PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

run a PHP script in a server

https://www.purebasic.fr/english/viewtopic.php?t=63844

Page 1 of 1

run a PHP script in a server

Posted: Sun Oct 25, 2015 2:17 pm
by zikitrake
My program generate a PHP file and I upload it to my shared hosting (/HOME/username/myfolder/).

Currently I run this PHP via cron in CPANEL but, Is possible to execute this PHP script immediately after it is uploaded to the server?

Thank you in advance.

Re: run a PHP script in a server

Posted: Sun Oct 25, 2015 2:21 pm
by Julian
RunProgram("http://www.domain.com/shared/hosting/folder/file.php")

This will open a local browser and browse to the file, thus executing it.

Re: run a PHP script in a server

Posted: Sun Oct 25, 2015 2:50 pm
by zikitrake
Julian wrote:RunProgram("http://www.domain.com/shared/hosting/folder/file.php")

This will open a local browser and browse to the file, thus executing it.
Thank you, but I can't use it because it is a protected folder (.htaccess, user/pass). Sorry, I forgot to mention this.

Edit: :oops:

Code: Select all

urlrun$ = "http://username:password@www.domain.com/shared/hosting/folder/file.php"

HideWin=OpenWindow(#PB_Any,0,0,300,300,"",#PB_Window_Invisible)
WebG=WebGadget(#PB_Any,10,10,200,200,urlrun$)

While GetGadgetAttribute(WebG,#PB_Web_Busy)<>0
    WindowEvent()
Wend

CloseWindow(HideWin)
works like a charm

Re: run a PHP script in a server

Posted: Tue Oct 27, 2015 9:15 am
by Num3
Hi,

On the security side, what you are doing is a potential huge exploit (uploading a generated script and running it).
If possible separate the two. Leave the script on the server and use your software to communicate with it.

Also use https when available / possible (refer to your webhost for details)

And don't place your username / password on a single string, scanning the exe will reveal them :mrgreen:

PREFERED WAY (execute external script without password / username sent)

Code: Select all


urlrun$ = "https://www.domain.com/shared/hosting/folder/file.php?id=xxxxxxx&procedure=1&data1=aaaaaaaaaa&data2=bbbbbbbb";

id - should be a unique generated hash that is checked by the php script at run. This is an extra safety measure that ensures only valid ids can make the script run
procedure - the procedure you want to run from your php script
data1/data2/data3/etc - data to be used by the procedure
Another WAY (If someone sniffs all network traffic generated from the app it will be easy to retrieve user/pass)

Code: Select all


user$ = "username"
pass$ = "password"

urlrun$ = "https://"+user$+":"+pass$+"www.domain.com/shared/hosting/folder/file.php?id=xxxxxxx&procedure=1&data1=aaaaaaaaaa&data2=bbbbbbbb";

id - should be a unique generated hash that is checked by the php script at run. This is an extra safety measure that ensures only valid ids can make the script run
procedure - the procedure you want to run from your php script
data1/data2/data3/etc - data to be used by the procedure
On my windows / android apps that communicate with a server the ID I generate is based on the SHA256(DATE & TIME & USERNAME & PASSWORD).
The php script on the server has the same exact generating function, but with data base lookups to check username / password using the data sent by the client.

(the url looks something like this: https: // myserver/9B459388E4628F1B18045BAFFF08EA5C.php?id=3E0B9CFF5E4703151AA2163ACDDC31BB132D839B04F78CE6B185B29F683123A8&date=201510270837&user=mememe&pass=5F4DCC3B5AA765D61D8327DEB882CF99&proc=5&d1=3.14&d2=110)

This way I ensure that each time a call to the php script is made the ID is always different and it will be very difficult to mimic!

Re: run a PHP script in a server

Posted: Tue Oct 27, 2015 9:54 am
by zikitrake
Num3 wrote:Hi,...
Nice one!, I will use the first method you propose. Although my program is for personal use, I'll be happier if I don't use user/password.

Thank you!
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited