Launch shell script with parameters from a webpage button

Shell Programming and Scripting
1

I want to create a simple html page that should contain 2 fields in which the user can write the input. Then I want to have a button that should launch a shell script with the parameters inserted by user in the fields from the webpage.
This is the code behind my webpage:

<html>
<form action="/EMM/script.php" method="get">
  Start date: <input type="text" name="sdate"><br>
  End date: <input type="text" name="edate"><br>
  Recipient adress: <input type="text" name="adress"><br>
  <input type="submit" value="Submit">
</form>
</html>

This is how my php script looks like :

#!/usr/bin/php
<?php
    $uri = $_SERVER['REQUEST_URI'];
$output = shell_exec('echo $uri > /tmp/test.txt');
echo "<pre>$output</pre>";
?>

I can seem to be able to grab the URL with the needed variables:

http://10.21.289.132/EMM/script.php?sdate=345&edate=er&adress=sdfg

And use these variables in the shell_exec section where I can launch a shell script with them as parameters.
What I have tried was to echo the content of $uri to the /tmp/test.txt and to check after execution. The file is re-created each time, but empty.

In the browser, after I press the submit button I can see URL formed correctly (as shown above) and a blank page is loaded with onle the header of my php script:
#!/usr/bin/php displayed.

Observations:

  1. my html page and the php script have full rwx rights, are placed in the /DocumentRoot directory of apache/EMM/ path.
  2. I am not sure at all about my .php syntax, don't know if the scripts needs an interpretor or not.

I do not know if this was the right way to accomplish my task (using html > php > bash). But in this context I don't understand:

  1. why am I not able to pass the variables from the URL to bash shell using my php script (if I would be able I'd also like some php code to break down the URL into the respective variables sdate , edate and adress.
  2. why after I press my button a blank page with just the header of my php script is loaded?

Any ideas how to accomplish my task (preferably using html , php and bash shell). ?

2
  1. The actual reason why the output file test.txt is empty is because the URL contains some special symbols, such as "&", which breaks the issued command. This can be fixed with proper quoting:
$output = shell_exec("echo '$uri' > /tmp/test.txt");

  1. The syntax looks good, apart from the mentioned quoting. The interpretor/hashbang/shebang is not needed. It's outside the php section and is treated as plain text, so you can remove it. Inside the php section it would be a comment.

  2. You write you get a blank page, but what did you expect? Due to echo'ing a string and redirecting it to a file there is no output to be returned. Add this to your php script to see some output:

$output2 = shell_exec('ls -l /tmp/test.txt');
echo "<pre>$output2</pre>";
  1. Breaking down the URL is not a good idea. Try to figure out why.

Complete demo incl. shell script for processing the form data:

html file: unchanged

php file (script.php):

<?php
$field1 = $_GET["sdate"];
$field2 = $_GET["edate"];
$field3 = $_GET["adress"];
echo "$field1 $field2 $field3";
//Obviously, this is a temporary location :D
$output = shell_exec("/tmp/process-fields.sh '$field1' '$field2' '$field3'");
echo "<pre>$output</pre>";
?>

shell script (process-fields.sh):

#!/bin/bash
echo "BASH FIELD 1:    $1"
echo "BASH FIELD 2:    $2"
echo "BASH FIELD 3:    $3"

output:

08/25/2014 08/28/2014 info@example.com

BASH FIELD 1:    08/25/2014
BASH FIELD 2:    08/28/2014
BASH FIELD 3:    info@example.com

All in all it's nice to play with and stuff, but from the security point of view it's a big disaster, imho.
Learn the difference between GET and POST method, implement some form validation etc etc

2 Likes
3

Thank you, this solved my problem.
I am aware about the security issues, however this page woulnd;t be visible from internet.