Tutorial :how to execute a .exe program by php script



Question:

I want to execute a .exe file on my Apache server using a php script. the procedure is as follow:

  1. user comes, fills a html form

  2. it goses to a php script

  3. php script executes the name.exe file

  4. php prints the output of the name.exe file on the page.

I execute the name.exe normally from windows like this:

run--> cmd--> D:\name [command]

the name.exe needs to communicate with other files like libraries in the same directory.

the complete comand in cmd at windows is like this:

D:\name library.dll [input from user]

then program executes and prints some results in cmd window.

I actually want to run this program on my server form my clients. I don't know how, but I now there is a way to do this.

Another related question, is there any shell that I can install on Linux server and execute name.exe in it?


Solution:1

Please rethink your solution as this will likely create more problems (particularly security issues) than it solves. By having a PHP script execute your program you run the danger of a user entering the following into your form:

John Doe; rm \windows\*  

or

John Doe; rm d:\name\*  

You want to limit user input to a very controlled subset so that you won't get malicious command injection.

PHP does provide an exec() but be very careful.


Solution:2

You should escape the user input with escapeshellarg before sending it to the command.

$saferinput = escapeshellarg($input);  system('D:\name library.dll '.$saferinput);  


Solution:3

You probably want passthru() or exec().

As for Linux, if name.exe runs well under WINE, you would probably want to use passthru() or shell_exec() and call WINE to run name.exe. I have no idea what name.exe does, so even if it runs under WINE, there's no guarantee that it will actually work.

There is, however no magic shell that allows Linux to execute arbitrary Windows executables.

As noted, be very careful of what you allow to get to exec() or passthru() or anything else that executes code outside of your script. I'm not going to go as far as to say you probably should not be doing whatever it is that you are doing, but I'm not the one working on whatever you are working on :)


Solution:4

This is a very bad idea. Aside from having to grant ridiculous permissions to the user account under which your web server is executing, which effectively gives anyone visiting your site the power to run executables, your run the risk of thread safety issues, file system locking problems, and others.

If you absolutely must use this exe, create a queuing system. Have your site put the form request into a convenient repository (say, a database), and have a service poll the database periodically to run this process. This allows separation of user accounts and associated permissions for the website and the exe, eliminates any concurrent execution issues, and decreases response latency for your site.

Some (cough) languages allow you to create this service and your site code in the same language/techology, but in this case you'll have to break out the .NET or other compiled language in order to create such a service.


Solution:5

I think we can do this by connecting to the server using PHP SSH. There is a library (http://phpseclib.sourceforge.net/) which allows you to connect to the server via SSH. Earlier I tried connecting to the server using telnet and execte .exe. But my school admin has blocked telnet due to security reasons, so I need to work on ssh.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »