Solved

running BAT file from php page (over ssl, authenticated)

Posted on 2008-10-07
6
1,084 Views
Last Modified: 2013-12-13
Hi

I'm trying to run BAT file from a web page. Php is on IIS (php5isapi win 2003 serv), the page is accessed via ssl (https://) and has anonymous access disabled. So I login on a page as my_user to access the page. Below is the php code that doesn't want to run as expected. When I login directly to the server as my_user I can run this bat file without any problem, so it's not a permissions problem (for this user).
The output looks like this:

kod: 1
ostatnia linijka:
string(0) ""

So as you see it returns an empty string with the return code 1.

This is the bat file:

echo off
echo "Usuwanie katalogu ze stara wersja"
rmdir /S /Q c:\archiwum\trunk
echo "Eksport z repozytorium (trunk)"
cd c:\archiwum
svn export svn://adso.nawigus.pl/test/nawigus/trunk
echo "Kopiowanie do test.nawigus.pl"
xcopy c:\archiwum\trunk C:\Inetpub\nawigus\test /f /s /e /y
echo "Kasowanie plikw base.dist.php, path.dist.php i skompilowanych szablonw"
del /Q C:\Inetpub\nawigus\test\inc\base.dist.php
del /Q C:\Inetpub\nawigus\test\www\path.dist.php
del /Q C:\Inetpub\nawigus\test\inc\tpl\templates_c\*.*
echo "Gotowe"


Any ideas?
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
header('Content-Type: text/plain; charset=win-1250');
$last = system('C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat',$ret);
echo "kod: $ret\nostatnia linijka:\n";
var_dump($last);
?>

Open in new window

0
Comment
Question by:tg_wilk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 22667476
Hi,  try adding that file (C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat) to your web service extensions.

Cheers.
0
 
LVL 7

Author Comment

by:tg_wilk
ID: 22667992
Nope, it doesn't help.

I have run whoami program with another script (but the same scheme) and it shows that instead of my_user the script is run as NETWORK SERVICE user. I'm unwilling to change permissions to allow this user to change my scripts folder (which is necessary for the bat file I'm trying to run).
Is there any way to run this bat file from php script as my_user?
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22669698


$last = system('"C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat"',$ret);

Open in new window

0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22669719
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.Watch out for this gotcha!exec('&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;');This will fail.Instead, you need to add another set of quotes...exec('&quot;&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;&quot;');Unless you are using the fixed version of PHP 5.3.0+ (not yet released).
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.
 
Watch out for this gotcha!
 
exec('"C:\program with spaces in name.exe" "parameter with spaces"');
 
This will fail.
 
Instead, you need to add another set of quotes...
 
exec('""C:\program with spaces in name.exe" "parameter with spaces""');
 
Unless you are using the fixed version of PHP 5.3.0+ (not yet released).

Open in new window

0
 
LVL 7

Author Comment

by:tg_wilk
ID: 22771721
I still have some permissions problem. As I said, I managed to run a program whoami.exe (in a way I described in the question) that gives as an output the name of the user that run it. It showed that the program is run as the NETWORK SERVICE user when called by php script (i don't know if this is the right translation, as I got mine in polish). Well - network service doesn't have the right to change files that need to be changed and I'm not willing to give this permissions. That would mean that any script can access those files, which is not what I want. I thought that after I make the user log in to a web page via basic authentication, the script would run as the authenticated user (myuser). But it isn't - it is still Network Service. Can you think of any way to solve this permissions related problem? I would like to run bat file with exec as a certain user (or a whole php script if it's easier) while on a web page.
As for now I run the bat script every 15 minutes as myuser and check inside if the certain files were created by a php script. If so, the actual bat script is called. There is a drawback though - there is a max. 15 minutes gap between calling the php script and running the bat. I could call the bat script more often but it's not a point.
0
 
LVL 40

Accepted Solution

by:
Richard Quadling earned 500 total points
ID: 22785713
You can use the RunAs command ...

You will need to use runas once manually and use /savecred to save the credentials. Thereafter you shouldn't need to supply the password.

I think.



C:\>runas /?
RUNAS USAGE:
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /user:<UserName> program
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /smartcard [/user:<UserName>] program
 
   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
                     This option is not available on Windows XP Home Edition
                     and will be ignored.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   program         command line for EXE.  See below for examples
 
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
 
NOTE:  Enter user's password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.

Open in new window

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question