0

I'm making a server manager. I want to add a "kill" command, which would call a php script that would essentially run a shell_exec('kill $arrtext'); and kill the process, thus closing the server down. Here is the part of my script that returns the results and checks to see which servers are running:

<?php
$COMMAND = shell_exec('ps -o command ax | grep skulltag | grep -v grep');
$old = array("skulltag-server", "-port", "-iwad", "-wad", "+exec");
$new   = array("SKULLTAG", "Running on Port", "Using IWAD", "+ PWAD", "with Config");
$COMMAND = str_replace($old, $new, $COMMAND);
$arr = explode("./",$COMMAND);
$text = shell_exec('pgrep -u doom');
$arrtext = preg_split('/\s+/', $text);
 for( $i = 1; $i < count($arr); $i++ ) {
    echo '<div class = "serverborder">';
    echo '<div class = "servertextalign">';
    echo $i,'. PROCESS ID <span style="color: #f00;">',$arrtext[$i],'</span> with server parameters: <span style="color: #777;">',$arr[$i],'</span>';
    echo '</div>';
    echo '</div>';
    echo '<br>';
 }
?>

However, I have no idea how I would add a link or something that would set the proper $arrtext[] variable (depending on which one they picked) and pass it to the PHP script that would kill the server.

The live demo can be found at http://server.oblivionro.net/servers/

Thanks!

Improve this question
3
  • 1
    Oh boy, that's dangerous stuff Commented Sep 22, 2011 at 19:22
  • This is like letting your kid play in traffic Commented Sep 22, 2011 at 19:28
  • I know this is dangerous, which is why I would have a tons of checks. Other providers do similar stuff like this for Ventrilo and other game servers, do they use the same method? What do they do differently? Commented Sep 23, 2011 at 1:44

3 Answers 3

Reset to default
1

Could you try using a shell_exec in another, tiny, script to run that kill script in the command line? Don't use a GET variable. I would rather create a small form for each server in the list and passing it through POST ie. requiring the tiny script that takes hidden POST variables, sending the form action to the same page, and passing the array as a parameter

// In form
echo '<input type="hidden" name="pid" value="'.$arrtext[$i].'"/>';

// In script
$pid = $_POST['pid'];
shell_exec('php -f /location/of/kill_script.php -- -'. $pid)

Where pid is your process ID. Obviously, you should set up your kill script to check that the pid is valid. The benefit of this is that the script's true location can stay hidden and doesn't need even need to be in the www root. You shouldn't need to link the real script directly.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The dirty, dirty (not recommended) way to do it is to have the link go to the script with the command, like:

<a href="killScript.php?p=<?php echo $arrtext[$i]; ?>">KILL</a>

Then in the killScript, you RIGOROUSLY verify that the process they are killing something they're supposed to be killing.

A better way would be to avoid using as powerful a command as "kill", so that someone doesn't go to killScript.php?p=1230 where 1230 is the process number of your Minecraft game or something...

Improve this answer

Comments

0

I am confused why you feel the need to ask since you seem to have a grasp of PHP scripting and already create spans etc with the proper data. it is trivial to construct an anchor tag. The anchor tag might reference a GET variable, which could be the PID. After proper validation such as ensuring the PID references a doom server process (and proper login credentials), the PID can then be used to shell a kill command.

Note that you are potentially opening your server up to allow the world to shut down processes on your server.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.