<html>
<head>
<title>Execute a Program</title>
</head>
<body bgcolor=lightyellow>
<h1><center>Execute a Program</center></h1>
<?php
error_reporting(E_ALL^E_WARNING);
if ($_POST) #if data was collected in _POST array
{ #that means it was the 2nd time around
validate();
if ($msg == '') #if no errors
{
exec_data();
}
}
display();
//=============================================================================
function validate()
{
global $command, $msg;
$command = $_POST['command']; #get HTML form entry fields
$msg;
$cmd_error;
if ($command == '') {
$msg = 'error';
$cmd_error = '*';
}
if ($msg == 'error')
$msg = 'Please enter a command to execute!';
}
//===============================================================================
function display()
{
global $command, $output_array, $cmd_error, $msg;
print "<form method=POST> \n"; //no action, therefore itself
print "<fieldset style='width:680px;border-color:gold'> \n";
print "<table bgcolor=eeeeee> \n";
print "<tr>";
print "<td><b>Command <font color=red> $cmd_error </font>";
print " <input type=text name=command size=40 value='$command'>";
print " <input type=submit value='Execute'> \n";
print "<tr>";
print "<td><textarea name=output rows=20 cols=80 readonly>";
foreach ($output_array as $line)
print "$line \n";
print "</textarea> \n";
print "</table> \n";
print "</fieldset> \n";
print "<br><font color=red> $msg </font>";
print "<br/>";
print "</form> \n";
}
//===============================================================================
function exec_data()
{
global $command, $output_array;
$safe_command = escapeshellcmd($command); //escape all malicious characters
// #&;`|*?~<>^()[]{}$\, \x0A \xFF
$out = exec($command, $output_array); //exec command and load array
}
//===============================================================================
?>
<hr/>
<?php include "../include.php"; ?> <!-- hyperlink to see the code -->
</body>
</html>