Analysis of PHPshell script _ PHP Tutorial

Source: Internet
Author: User
Analyzes and uses PHPshell scripts. PHP has been developing for a long time and many users are familiar with PHP. here I will share my personal understanding and discuss it with you. In most cases, I have been using the exec () command and data array PHP for a long time. many users know PHP very well. here I will share my personal understanding and discuss it with you. In most cases, I use the exec () command and data array to process everything. Or use shell_exec () for simpler commands, especially when you don't care about the results. If you only need to return a PHP shell script, I will use passthru (). Generally, I use different functions in different occasions, and sometimes they can be exchanged.

It depends entirely on my mood and purpose. Another question you may ask is "what are their strengths ?". If you have no idea, or a project is very suitable for using shell commands, but you do not know how to use them, I will provide some insights here. If you are writing an application that provides various backup or file transfer functions, you can choose to run the PHP shell script supported by rsync by using shell_exec () or one of the other commands provided here. You can write a PHP shell script to include necessary rsync commands, and then execute passthru () based on your command or cron job.

For example, if a user has proper permissions (such as administrator permissions) in your application, he wants to send 50 PDF files from one server to another. Then, the user needs to navigate to the correct location in the application, click Transfer, select the PDF to be sent, and then click Submit. In this process, the form should have a PHP script, which uses the return option variable to run the rsync script through passthru (), so that you know whether a problem occurs, as shown below.

Listing 1. example PHP script for running rsync script through passthru ()

 
 
  1. php
  2. passthru('xfer_rsync.sh',$returnvalue);
  3. if ($returnvalue != 0){
  4. //we have a problem!
  5. //add error code here
  6. }else{
  7. //we are okay
  8. //redirect to some other page
  9. }
  10. ?>

If your application needs to list processes or files, or data about these processes or files, you can use one of the commands summarized in this article to easily achieve this purpose. For example, a simple grep command can help you find a file that matches a specific search condition. It can be used with the exec () command to save the results to an array, which allows you to build an HTML table or form, and further allows you to run other commands.

So far, I have discussed user-generated events. users only need to press the button or click the link, and PHP will run the corresponding script. You can also use an independent PHP script with cron or other calendar programs to achieve some interesting results. For example, if you have a backup script, you can run it through cron or package it into a PHP script and then run it. Why? This seems redundant, isn't it? This is not the case -- you need to consider this. you can run the backup script through exec () or passthru () and then execute some actions based on the returned code. If an error occurs, you can record it in the error log or database, or send a warning email. If the script is successful, you can dump the original output to the database (for example, rsync has a detailed (verbose) mode, which is useful for subsequent troubleshooting ).

Security

Here we will briefly discuss security: If you accept user input and pass the information to the shell, it is best to filter user input. Delete commands and contents that you think are harmful, such as sudo (run as a super user) or rm (delete ). In fact, you may not want users to send open requests, but ask them to select from the list.

For example, if you run a transfer program that accepts the file list as a parameter, you should use a series of check boxes to list all files. You can select and cancel a file and click Submit to activate the rsync shell script. You cannot enter files or use regular expressions.


Bytes. In most cases, I use the exec () command and data array...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.