Member Avatar for Michael_29

G'day,
I'm currently trying to get a input box with a submit button that puts the command into a string and executes it on a detached screen. Currently I have the following:

index.html

    <form id="commandForm" method="post" action="command.php">
        <input type="text" name="command" />
        <input name="sendCommand" id="sendCommand" type="submit" value="Send" />
    </form>

command.php

    <?php

    shell_exec(screen -S minecraft -p 0 -X stuff "$_'command'$(printf \\r)")

    ?>

In the screen command $_'command' is the text from the text box in the index page.

I'm missing some stuff in my PHP and I've spent quite a while looking and reading but I do not understand.
Is there any chance someone could help me out wih this one please?

Also I understand the security implications of shell_exec, this page will be hidden behind a login screen.

  • 3 Contributors
  • 2 Replies
  • 719 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by cereal
Member Avatar for veedeoo

can you try something like this ?

$command = 'put all command here';

shell_exec($command);

if you want it to work in the background, then you can do something like this

shell_exec(" $command > /dev/null ");
Member Avatar for cereal

Try also:

<?php

    $input    = "ls -lh";
    $command  = escapeshellcmd($input);
    $command .= '^M';

    shell_exec("screen -X stuff '$command'");

If the "stuff" screen is attached you should see the execution of the command.

But keep in mind this is really unsafe action, depending on configuration it can run with webserver privileges. It should be better to perform a regular expression to match the input with a precompiled list of allowed commands and parse the supported arguments for each command, through an array... A good library for this can be Console from Symfony framework:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.