running BAT file from php page (over ssl, authenticated)

Hi

I'm trying to run BAT file from a web page. Php is on IIS (php5isapi win 2003 serv), the page is accessed via ssl (https://) and has anonymous access disabled. So I login on a page as my_user to access the page. Below is the php code that doesn't want to run as expected. When I login directly to the server as my_user I can run this bat file without any problem, so it's not a permissions problem (for this user).
The output looks like this:

kod: 1
ostatnia linijka:
string(0) ""

So as you see it returns an empty string with the return code 1.

This is the bat file:

echo off
echo "Usuwanie katalogu ze stara wersja"
rmdir /S /Q c:\archiwum\trunk
echo "Eksport z repozytorium (trunk)"
cd c:\archiwum
svn export svn://adso.nawigus.pl/test/nawigus/trunk
echo "Kopiowanie do test.nawigus.pl"
xcopy c:\archiwum\trunk C:\Inetpub\nawigus\test /f /s /e /y
echo "Kasowanie plikw base.dist.php, path.dist.php i skompilowanych szablonw"
del /Q C:\Inetpub\nawigus\test\inc\base.dist.php
del /Q C:\Inetpub\nawigus\test\www\path.dist.php
del /Q C:\Inetpub\nawigus\test\inc\tpl\templates_c\*.*
echo "Gotowe"


Any ideas?
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
header('Content-Type: text/plain; charset=win-1250');
$last = system('C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat',$ret);
echo "kod: $ret\nostatnia linijka:\n";
var_dump($last);
?>

Open in new window

LVL 7
tg_wilkAsked:
Who is Participating?
 
Richard QuadlingConnect With a Mentor Senior Software DeveloperCommented:
You can use the RunAs command ...

You will need to use runas once manually and use /savecred to save the credentials. Thereafter you shouldn't need to supply the password.

I think.



C:\>runas /?
RUNAS USAGE:
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /user:<UserName> program
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /smartcard [/user:<UserName>] program
 
   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
                     This option is not available on Windows XP Home Edition
                     and will be ignored.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   program         command line for EXE.  See below for examples
 
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
 
NOTE:  Enter user's password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.

Open in new window

0
 
meverestCommented:
Hi,  try adding that file (C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat) to your web service extensions.

Cheers.
0
 
tg_wilkAuthor Commented:
Nope, it doesn't help.

I have run whoami program with another script (but the same scheme) and it shows that instead of my_user the script is run as NETWORK SERVICE user. I'm unwilling to change permissions to allow this user to change my scripts folder (which is necessary for the bat file I'm trying to run).
Is there any way to run this bat file from php script as my_user?
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Richard QuadlingSenior Software DeveloperCommented:


$last = system('"C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat"',$ret);

Open in new window

0
 
Richard QuadlingSenior Software DeveloperCommented:
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.Watch out for this gotcha!exec('&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;');This will fail.Instead, you need to add another set of quotes...exec('&quot;&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;&quot;');Unless you are using the fixed version of PHP 5.3.0+ (not yet released).
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.
 
Watch out for this gotcha!
 
exec('"C:\program with spaces in name.exe" "parameter with spaces"');
 
This will fail.
 
Instead, you need to add another set of quotes...
 
exec('""C:\program with spaces in name.exe" "parameter with spaces""');
 
Unless you are using the fixed version of PHP 5.3.0+ (not yet released).

Open in new window

0
 
tg_wilkAuthor Commented:
I still have some permissions problem. As I said, I managed to run a program whoami.exe (in a way I described in the question) that gives as an output the name of the user that run it. It showed that the program is run as the NETWORK SERVICE user when called by php script (i don't know if this is the right translation, as I got mine in polish). Well - network service doesn't have the right to change files that need to be changed and I'm not willing to give this permissions. That would mean that any script can access those files, which is not what I want. I thought that after I make the user log in to a web page via basic authentication, the script would run as the authenticated user (myuser). But it isn't - it is still Network Service. Can you think of any way to solve this permissions related problem? I would like to run bat file with exec as a certain user (or a whole php script if it's easier) while on a web page.
As for now I run the bat script every 15 minutes as myuser and check inside if the certain files were created by a php script. If so, the actual bat script is called. There is a drawback though - there is a max. 15 minutes gap between calling the php script and running the bat. I could call the bat script more often but it's not a point.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.