run a PHP script in a server

[zikitrake]

My program generate a PHP file and I upload it to my shared hosting (/HOME/username/myfolder/).

Currently I run this PHP via cron in CPANEL but, Is possible to execute this PHP script immediately after it is uploaded to the server?

Thank you in advance.

[Julian]

RunProgram("http://www.domain.com/shared/hosting/folder/file.php")

This will open a local browser and browse to the file, thus executing it.

[zikitrake]

RunProgram("http://www.domain.com/shared/hosting/folder/file.php")

This will open a local browser and browse to the file, thus executing it.

Thank you, but I can't use it because it is a protected folder (.htaccess, user/pass). Sorry, I forgot to mention this.

Edit:

Code: Select all

urlrun$ = "http://username:password@www.domain.com/shared/hosting/folder/file.php"

HideWin=OpenWindow(#PB_Any,0,0,300,300,"",#PB_Window_Invisible)
WebG=WebGadget(#PB_Any,10,10,200,200,urlrun$)

While GetGadgetAttribute(WebG,#PB_Web_Busy)<>0
    WindowEvent()
Wend

CloseWindow(HideWin)

works like a charm

[Num3]

Hi,

On the security side, what you are doing is a potential huge exploit (uploading a generated script and running it).
If possible separate the two. Leave the script on the server and use your software to communicate with it.

Also use https when available / possible (refer to your webhost for details)

And don't place your username / password on a single string, scanning the exe will reveal them

PREFERED WAY (execute external script without password / username sent)

Code: Select all

urlrun$ = "https://www.domain.com/shared/hosting/folder/file.php?id=xxxxxxx&procedure=1&data1=aaaaaaaaaa&data2=bbbbbbbb";

id - should be a unique generated hash that is checked by the php script at run. This is an extra safety measure that ensures only valid ids can make the script run
procedure - the procedure you want to run from your php script
data1/data2/data3/etc - data to be used by the procedure

Another WAY (If someone sniffs all network traffic generated from the app it will be easy to retrieve user/pass)

Code: Select all

user$ = "username"
pass$ = "password"

urlrun$ = "https://"+user$+":"+pass$+"www.domain.com/shared/hosting/folder/file.php?id=xxxxxxx&procedure=1&data1=aaaaaaaaaa&data2=bbbbbbbb";

id - should be a unique generated hash that is checked by the php script at run. This is an extra safety measure that ensures only valid ids can make the script run
procedure - the procedure you want to run from your php script
data1/data2/data3/etc - data to be used by the procedure

On my windows / android apps that communicate with a server the ID I generate is based on the SHA256(DATE & TIME & USERNAME & PASSWORD).
The php script on the server has the same exact generating function, but with data base lookups to check username / password using the data sent by the client.

(the url looks something like this: https: // myserver/9B459388E4628F1B18045BAFFF08EA5C.php?id=3E0B9CFF5E4703151AA2163ACDDC31BB132D839B04F78CE6B185B29F683123A8&date=201510270837&user=mememe&pass=5F4DCC3B5AA765D61D8327DEB882CF99&proc=5&d1=3.14&d2=110)

This way I ensure that each time a call to the php script is made the ID is always different and it will be very difficult to mimic!

[zikitrake]

Hi,...

Nice one!, I will use the first method you propose. Although my program is for personal use, I'll be happier if I don't use user/password.

Thank you!