dragoninasia2014
dragoninasia2014
2014-04-16 10:04

从php中的shell_exec运行sed命令

已采纳

Please help me as I have been trying to get this to work for two days.

I have a text file which has the array to define username and passwords.

$USERS['user'] = 'pass1';

I am trying to make a PHP to change this password

//name - call_pwd.php
$commandline='./change_password ' . $_SESSION["logged"] . " " . $_POST["old_password"] . " " . $_POST["new_password"] 
$output = shell_exec("$commandline");

Here is the bash file I made to change this password. Because I am not good at it I have to use so many variables to make it easily.

#!/bin/bash
#name - change_password
username=`echo "$1"`
old_password=`echo "$2"`
new_password=`echo "$3"`
old_string=`echo "\['$username'\] = '$old_password'"`
new_string=`echo "['$username'] = '$new_password'"`
sed -i "s/${old_string}/${new_string}/" passwords.php
if [ "$?" == 0 ]
then
echo "Password changed Successfully."
else
echo "Could not change password, try again."
fi

When I run this script from the root prompt it works fine and changes the password. But from PHP it won't work. It keeps giving me the message "Could not change password, try again."

As I read " and ' needs to be escaped if you want to use sed with php and I tried that with

sed -i \"s/${old_string}/${new_string}/\" passwords.php
sed -i \""s/${old_string}/${new_string}/\"" passwords.php

The permissions on passwords.php is full permission for all users. I have also tried putting absolute paths everywhere but that also didn't work.

The $output variable on my call_pwd.php comes out as when I echo $commandline $old_string and $new_string

change_password user pass1 pass2

\['user'\] = 'pass1'
['user'] = 'pass2'
Could not change password, try again. 

Please help me. Thanks. Apologies for such a long post.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • drny20290570 drny20290570 7年前

    Why are you doing it this way? You could do everything in PHP with [un]serialize() and file_[put/get]_contents().

    $ php -r '
        $USERS = [ "user" => "pass1" ];
        file_put_contents("passwords.php", serialize($USERS));'
    $ cat passwords.php; 
    a:1:{s:4:"user";s:5:"pass1";}
    $ php -r '
        $USERS = unserialize(file_get_contents("passwords.php"));
        $USERS["user"] = "newpass";
        file_put_contents("passwords.php", serialize($USERS));'
    $ cat passwords.php
    a:1:{s:4:"user";s:7:"newpass";}
    

    I won't make any comment on the security implications of doing this, but if you want to simply change some values in a text file when you are already using PHP, why not just use PHP?

    点赞 评论 复制链接分享