Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 725
  • Last Modified:

Web form input passed to PHP to pass to and run batch script on web server

Bear with me-

I'm trying to provide my users a way to kill frozen RemoteApp sessions (so I don't have to.) I'm familiar with the settings associated with reducing this problem, I've tried them all. I'd like to make a page on the company intranet they can type their remote username into and hit submit and kill the session.

This is what I have so far-

Form on the intranet webpage getting username-
<form action="C:\wamp\www\poskick.php" method="post" name="myForm">
UserName <input id="name" type="text" name="name" />
<input type="submit" value="Kick Me!" />
</form>

PHP file in C:\wamp\www\ to take username and pass to batch script-
<?php
$name=$_POST["name"];

putenv("NAME=$name);
exec("POSkick.bat");

?>

batch script to match username to session ID and terminate session-
@echo off
:Ask
set INPUT=$NAME
qwinsta /server xx.xx.xx.xx > sessionID.txt
for /F "delims=" %%a in ('findstr %INPUT% sessionID.txt') do set var=%%a
ECHO %var% > userID.txt
for /f "tokens=3" %%b in (userID.txt) do set ID=%%b
rwinsta %ID% /server xx.xx.xx.xx


The batch script works fine if I type a username in for $NAME. The server the website is hosted on is joined to the domain and has permission to kill these remote sessions, that's why I want the batch to run on it. When I try to execute the "Kick Me" button from the actual web page absolutely nothing happens. Can anyone see what I'm doing wrong here?
0
botsadmins
Asked:
botsadmins
  • 6
  • 4
  • 2
1 Solution
 
gheistCommented:
You can get windows system information via SNMP
Running a script will open a huge security hole
0
 
botsadminsAuthor Commented:
It's all within the company intranet, the script doesn't possess any credentials, it's the machine that it's run on (locally hosted intranet behind firewall) that has the privileges to query and kill sessions on a remote server
0
 
botsadminsAuthor Commented:
the batch script works flawlessly assuming the correct name gets passed to it and it actually runs under the security context of the server it's on. The web form looks fine. I'm messing up between passing the username from the webform to the batch script and actually executing the batch script under it's host's security context.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
gheistCommented:
You must exec() binary .exe file e.g
exec ("c:\windows\system32\cmd.exe /c echo good morning")
0
 
botsadminsAuthor Commented:
The "Kick Me" button using the "submit" type for the form still doesn't cause anything to happen, I have the correct path for the php file and adjusted the exec() as you suggested.
0
 
gheistCommented:
Since network service runs as networkservice user it has no access to services ran as localsystem or localservice.
0
 
botsadminsAuthor Commented:
Is there a simple enough localsystem program I could set up to listen for input from the networkservice?
0
 
gheistCommented:
No idea, ask attention and ask moderators to add some windows area and call in experts
0
 
botsadminsAuthor Commented:
Just did, thank you for your help. I'm excited to make this happen, I'm trying to research myself but I haven't had much luck. Yet.
0
 
fiboCommented:
I would suspect "putenv" to create a transient env value which is lost when running the exec, presumably in some other execution space.

I would test the effect of passing the name as an argument to the bat file, ie something like:
<?php
$name=$_POST["name"];// beware, huge security gap there!!!!

$my_exec="POSkick.bat $name";
exec($my_exec);
?>

Open in new window

with POSkick now:
@echo off
:Ask
set INPUT=$1
qwinsta /server xx.xx.xx.xx > sessionID.txt
for /F "delims=" %%a in ('findstr %INPUT% sessionID.txt') do set var=%%a
ECHO %var% > userID.txt
for /f "tokens=3" %%b in (userID.txt) do set ID=%%b
rwinsta %ID% /server xx.xx.xx.xx

Open in new window

0
 
botsadminsAuthor Commented:
Sorry this took so long, got side tracked with other projects. Much appreciated!
0
 
fiboCommented:
B-) glas we could help! Thx for the grade and points!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now