php execution

rhodesy

Hey,

I have an signup script that creates accounts automatically on a server - I also have one that deletes a reseller account and all of its accounts within it. After the user has started the script (the delete one), if they stop the execution half way through then not all of the accounts get deleted.

I don't want to have to have a cron oging because it needs to be instant however I still need a way so that a php script is executed and then the user can do what they wish - it wont make a difference.

Thanks
Luke Rhodes

bradgrafelman

If your website is hosted in a shared-hosting environment (i.e. you don't own your own server), then you might not have the ability to execute commands, but try something like...

exec('/usr/bin/php /path/to/your/public_html/deleteUser.php?userid=5 &');

Now, to do this, you'll need to know 3 things:

Does your host allow exec(), passthru(), shell_exec(), system(), etc.
What the path to the PHP executable is on the server
The full path to your script on the server

rhodesy

thanks, I guess I could have the standard parsing as a backup for if the exec function isn't available - how do I check if it is - using php?

rhodesy

Also - I'm thinking of security issues here - I don't suppose the session information will be sent through exec automatically? I'll need to think of some way to make the exec'd script secure.

bradgrafelman

Right... you'd have to do some tweaking, but you can use $argv to grab the data in the query string sent to the script, and pass things as if you were using $_GET.

For the other problem you mentioned about making sure it worked... you could do something like this:

ini_set('track_errors', 'On');
@exec('net send synthesizer hi');

if(!empty($php_errormsg)) {

die('uh oh!');// exec() failed or isn't allowed...

}

rhodesy

Right brilliant thanks - any ideas on the security because its quite major

I had one thought of doing some verification by use of a temp database table

bradgrafelman

I'm sorry... explain again what you mean by security?

rhodesy

for example

I have a script called members_area_delete_account.php

The members_area_delete_account.php execs a script as such:

function_delete_members.php?member_id=2

eve though members_area_delete_account.php is secure through login sessions

function_delete_members.php can be accessed by anyone because the exec function is neeed

bradgrafelman

If I understand you correctly...

You can stop just anyone from using this by requiring some form of authentication to use members_area_delete_account.php . If you have a session system in place, then you would check the session in here (I'm assuming this is the file you call from the browser, and function_delete_members.php is the scripty you're executing from the CLI).

To protect function_delete_members.php, move this script outside of your web directory. Or, if you don't have access to do that, make a "secret" folder on your webserver, and make a .htaccess file inside that folder that looks something like:

Order allow,deny
Deny from all