y
echo "Kasowanie plikw base.dist.php, path.dist.php i skompilowanych szablonw"
del /Q C:\Inetpub\nawigus\test\inc\base.dist.php
del /Q C:\Inetpub\nawigus\test\www\path.dist.php
del /Q C:\Inetpub\nawigus\test\inc\tpl\templates_c\*.*
echo "Gotowe"


Any ideas?
<?php

ini_set('display_errors',1);

error_reporting(E_ALL);

header('Content-Type: text/plain; charset=win-1250');

$last = system('C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat',$ret);

echo "kod: $ret\nostatnia linijka:\n";

var_dump($last);

?>

Open in new window

0
Comment
Question by:tg_wilk
  • 3
  • 2
6 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 22667476
Hi,  try adding that file (C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat) to your web service extensions.

Cheers.
0
 
LVL 7

Author Comment

by:tg_wilk
ID: 22667992
Nope, it doesn't help.

I have run whoami program with another script (but the same scheme) and it shows that instead of my_user the script is run as NETWORK SERVICE user. I'm unwilling to change permissions to allow this user to change my scripts folder (which is necessary for the bat file I'm trying to run).
Is there any way to run this bat file from php script as my_user?
0
 
LVL 40

Expert Comment

by:RQuadling
ID: 22669698


$last = system('"C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat"',$ret);

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 40

Expert Comment

by:RQuadling
ID: 22669719
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.Watch out for this gotcha!exec('&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;');This will fail.Instead, you need to add another set of quotes...exec('&quot;&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;&quot;');Unless you are using the fixed version of PHP 5.3.0+ (not yet released).
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.
 

Watch out for this gotcha!
 

exec('"C:\program with spaces in name.exe" "parameter with spaces"');
 

This will fail.
 

Instead, you need to add another set of quotes...
 

exec('""C:\program with spaces in name.exe" "parameter with spaces""');
 

Unless you are using the fixed version of PHP 5.3.0+ (not yet released).

Open in new window

0
 
LVL 7

Author Comment

by:tg_wilk
ID: 22771721
I still have some permissions problem. As I said, I managed to run a program whoami.exe (in a way I described in the question) that gives as an output the name of the user that run it. It showed that the program is run as the NETWORK SERVICE user when called by php script (i don't know if this is the right translation, as I got mine in polish). Well - network service doesn't have the right to change files that need to be changed and I'm not willing to give this permissions. That would mean that any script can access those files, which is not what I want. I thought that after I make the user log in to a web page via basic authentication, the script would run as the authenticated user (myuser). But it isn't - it is still Network Service. Can you think of any way to solve this permissions related problem? I would like to run bat file with exec as a certain user (or a whole php script if it's easier) while on a web page.
As for now I run the bat script every 15 minutes as myuser and check inside if the certain files were created by a php script. If so, the actual bat script is called. There is a drawback though - there is a max. 15 minutes gap between calling the php script and running the bat. I could call the bat script more often but it's not a point.
0
 
LVL 40

Accepted Solution

by:
RQuadling earned 500 total points
ID: 22785713
You can use the RunAs command ...

You will need to use runas once manually and use /savecred to save the credentials. Thereafter you shouldn't need to supply the password.

I think.



C:\>runas /?

RUNAS USAGE:
 

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]

        /user:<UserName> program
 

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]

        /smartcard [/user:<UserName>] program
 

   /noprofile        specifies that the user's profile should not be loaded.

                     This causes the application to load more quickly, but

                     can cause some applications to malfunction.

   /profile          specifies that the user's profile should be loaded.

                     This is the default.

   /env              to use current environment instead of user's.

   /netonly          use if the credentials specified are for remote

                     access only.

   /savecred         to use credentials previously saved by the user.

                     This option is not available on Windows XP Home Edition

                     and will be ignored.

   /smartcard        use if the credentials are to be supplied from a

                     smartcard.

   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER

   program         command line for EXE.  See below for examples
 

Examples:

> runas /noprofile /user:mymachine\administrator cmd

> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"

> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
 

NOTE:  Enter user's password only when prompted.

NOTE:  USER@DOMAIN is not compatible with /netonly.

NOTE:  /profile is not compatible with /netonly.

Open in new window

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article was inspired by a question here at Experts Exchange (http://www.experts-exchange.com/Software/Photos_Graphics/Images_and_Photos/Q_28629170.html). The requirements stated in that question are (1) reduce the file size of a large number of…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now