Have a look at exec
Oli
2009-07-26 02:17:46
+5
A:
You could use shell_exec():
$cmd = sprintf("keygen AB3554C1D1971DB7 %s 365",
escapeshellarg($pccode));
$result = shell_exec($cmd);
Whenever you execute external commands you have to be extremely careful to avoid command injection. You can prevent this using escapeshellarg().
Emil H
2009-07-26 02:18:40
If *$pccode* is relatively simple, like only a string of numbers, then it's best to check that there are really only numbers in there. No telling what *keygen* does with the string behind the scenes. Also, check for a specific maximum length.
Inshallah
2009-07-26 02:25:43
Okay, I tried it, however, it didn't work. However, here is the script:$cmd = sprintf("keygen AB3554C1D1971DB7 \pc_code 365");$result = shell_exec($cmd);?><div align="center">Activation Code: <? echo $result; ?>Please let me know what I did wrong.
2009-07-26 03:00:09
Did you use `%s` and `escapeshellarg()` in place of `\pc_code`?
John Kugelman
2009-07-26 03:05:06
No, I substituted %s with \pc_code and removed the escapeshellarg() completely. And when I did <? echo $result; ?> it returns NOTHING! Please help.
2009-07-26 03:12:18
Maybe it doesn't like the bare backslash? you could try "`\\pc_code`"
Kip
2009-07-26 03:20:07
Can you confirm that shell_exec works for you at all? it could be that you don't have permission to run it for some reason. try running the sample code from the shell_exec page: $output = shell_exec('ls -lart'); echo "<pre>$output</pre>";
Kip
2009-07-26 03:28:42
Kip, here's what I got from the ls code.total 652-rw----r-- 1 webmasterbark inetuser 550379 Jul 23 05:49 keygen-rw----r-- 1 webmasterbark inetuser 94208 Jul 23 06:34 KeyGen.exedrwx---r-x 22 webmasterbark inetuser 4096 Jul 24 03:44 ..-rw----r-- 1 webmasterbark inetuser 659 Jul 25 21:11 index.phpdrwx---r-x 2 webmasterbark inetuser 4096 Jul 25 21:11 .Hope this helps
2009-07-26 04:12:25
@Aaron that does tell me that you don't have any problem running shell_exec. So the problem *must* be in the command you are running. does it work when you run it directly from a linux shell? are you sure that it uses a **back**slash? (if so that's pretty uncommon.) you should maybe also try this to ensure that you're not just getting non-printing characters as result: `<?php echo '<pre>'.htmlspecialchars($result).'</pre>' ?>`
Kip
2009-07-26 04:27:27
Nothing. Here's the "Help" file information:for Linux ./keygen MyProductCode \pc_codeand ./keygen MyProductCode \pc_code 365
2009-07-26 08:41:12
+1
A:
It could be that this program is poorly written and outputs its information to stderr instead of stdout. Or it could be that it is failing and (properly) printing the error message to stderr. In either case, shell_exec wouldn't capture stderr. However, you should be able to capture stderr by adding "2>&1" to the end of your command, i.e.:
$result = shell_exec('keygen AB3554C1D1971DB7 \pc_code 365 2>&1');
echo '<pre>'.htmlspecialchars($result).'</pre>';
Edit: For continuity's sake, what fixed the problem was something mentioned in a comment to another answer below:
Maybe it doesn't like the bare backslash? you could try "
\\pc_code"
Kip
2009-07-26 04:36:11
A:
Executing a Linux command isn't really possible from JavaScript (nor should it be). Assuming you're referring to JavaScript that is run on a client's web browser, there would be no security model that would keep people safe from malicious command line access. PHP is a different story.
philfreo
2009-07-26 05:16:22