On Wed, August 10, 2005 7:05 am, Karl-Heinz Christian Zeck wrote:
> Does anyone have any idea how to restart windows from a php script?
You could send it the various hacks such as Ping of Death ranging up to
current Microsoft Windows bugs from any remote computers :-)
> I tried the following:
> exec('SHUTDOWN -r -t 01');
> or
> exec('SHUTDOWN /r');
>
> I received the following warning message: Warning: exec(): Unable to
> fork [SHUTDOWN -r -t 01].
Try something much more simple than "SHUTDOWN"
Can you do "DIR"?
exec("DIR", $output, $error);
echo "OS Error: $error<br />\n";
echo implode("<br />\n", $output);
I believe "Unable to fork" translates into:
"I can't even start an MS-DOS prompt up, much less run your command!"
> I never used this kind of functions before. What's wrong? In IIS for
> "Execute Permissions" I have "Scripts and Executables". What
> permissions should I set for the Internet Guest Account? Or something
> else caused the problem, not the permissions? Please help me.:)
First, you have to figure out for sure for sure what user/account PHP runs
as.
<?php phpinfo();?>
should clarify that.
Next, log in as that user and see if you can shutdown the machine.
If that *USER* can't do it, with a human typing, it's for sure PHP won't
be any better at it.
Next, figure out where the shutdown command actually lives, and provide a
FULL PATH to it:
C:\Windows\System32\blah\blah\blah\blah\shutdown.exe
You never know for sure if PHP's user is getting a full logged-in shell
with all the $PATH ($path?) stuff, or some kind of half-assed crippled
shell. Use a full pathname for everything, and you can ignore this issue.
Use the extra arguments to exec() as I did in the "DIR" example so you can
get the output from the Operating System about what happened.
Shutting down from PHP is not really any different from shutting down from
any other program or an MS-DOS prompt -- shutdown will terminate PHP
cleanly, just as it terminates every other program cleanly.
WARNING:
Seriously consider what happens if...
You get this to work, and some Bad Guy who hates you gains access to your
web page somehow.
They can write PHP script on THEIR server to hit that page, oh, every 5
minutes, and your box will never be up long enough for you to do anything
remote with it at all.
Or a disgrunted employee could put a Scheduled Task on the box to do it
internally.
Or...
You REALLY need to be certain about the security/usability implications of
this before you finalize it.
Lock down access to that page as much as you can.
SSL, password protected, maybe even have the script record a time-stamp
when it's run, and refuse to run itself more often than 3 times in one
24-hour period.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
