Solved

# running BAT file from php page (over ssl, authenticated)

Posted on 2008-10-07
1,062 Views
Hi

I'm trying to run BAT file from a web page. Php is on IIS (php5isapi win 2003 serv), the page is accessed via ssl (https://) and has anonymous access disabled. So I login on a page as my_user to access the page. Below is the php code that doesn't want to run as expected. When I login directly to the server as my_user I can run this bat file without any problem, so it's not a permissions problem (for this user).
The output looks like this:

kod: 1
ostatnia linijka:
string(0) ""

So as you see it returns an empty string with the return code 1.

This is the bat file:

echo off
echo "Usuwanie katalogu ze stara wersja"
rmdir /S /Q c:\archiwum\trunk
echo "Eksport z repozytorium (trunk)"
cd c:\archiwum
echo "Kopiowanie do test.nawigus.pl"
xcopy c:\archiwum\trunk C:\Inetpub\nawigus\test /f /s /e /y
echo "Kasowanie plikw base.dist.php, path.dist.php i skompilowanych szablonw"
del /Q C:\Inetpub\nawigus\test\inc\base.dist.php
del /Q C:\Inetpub\nawigus\test\www\path.dist.php
del /Q C:\Inetpub\nawigus\test\inc\tpl\templates_c\*.*
echo "Gotowe"

Any ideas?
<?php

ini_set('display_errors',1);

error_reporting(E_ALL);

$last = system('C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat',$ret);

echo "kod: $ret\nostatnia linijka:\n"; var_dump($last);

?>

0
Question by:tg_wilk
• 3
• 2

LVL 37

Expert Comment

ID: 22667476

Cheers.
0

LVL 7

Author Comment

ID: 22667992
Nope, it doesn't help.

I have run whoami program with another script (but the same scheme) and it shows that instead of my_user the script is run as NETWORK SERVICE user. I'm unwilling to change permissions to allow this user to change my scripts folder (which is necessary for the bat file I'm trying to run).
Is there any way to run this bat file from php script as my_user?
0

LVL 40

Expert Comment

ID: 22669698

$last = system('"C:\\Documents and Settings\\Administrator\\Pulpit\\svn_trunk.bat"',$ret);

0

LVL 40

Expert Comment

ID: 22669719
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.Watch out for this gotcha!exec('&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;');This will fail.Instead, you need to add another set of quotes...exec('&quot;&quot;C:\program with spaces in name.exe&quot; &quot;parameter with spaces&quot;&quot;');Unless you are using the fixed version of PHP 5.3.0+ (not yet released).
As the program has a space in the name, you need to put it in double quotes, just like you would from the command line.

Watch out for this gotcha!

exec('"C:\program with spaces in name.exe" "parameter with spaces"');

This will fail.

exec('""C:\program with spaces in name.exe" "parameter with spaces""');

Unless you are using the fixed version of PHP 5.3.0+ (not yet released).

0

LVL 7

Author Comment

ID: 22771721
I still have some permissions problem. As I said, I managed to run a program whoami.exe (in a way I described in the question) that gives as an output the name of the user that run it. It showed that the program is run as the NETWORK SERVICE user when called by php script (i don't know if this is the right translation, as I got mine in polish). Well - network service doesn't have the right to change files that need to be changed and I'm not willing to give this permissions. That would mean that any script can access those files, which is not what I want. I thought that after I make the user log in to a web page via basic authentication, the script would run as the authenticated user (myuser). But it isn't - it is still Network Service. Can you think of any way to solve this permissions related problem? I would like to run bat file with exec as a certain user (or a whole php script if it's easier) while on a web page.
As for now I run the bat script every 15 minutes as myuser and check inside if the certain files were created by a php script. If so, the actual bat script is called. There is a drawback though - there is a max. 15 minutes gap between calling the php script and running the bat. I could call the bat script more often but it's not a point.
0

LVL 40

Accepted Solution

ID: 22785713
You can use the RunAs command ...

You will need to use runas once manually and use /savecred to save the credentials. Thereafter you shouldn't need to supply the password.

I think.

C:\>runas /?

RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]

/noprofile        specifies that the user's profile should not be loaded.

This causes the application to load more quickly, but

can cause some applications to malfunction.

/profile          specifies that the user's profile should be loaded.

This is the default.

/env              to use current environment instead of user's.

/netonly          use if the credentials specified are for remote

access only.

/savecred         to use credentials previously saved by the user.

This option is not available on Windows XP Home Edition

and will be ignored.

/smartcard        use if the credentials are to be supplied from a

smartcard.

/user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER

program         command line for EXE.  See below for examples

Examples:

> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"

> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

NOTE:  Enter user's password only when prompted.

NOTE:  USER@DOMAIN is not compatible with /netonly.

NOTE:  /profile is not compatible with /netonly.

0

## Featured Post

### Suggested Solutions

This article was inspired by a question here at Experts Exchange (http://www.experts-exchange.com/Software/Photos_Graphics/Images_and_Photos/Q_28629170.html). The requirements stated in that question are (1) reduce the file size of a large number of…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

#### Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!