PHP code won't run after a $_POST from HTML-file

Ok, the problem is simple, though not so simple to explain. I have this PHP-file called “test.php” with the following code:

[php]<?php
$search = $_POST[‘search’];
$filepath = “/usr/sbin”;
exec("ONE $search -command $filepath ");
fopen($filepath, “rw”);
?>[/php]

ONE is a bash searchscript that includes a little “grep” and “sort” that takes one argument.

When I switch $search for a real word and run the file in a shell “php test,php” it runs like a charm and throws up all hits on a new webpage which is an included feature of ONE.

The argument $search derives from a post from an HTML-page that posts the searchword to the PHP-file. It’s captured and set as $search = $_POST[‘search’];

If I switch exec("ONE $search -command $filepath "); to echo("ONE $search -command $filepath "); and then put a searchword in the searchbox in the HTML-page and hit “Search”, it moves over to “test.php” and throws up “ONE searchword -command /usr/sbin” on the page, so that proves the variable is correctly transferred to the PHP-file.

BUT, when I do the search from the HTML-page with the “test.php” as described above it gives back just a blank page. WHY?

Hi henrypaul,

Lets start by making sure that you are receiving the form’s data.

Try doing this:[php]<?php
echo ‘

’;

print_r($_POST);

/*

$search = $_POST[‘search’];

$filepath = “/usr/sbin”;

exec("ONE $search -command $filepath ");

fopen($filepath, “rw”);

*/

?>[/php] Submit your form and then let us know what it outputs…

Array
(
[search] => searchword
[sok2] =>
[sok3] =>
[sok4] =>
[submit] => Sök
)

[code]

OK, the post is getting to the form and your are referencing them correctly in your code. (Good job, this is more often the not the problem)

Since I don’t have ONE I have no way of testing but see if this works:

[php] $search = $_POST[‘search’];
$filepath = “/usr/sbin”;
exec('ONE ‘.$search.’ -command ‘.$filepath.’ ');
fopen($filepath, “rw”);[/php]

I doubt the space after $filepath is effecting anything, but if you don’t need it you might eliminate it just to be safe.

PLEASE NOTE: once you have this working, you should make sure to use escapeshellarg() on each of your variables. This could be a very dangerous script without it. I left it out until things are working…

First of all I want to thank you so much for your efforts. This script has kept me awake for some time now:(

Here is the code for ONE:

[code]#!/bin/bash

grep -r -w -I $1 * > ~/temp1
sort -u ~/temp1

/usr/sbin/talja

rm ~/temp1

exit 0[/code]

The script is executing another script “talja” that looks like this:

[code]
#!/bin/bash
LANG=sv_SE.UTF-8
ADDR=ifconfig | grep "inet addr" | cut -d":" -f2 | cut -d" " -f1 | sed '1d'
echo ‘’ > ~/hits.html

cat ~/temp1 | ( while read line; do
A=echo $line | cut -f1 -d":";
B=echo $A | awk -F"/" '{print $NF}';
C=pwd | sed 's,^[^/]*/var/www,,'
echo “$B” >> ~/hits.html;
done; )

firefox -new-window ~/hits.html

sleep 3
rm ~/hits.html

exit 0[/code]

Well your edited “test.php” didn’t work - unfortunately.

If you want to try the ONE script, just put it together with “talja” in /usr/sbin and put the “test.php” in a directory or above a directory containing some textfiles with a word, say “Linux” inside.

If you switch $search for “Linux” and run from shell “php test.php” you will see how it’s intended to work.

Thanks,

I won’t have access to my testing server for the rest of the day, but I will try to do that if we don’t get it resolved in the meantime.

Lets do one other test. Change the search string from ‘a’ to something that would produce results if it were directly substituted for $search in the exec.

If this works, try restoring the original $search = $_POST[‘search’] and send the same search string to it from your form.

Hi again.

Yes, that code works if run as “php test.php” from the shell.

I’ve been thinking. Could this be a permission problem?

The two commands involved in /usr/sbin have these permissions:

-rwxr-xr-x 1 root root 131 sep 25 16:14 ONE
-rwxr-xr-x 1 root root 504 sep 18 22:24 talja

When I invoke the script via “php test.php” I do it from the shell as an ordinary user “paul”, but reasonably it should be the Apache-user “www-data” that invokes the script when done from a webpage, Could this matter? I’m on a Ubuntu 12.04 LTS by the way.

It’s worth a shot.

Use the following to confirm you php script user[php]<?php
echo exec(‘whoami’);
?>[/php]

I would try chowning the two files and see. I hadn’t considered this possibility, but it makes sense, especially considering your comments!

Yes!

Now, we’re getting somewhere:)

When run from shell it shows “paul” as user, but when run from HTML-page it shows “www-data” as user.

Then, given there is use of the “cedille” ~ in the “ONE” and “talja” commands to correspond with the users home directory (to create temporary files), then the “www-data” user might have trouble getting writing permission for temporary files needed to run the command “ONE”.

I will examine this carefully.

This seems to make a lot of sense! Please keep me updated, I definitely think this is the issue.

Ok, I have made some progress:)

First I changed ALL the occurrences of “~/temp1” to “/tmp/temp1”.

Then I looked in the error.log for Apache and found message “sh: 1: ONE: not found”.

This lead me to change two things: 1. I changed the shell in /etc/passwd for “www-data” from /bin/sh to /bin/bash.
2. I put the full path to ONE in test.php i.e. /usr/sbin/ONE.

This had lead to some progress. The search from HTML-page is giving me some hits now, but it’s kind of “distorted” so I will continue checking logs.

Wow, good work!

I’m really glad you thought of this. It wouldn’t have occurred to me, and I hadn’t run into something like this before. I appreciate your updates!

I had to change in “/usr/sbin/talja” to give the full path for “ifconfig” i.e. “/sbin/ifconfig”.

Now there is only one error left in the log, which I really hope you can help me with:

“Error: no display specified”

This error only comes when the search is invoked by HTML-page. What could cause it?

I found a suggestion on line that display needs to be set before command. The question is where? Before what command?

Should it be already in the “test.php”, perhaps?

DISPLAY=:0

Is there anyway to change who is running the “ONE” command inside the “test.php”? I really would like the current user to be the one to run the line exec(“ONE $search -command $filepath”); since if that could be done, all other problems will vanish.

The problem now is that “www-data” is running the show - which ends with a call for Firefox to open - on a screen that’s already owned by the current user. That why the “Error: no display specified”.

Kind of stuck now:(

Or could just the running of Firefox in /usr/sbin/talja be done by the current user, then there will be no display conflict either.

Well, hope someone could help.

Unfortunately, I am fairly certain that you cannot change the user for php on the fly. You can change the file’s owner, group, or permissions; but I have never seen the php user changed via script.

Have you tried passthru instead of exec? Its probably a long shot, but it may handle the end call for Firefox to open differently.

Worth a shot…

Sorry I haven’t been more help.

Malasho!

I found the issue! Look at this code:

[php]<?php
$search = $_POST[‘search’];
$filepath = “/usr/lib/cgi-bin”;
putenv(“DISPLAY=:0.0”);
exec("/usr/lib/cgi-bin/ONE $search -command $filepath ");
fopen($filepath, “rw”);
?>[/php]

Besides moving both “ONE” and “talja” into the cgi-bin directory I had to do one more thing to get rid of the “Error: No display specified”.
When the PHP-script gets executed then the following commands get run by “www-data” and that systemuser does not possess the display. The workaround is to put a display variable in the PHP-script which will work all the way through the concecutive commands too.

Once again thanks a lot for all help. By the way, where are you from?

Wow! It makes sense, but I have to admit I wouldn’t have thought of that! I’ll remember it though…

Congrats on the awesome solution! To answer your question, I am from Omaha, NE.

Best,

jay