Hi,
I have an web form.
I need send of webform to script bash
webform.html --> PHP proces --> create.sh
create.sh
#!/bin/ksh
# Create user
echo "hi!! your pass $1"
crypted="$(echo -n "$1" | smtpctl encrypt )"
maildir="$3/$2/"
echo -e "$2@$3" >> recipients
echo -e "$2@$3\t$crypted" >> credentials
echo "ejabberdctl register $2 $3 $1"
echo "INSERT INTO mails (userid, domain, password, maildir) VALUES
('$2', '$3','$crypted', '$maildir');" | mysql -umyuser -mypass mail;
example php
<?php
function antiyec($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$user = antiyec($_POST['user']);
$frase1 = antiyec($_POST['pass']);
$domain = antiyec($_POST['dom']);
$out = shell_exec('ksh create.sh $frase1 $user $domain');
echo "<pre>$out</pre>";
?>
On 06/01/15 08:50, Gareth Nelson wrote:
> Everyone is missing the bigger picture here:
>
> Why is a PHP script calling the shell? 9 times out of 10, that's a bad idea
> and things should be redesigned so that it's not needed.
>
> ---
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.� -
> Printcrime by Cory Doctrow
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>
> On Mon, Jun 1, 2015 at 1:47 PM, dan mclaughlin <thev...@openmailbox.org>
> wrote:
>
>> On Mon, 1 Jun 2015 06:05:28 -0400 Josh Grosse <j...@jggimi.homeip.net>
>> wrote:
>>> On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
>>>> On Sun, 31 May 2015 22:20:17 -0500 Okupandolared <kan...@darkmail.mx>
>> wrote:
>>>>> does not exist,
>>>>>
>>>>> so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
>>>>>
>>>>> that try "ls" and "/bin/ls" and "/var/www/bin/ls"
>>>>>
>>>>> and it does not work,
>>>>> "/bin/ls" exist
>>>>> "/var/www/bin/ls" exist
>>>>>
>>>>> thanks
>>>>>
>>>>> On 05/31/15 19:43, Zi Loff wrote:
>>>>>> On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA256
>>>>>>>
>>>>>>> I like received variables POST and send to KSH script.
>>>>>>>
>>>>>>> But it seems that in OpenBSD 5.6 and php-fpm.
>>>>>>>
>>>>>>> exec() and exec_shell() not working.
>>>>>>>
>>>>>>> Could anyone help me?
>>>>>>>
>>>>>>> This link explain in detail what I've tried.
>>>>>>>
>>>>>>>
>>
> http://serverfault.com/questions/695703/php-fpm-does-not-work-me-exec-or-shel
> l-exec
>>>>>>>
>>>>>>> thanks
>>>>>>
>>>>>> If the server is chrooted at "/var/www" then "/usr/bin/whoami"
>> (from the
>>>>>> server's point of view) actually means "/var/www/usr/bin/whoami"
>> (from
>>>>>> your point of view). Does that file exist?
>>>>>
>>>>
>>>> have you tried to copy /bin/sh to /var/www/bin/sh?
>>>
>>> Also, in a chrooted filesystem, every dynamically linked executable
>> needs access
>>> to ld.so and its shared libraries. Which means /var/www/usr/lib and
>>> /var/www/usr/libexec will need files populated -- every binary file
>> should be
>>> checked wiht ldd(1) to ensure required libraries are made available.
>>> shared libraries. Each program should
>>
>> that reminds me, i did a write up on chrooting programs here:
>> https://marc.info/?l=openbsd-misc&m=142676615612510&w=2
>>
>> although it got into more, the basics of setting up a chroot jail are
>> there.
>>
>> i also have a script that adds a binary and its dependencies automatically.
>> i'll have to post it later, since i've actually been meaning to recently.
>> just have to make a few adjustments for portability.
