Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Web form input passed to PHP to pass to and run batch script on web server

Posted on 2014-04-02
14
712 Views
Last Modified: 2014-06-09
Bear with me-

I'm trying to provide my users a way to kill frozen RemoteApp sessions (so I don't have to.) I'm familiar with the settings associated with reducing this problem, I've tried them all. I'd like to make a page on the company intranet they can type their remote username into and hit submit and kill the session.

This is what I have so far-

Form on the intranet webpage getting username-
<form action="C:\wamp\www\poskick.php" method="post" name="myForm">
UserName <input id="name" type="text" name="name" />
<input type="submit" value="Kick Me!" />
</form>

PHP file in C:\wamp\www\ to take username and pass to batch script-
<?php
$name=$_POST["name"];

putenv("NAME=$name);
exec("POSkick.bat");

?>

batch script to match username to session ID and terminate session-
@echo off
:Ask
set INPUT=$NAME
qwinsta /server xx.xx.xx.xx > sessionID.txt
for /F "delims=" %%a in ('findstr %INPUT% sessionID.txt') do set var=%%a
ECHO %var% > userID.txt
for /f "tokens=3" %%b in (userID.txt) do set ID=%%b
rwinsta %ID% /server xx.xx.xx.xx


The batch script works fine if I type a username in for $NAME. The server the website is hosted on is joined to the domain and has permission to kill these remote sessions, that's why I want the batch to run on it. When I try to execute the "Kick Me" button from the actual web page absolutely nothing happens. Can anyone see what I'm doing wrong here?
0
Comment
Question by:botsadmins
  • 6
  • 4
  • 2
14 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 39974365
You can get windows system information via SNMP
Running a script will open a huge security hole
0
 

Author Comment

by:botsadmins
ID: 39975162
It's all within the company intranet, the script doesn't possess any credentials, it's the machine that it's run on (locally hosted intranet behind firewall) that has the privileges to query and kill sessions on a remote server
0
 

Author Comment

by:botsadmins
ID: 39975173
the batch script works flawlessly assuming the correct name gets passed to it and it actually runs under the security context of the server it's on. The web form looks fine. I'm messing up between passing the username from the webform to the batch script and actually executing the batch script under it's host's security context.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 62

Expert Comment

by:gheist
ID: 39975308
You must exec() binary .exe file e.g
exec ("c:\windows\system32\cmd.exe /c echo good morning")
0
 

Author Comment

by:botsadmins
ID: 39975527
The "Kick Me" button using the "submit" type for the form still doesn't cause anything to happen, I have the correct path for the php file and adjusted the exec() as you suggested.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39975703
Since network service runs as networkservice user it has no access to services ran as localsystem or localservice.
0
 

Author Comment

by:botsadmins
ID: 39975947
Is there a simple enough localsystem program I could set up to listen for input from the networkservice?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39978356
No idea, ask attention and ask moderators to add some windows area and call in experts
0
 

Author Comment

by:botsadmins
ID: 39978613
Just did, thank you for your help. I'm excited to make this happen, I'm trying to research myself but I haven't had much luck. Yet.
0
 
LVL 29

Accepted Solution

by:
fibo earned 500 total points
ID: 40006602
I would suspect "putenv" to create a transient env value which is lost when running the exec, presumably in some other execution space.

I would test the effect of passing the name as an argument to the bat file, ie something like:
<?php
$name=$_POST["name"];// beware, huge security gap there!!!!

$my_exec="POSkick.bat $name";
exec($my_exec);
?>

Open in new window

with POSkick now:
@echo off
:Ask
set INPUT=$1
qwinsta /server xx.xx.xx.xx > sessionID.txt
for /F "delims=" %%a in ('findstr %INPUT% sessionID.txt') do set var=%%a
ECHO %var% > userID.txt
for /f "tokens=3" %%b in (userID.txt) do set ID=%%b
rwinsta %ID% /server xx.xx.xx.xx

Open in new window

0
 

Author Closing Comment

by:botsadmins
ID: 40122493
Sorry this took so long, got side tracked with other projects. Much appreciated!
0
 
LVL 29

Expert Comment

by:fibo
ID: 40123270
B-) glas we could help! Thx for the grade and points!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question