views:

553

answers:

4
+1  A: 

Have a look at exec

Oli
+5  A: 

You could use shell_exec():

$cmd = sprintf("keygen AB3554C1D1971DB7 %s 365", 
               escapeshellarg($pccode));
$result = shell_exec($cmd);

Whenever you execute external commands you have to be extremely careful to avoid command injection. You can prevent this using escapeshellarg().

Emil H
If *$pccode* is relatively simple, like only a string of numbers, then it's best to check that there are really only numbers in there. No telling what *keygen* does with the string behind the scenes. Also, check for a specific maximum length.
Inshallah
Okay, I tried it, however, it didn't work. However, here is the script:$cmd = sprintf("keygen AB3554C1D1971DB7 \pc_code 365");$result = shell_exec($cmd);?><div align="center">Activation Code: <? echo $result; ?>Please let me know what I did wrong.
Did you use `%s` and `escapeshellarg()` in place of `\pc_code`?
John Kugelman
No, I substituted %s with \pc_code and removed the escapeshellarg() completely. And when I did <? echo $result; ?> it returns NOTHING! Please help.
Maybe it doesn't like the bare backslash? you could try "`\\pc_code`"
Kip
Can you confirm that shell_exec works for you at all? it could be that you don't have permission to run it for some reason. try running the sample code from the shell_exec page: $output = shell_exec('ls -lart'); echo "<pre>$output</pre>";
Kip
Kip, here's what I got from the ls code.total 652-rw----r-- 1 webmasterbark inetuser 550379 Jul 23 05:49 keygen-rw----r-- 1 webmasterbark inetuser 94208 Jul 23 06:34 KeyGen.exedrwx---r-x 22 webmasterbark inetuser 4096 Jul 24 03:44 ..-rw----r-- 1 webmasterbark inetuser 659 Jul 25 21:11 index.phpdrwx---r-x 2 webmasterbark inetuser 4096 Jul 25 21:11 .Hope this helps
@Aaron that does tell me that you don't have any problem running shell_exec. So the problem *must* be in the command you are running. does it work when you run it directly from a linux shell? are you sure that it uses a **back**slash? (if so that's pretty uncommon.) you should maybe also try this to ensure that you're not just getting non-printing characters as result: `<?php echo '<pre>'.htmlspecialchars($result).'</pre>' ?>`
Kip
Nothing. Here's the "Help" file information:for Linux ./keygen MyProductCode \pc_codeand ./keygen MyProductCode \pc_code 365
+1  A: 

It could be that this program is poorly written and outputs its information to stderr instead of stdout. Or it could be that it is failing and (properly) printing the error message to stderr. In either case, shell_exec wouldn't capture stderr. However, you should be able to capture stderr by adding "2>&1" to the end of your command, i.e.:

$result = shell_exec('keygen AB3554C1D1971DB7 \pc_code 365 2>&1');
echo '<pre>'.htmlspecialchars($result).'</pre>';

Edit: For continuity's sake, what fixed the problem was something mentioned in a comment to another answer below:

Maybe it doesn't like the bare backslash? you could try "\\pc_code"

Kip
Okay...tried that...still not working. This is the errorsh: keygen: command not foundHELP!?!?
Okay...the way the code is written, it should be ./keygen...but now it says permission denied. How can I change this? I use GoDaddy.com
KIP: It works, I added the additional \ to \pc_code and it works...at least it generates a code...anyway...thanks for the help. Unless you can provide me with a quick script to reload a page onSubmit with form generated information added.? Just a thought.
A: 

Executing a Linux command isn't really possible from JavaScript (nor should it be). Assuming you're referring to JavaScript that is run on a client's web browser, there would be no security model that would keep people safe from malicious command line access. PHP is a different story.

philfreo