On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
> Hi,
>
> I have an web form.
>
> I need send of webform to script bash
>
> webform.html --> PHP proces --> create.sh
>
> create.sh
> #!/bin/ksh
> # Create user
>
> echo "hi!! your pass $1"
> crypted="$(echo -n "$1" | smtpctl encrypt )"
> maildir="$3/$2/"
> echo -e "$2@$3" >> recipients
> echo -e "$2@$3\t$crypted" >> credentials
> echo "ejabberdctl register $2 $3 $1"
> echo "INSERT INTO mails (userid, domain, password, maildir) VALUES
> ('$2', '$3','$crypted', '$maildir');" | mysql -umyuser -mypass mail;
>
> example php
> <?php
> function antiyec($data) {
> $data = trim($data);
> $data = stripslashes($data);
> $data = htmlspecialchars($data);
> return $data;
> }
> $user = antiyec($_POST['user']);
> $frase1 = antiyec($_POST['pass']);
> $domain = antiyec($_POST['dom']);
>
> $out = shell_exec('ksh create.sh $frase1 $user $domain');
> echo "<pre>$out</pre>";
> ?>
If you have MySQL as backend for your email accounts, you can just do
the same with ejabberd. And after that, there is no reason why you can't
do the whole thing on PHP alone.
But as everyone pointed out, you need to do some serious reading and/or
get someone who knows how to set this up properly.
> On 06/01/15 08:50, Gareth Nelson wrote:
> > Everyone is missing the bigger picture here:
> >
> > Why is a PHP script calling the shell? 9 times out of 10, that's a bad idea
> > and things should be redesigned so that it's not needed.
> >
> > ---
> > “Lanie, I’m going to print more printers. Lots more printers. One for
> > everyone. That’s worth going to jail for. That’s worth anything.� -
> > Printcrime by Cory Doctrow
> >
> > Please avoid sending me Word or PowerPoint attachments.
> > See http://www.gnu.org/philosophy/no-word-attachments.html
> >
> > On Mon, Jun 1, 2015 at 1:47 PM, dan mclaughlin <thev...@openmailbox.org>
> > wrote:
> >
> >> On Mon, 1 Jun 2015 06:05:28 -0400 Josh Grosse <j...@jggimi.homeip.net>
> >> wrote:
> >>> On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
> >>>> On Sun, 31 May 2015 22:20:17 -0500 Okupandolared <kan...@darkmail.mx>
> >> wrote:
> >>>>> does not exist,
> >>>>>
> >>>>> so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
> >>>>>
> >>>>> that try "ls" and "/bin/ls" and "/var/www/bin/ls"
> >>>>>
> >>>>> and it does not work,
> >>>>> "/bin/ls" exist
> >>>>> "/var/www/bin/ls" exist
> >>>>>
> >>>>> thanks
> >>>>>
> >>>>> On 05/31/15 19:43, Zi Loff wrote:
> >>>>>> On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
> >>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
> >>>>>>> Hash: SHA256
> >>>>>>>
> >>>>>>> I like received variables POST and send to KSH script.
> >>>>>>>
> >>>>>>> But it seems that in OpenBSD 5.6 and php-fpm.
> >>>>>>>
> >>>>>>> exec() and exec_shell() not working.
> >>>>>>>
> >>>>>>> Could anyone help me?
> >>>>>>>
> >>>>>>> This link explain in detail what I've tried.
> >>>>>>>
> >>>>>>>
> >>
> > http://serverfault.com/questions/695703/php-fpm-does-not-work-me-exec-or-shel
> > l-exec
> >>>>>>>
> >>>>>>> thanks
> >>>>>>
> >>>>>> If the server is chrooted at "/var/www" then "/usr/bin/whoami"
> >> (from the
> >>>>>> server's point of view) actually means "/var/www/usr/bin/whoami"
> >> (from
> >>>>>> your point of view). Does that file exist?
> >>>>>
> >>>>
> >>>> have you tried to copy /bin/sh to /var/www/bin/sh?
> >>>
> >>> Also, in a chrooted filesystem, every dynamically linked executable
> >> needs access
> >>> to ld.so and its shared libraries. Which means /var/www/usr/lib and
> >>> /var/www/usr/libexec will need files populated -- every binary file
> >> should be
> >>> checked wiht ldd(1) to ensure required libraries are made available.
> >>> shared libraries. Each program should
> >>
> >> that reminds me, i did a write up on chrooting programs here:
> >> https://marc.info/?l=openbsd-misc&m=142676615612510&w=2
> >>
> >> although it got into more, the basics of setting up a chroot jail are
> >> there.
> >>
> >> i also have a script that adds a binary and its dependencies automatically.
> >> i'll have to post it later, since i've actually been meaning to recently.
> >> just have to make a few adjustments for portability.
>
--
