PHP display issue

software development

#1

This is probably a no brainer but I’ll post it here anyway.

I’m working on a php script that generates a playlist. I’ve managed to get id3v2 binary installed and working locally. I’m testing a script that grabs tag contents using shell_exec() and it works fine at the command line but refuses to output anything through apache.

[thing$] php xspfphp.php

displays the playlist correctly. If I redirect it to a file it even works on a page but the same script won’t run from a browser.

What dufus thing am I forgetting?


#2

exec();

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

What about exec()?


#4

Try using it :stuck_out_tongue:

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#5

I have.
Once again, the script runs fine at the shell using the command:

$php script.php

But it won’t execute the exec() when run via a browser. I know exec works, I have other scripts that use exec, passthru and shell_exec that work fine.

Snippet:

foreach($farray as $FullFileName) {
$command = 'id3v2 --list '. escapeshellarg($FullFileName);
$id3 = shell_exec($command);

It runs fine on my home debian server via apache.

Stumped!


#6

The snippet you included still contains “shell_exec” instead of “exec”. Did you change it before trying to load in a web browser?


#7

Yes.

I tried exec and passthru as well. None of them display output, even in a test file. In fact I get:

[Wed Mar 04 02:30:19 2009] [error] [client 216.99.209.41] ModSecurity: Access denied with code 404 (phase 4). Pattern match “(?:[^<]*?(?:\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\b|imhabirligi phpftp)|(?:r(?:emote explorer|57shell)|aventis klasvayv|zehir)\b|\.::(?:news remote php shell injection::\.| rhtools\b)|ph(?:p(?:(?: commander|-terminal)\b|remoteview)| …” at RESPONSE_BODY. [file “/dh/apache2/template/etc/mod_sec2/modsecurity_crs_45_trojans.conf”] [line “34”] [id “950922”] [msg “Backdoor access”] [severity “CRITICAL”] [tag “MALICIOUS_SOFTWARE/TROJAN”] [hostname “www.trbailey.org”] [uri “/music/phpexec.php”] [unique_id “Sa5YO0t3yAUAADlrTUMAAAAF”]

In my error log when trying to run a simple exec test and a 404 at the browser.

<?php echo '

Executing: id3v2 '; $cmd = 'id3v2 -h'; passthru($cmd); exec($cmd); echo 'end of id3v2

'; echo '

Executing ls '; $cmd = 'ls -al'; passthru($cmd); exec($cmd); echo 'end of ls

'; ?>

But no trojan error log for the other script, just no output.
Curouser and curiouser…


#8

I just tried this on my webspace and it seems like it is working.

<?php echo "

Executing LS

"; echo exec('ls'); ?>

I think you are forgetting to output the response from your commands?


#9

$command = 'id3v2 --list '. escapeshellarg($FullFileName); is incomplete.

Segment and append:

<?php $var1='ls'; $var2=' -lsa'; $var3=$var1.$var2; passthru($var3); ?>
Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#10

It outputs fine from the console via ssh.
It runs fine on another server.

Thanks.


#11

It’s something with passthru not liking arguments.

passthru(‘ls’) works for me

passthru(‘ls -laF’) gives me the 404 error

exec with arguments works, but it only echos the first file.

I tried sXi’s suggestion but that doesn’t seem to be working, I still get the 404 error.


#12

It’s definitely something in apache2.

The script runs fine as-is using my custom php-wrapper.cgi which means it’s compiled with the correct library path, but it fails to find the library when run under apache2. It’s got to be something in their mod_security or whatever it is.

I’ll ask and see what happens. I noticed a really nasty “emergency emergency” error message in my apache error log yesterday about an attempted hack while I was running a test script. It’s possible they don’t like the program id3v2. It’s older and may have vulnerabilities.

Thanks for the feedback, as I said, this script runs at the ssh console both calling php5 directly and using my custom php-wrapper script so it’s got to be something in apache2.

-Tom


#13

Shell environment <> PHP environment.

Set it up so it mimics your paths via .bashrc

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#14

Did that already.

Le me reiterate ONE MORE TIME:

I can run the script from my php-wrapper.cgi, the exact same wrapper that is active for the domain I’m trying to get working. But, it won’t run the exact same script in the browser. The log file shows that it can’t find it’s shared library. How can that be? If php-cgi runs via a wrapper and the wrapper executes OK then I know my environment is OK.

Plus, It shouldn’t even need an environment variable, it was compiled against the currently installed library in ~/lib/

I’ll be happy to let you try…


#15

There are a lot of smart, helpful people here. Consider taking a deep breath first when it gets frustrating.


#16

I’m not frustrated yet. I have lots of other things to work on while I sleep on it and think and google and read and fiddle and learn and wait while I comprehend why this won’t work. :slight_smile:

The thing that’s in the back of my mind is that I can’t expect a “customer” to take the time to do what I do just to make this application work on their system. It’s unreasonable to expect someone to compile a custom PHP via FTP just to install a simple playlist generator.

At the moment I’m thinking that running a system binary from php is not going to be a usable solution unless it’s a custom cgi-binary designed specifically for this purpose, in which case php has no place in the loop.

If I sounded frustrated it’s that most of the answers I’ve received ignore the testing I’ve done and posted. But life is a journey, not a destination…


#17

Contents of .bashrc:

~/.bashrc: executed by bash(1) for non-login shells.

#alias php=/usr/local/php5/bin/php

export TMPDIR=$HOME/tmp
export PATH=$HOME/bin:$PATH
export LD_LIBRARY_PATH=$HOME/lib:/usr/local/lib:$LD_LIBRARY_PATH
export CPATH=$HOME/include:/usr/local/include:$CPATH
export LIBRARY_PATH=$HOME/lib:/usr/local/lib:$LIBRARY_PATH

Contents of .bash_profile:

~/.bash_profile: executed by bash(1) for login shells.

umask 002
export PS1=’[\h]$ ‘
alias php=/usr/local/php5/bin/php
export LS_OPTIONS=’-Fh --color=auto’
eval “dircolors

alias ls='ls $LS_OPTIONS’
alias ll='ls $LS_OPTIONS -l’
alias l=‘ls $LS_OPTIONS -lA’

Some more alias to avoid making mistakes:

alias rm=‘rm -i’

alias cp=‘cp -i’

alias mv=‘mv -i’

export TMPDIR=$HOME/tmp
export PATH=$HOME/bin:$PATH
export LD_LIBRARY_PATH=$HOME/lib:/usr/local/lib:$LD_LIBRARY_PATH
export CPATH=$HOME/include:/usr/local/include:$CPATH
export LIBRARY_PATH=$HOME/lib:/usr/local/lib:$LIBRARY_PATH

Contents of ~/trbailey.org/cgi-bin/php-wrapper.cgi:

#!/bin/sh
export PHPRC=/home/siggma/trbailey.org/cgi-bin/
exec /dh/cgi-system/php5.cgi $*

See anything I’m missing?

Apache error.log:

[Wed Mar 04 20:48:59 2009] [error] [client 216.99.209.41] /home/siggma/bin/id3v2 : error while loading shared libraries: libid3-3.8.so.3: cannot open shared obje ct file: No such file or directory

Shell session:

[thing]$ id3v2
Usage: id3v2 [OPTION]… [FILE]…
Adds/Modifies/Removes/Views id3v2 tags, modifies/converts/lists id3v1 tags

-h, --help Display this help and exit
-f, --list-frames Display all possible frames for id3v2
-L, --list-genres Lists all id3v1 genres
-v, --version Display version information and exit
-l, --list Lists the tag(s) on the file(s)
-R, --list-rfc822 Lists using an rfc822-style format for output
-d, --delete-v2 Deletes id3v2 tags
-s, --delete-v1 Deletes id3v1 tags
-D, --delete-all Deletes both id3v1 and id3v2 tags
-C, --convert Converts id3v1 tag to id3v2
-1, --id3v1-only Writes only id3v1 tag
-2, --id3v2-only Writes only id3v2 tag
-a, --artist “ARTIST” Set the artist information
-A, --album “ALBUM” Set the album title information
-t, --song “SONG” Set the song title information
-c, --comment “DESCRIPTION”:“COMMENT”:"LANGUAGE"
Set the comment information (both
description and language optional)
-g, --genre num Set the genre number
-y, --year num Set the year
-T, --track num/num Set the track number/(optional) total tracks

You can set the value for any id3v2 frame by using ‘–’ and then frame id
For example:
id3v2 --TIT3 “Monkey!” file.mp3
would set the “Subtitle/Description” frame to “Monkey!”.

[thing]$

And finally the script itself:

[thing]$ php xspfphp.php

<?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="xspf.xsl"?>

ETC…

And the real curiosity:

[thing]$ ~/trbailey.org/cgi-bin/php-wrapper.cgi ~/trbailey.org/music/xspfphp.php
X-Powered-By: PHP/5.2.6/cgi-bin/php-wrapper.cgi ~/trbailey.org/music/xspfphp.php
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="xspf.xsl"?>

… ETC


#18

You only mention having tried some things after the fact.

Your environment is a complete mess. Get rid of it for testing.

  • Rename .bash_profile > .bash_profile.bak

  • Rename .bashrc > .bashrc.bak

  • Rename domain.com/.htaccess > .htaccess.bak

  • If you’re in shell, exit.

Next, setup a sane test:

  • Copy/paste (no customising):

domain.com/phpver.php

<?php echo 'PHP version: ' . phpversion(); ?>domain.com/test_phpenv.php

<?php require_once 'phpver.php'; echo '<br />'; $cmd='php phpver.php'; passthru($cmd); echo '<br />'; $pv='phpver.php'; $p0='php '; $cmd=$p0.$pv; passthru($cmd); ?>- Browse to domain.com/test_phpenv.php

  • Post results.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost