On 01/06/15 18:49, Okupandolared wrote: > Hi, > > I have an web form. > > I need send of webform to script bash > > webform.html --> PHP proces --> create.sh > > create.sh > #!/bin/ksh > # Create user > > echo "hi!! your pass $1" > crypted="$(echo -n "$1" | smtpctl encrypt )" > maildir="$3/$2/" > echo -e "$2@$3" >> recipients > echo -e "$2@$3\t$crypted" >> credentials > echo "ejabberdctl register $2 $3 $1" > echo "INSERT INTO mails (userid, domain, password, maildir) VALUES > ('$2', '$3','$crypted', '$maildir');" | mysql -umyuser -mypass mail; > > example php > <?php > function antiyec($data) { > $data = trim($data); > $data = stripslashes($data); > $data = htmlspecialchars($data); > return $data; > } > $user = antiyec($_POST['user']); > $frase1 = antiyec($_POST['pass']); > $domain = antiyec($_POST['dom']); > > $out = shell_exec('ksh create.sh $frase1 $user $domain'); > echo "<pre>$out</pre>"; > ?> >
Can't tell if trolling or just stupid. > > On 06/01/15 08:50, Gareth Nelson wrote: >> Everyone is missing the bigger picture here: >> >> Why is a PHP script calling the shell? 9 times out of 10, that's a bad idea >> and things should be redesigned so that it's not needed.