Hello,
I have a simple bash script and I manually run this script to put a file into related directory in apache normally. I need to run it in php with parameter.
My target is to get a download link by running below script but I do not know anything about php. Here is my bash script:
run.sh
#!/bin/bash
cd /root
u=$a
p=$b
mkdir /var/www/html/$u
mkdir /var/www/html/$u/$p
cp index.php /var/www/html/$u/index.php
cp index.php /var/www/html/$u/$p/index.php
cp list.txt /var/www/html/$u/$p/list.txt
#???
#???
#???
echo "your download link is" http://public_ip/download.php?user=$u&pass=$p&file=list.txt"
If that folder name $u, and $p matches it will allow the user to download list.txt file.
It will redirect the user to:
http://public_ip/$u/$p/list.txt
After installing php, I will give permissions for user to run bash script
My question is: what should be the php file?
I'd appreciate if you could lead me right direction or give an idea about the solution.
Thanks in advance
Boris
Need to run it with what parameter?
Hello Corona688,
For example when the user enters below link,
http://public_ip/download.php?user=user1&pass=file1&file=list.txt
Browser should be redirected to:
http://public_ip/user1/file1/list.txt
OR:
when below url is requested:
http://public_ip/download.php?user=mike&pass=mike&file=list455.txt
redirect to:
http://public_ip/mike/mike/list455.txt
Thanks in advance
Boris
OK:
<?php
$p=array("user","pass","file"); // List of arguments we want to check.
// A very handy loop PHP has. It will loop three times, with
// $x set to "user", "pass", and "file" in turn.
foreach($x in $p)
{
// Check if they exist in the global array $_GET
if(!array_key_exists($x, $_GET))
{
printf("<h2>Missing Argument %s</h2>\n", $x);
exit(0);
}
// Reject forward slashes in all passwords, names, and files
if(strchr($_GET[$x], "/"))
{
printf("<h2>Injection Attempt in %s</h2>\n", $x);
exit(0);
}
}
header(sprintf("Location: http://public_ip/%s/%s/%s", $_GET["user"], $_GET["pass"], $_GET["file"]));
?>
I don't seriously recommend this password protection scheme, of course. It's just something to start playing with.
1 Like
Hello,
Stucked in above php code
I've manually created test folder and test2 subdirectory under /var/www/html
test.txt exists at /var/www/html/test/test2/test.txt
Then I ve run below url in Chrome but gives error 500, "this page is not working"
URL:
http://my_public_ip/test.php?user=test&pass=test2&file=test.txt
My test.php file:
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php
$p=array("user","pass","file"); // List of arguments we want to check.
// A very handy loop PHP has. It will loop three times, with
// $x set to "user", "pass", and "file" in turn.
foreach($x in $p)
{
// Check if they exist in the global array $_GET
if(!array_key_exists($x, $_GET))
{
printf("<h2>Missing Argument %s</h2>\n", $x);
exit(0);
}
// Reject forward slashes in all passwords, names, and files
if(strchr($_GET[$x], "/"))
{
printf("<h2>Injection Attempt in %s</h2>\n", $x);
exit(0);
}
}
header(sprintf("Location: http://my_public_ip/%s/%s/%s", $_GET["user"], $_GET["pass"], $_GET["file"]));
?>
</body>
</html>
I'd appreciate if you could let me know what I am missing
Thanks
Boris
Welcome back.
I made some typos in that.
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php
$x=array("user","pass","file"); // List of arguments we want to check.
// A very handy loop PHP has. It will loop three times, with
// $p set to "user", "pass", and "file" in turn.
foreach($x as $p)
{
// Check if they exist in the global array $_GET
if(!array_key_exists($p, $_GET))
{
printf("<h2>Missing Argument %s</h2>\n", $p);
exit(0);
}
// Reject forward slashes in all passwords, names, and files
if(strchr($_GET[$p], "/"))
{
printf("<h2>Injection Attempt in %s</h2>\n", $p);
exit(0);
}
}
header(sprintf("Location: http://my_public_ip/%s/%s/%s", $_GET["user"], $_GET["pass"], $_GET["file"]));
?>
</body>
</html>
1 Like
Hello Corona,
Many thanks
Works fine.
Kind regards
Boris
1 Like