{"id":5301,"date":"2026-02-26T19:07:34","date_gmt":"2026-02-26T19:07:34","guid":{"rendered":"https:\/\/ibex.tech\/cloud\/?p=5301"},"modified":"2026-02-26T19:08:49","modified_gmt":"2026-02-26T19:08:49","slug":"issuing-commands-from-web-pages","status":"publish","type":"post","link":"https:\/\/ibex.tech\/cloud\/php\/console\/issuing-commands-from-web-pages","title":{"rendered":"Issuing Commands From Web Pages"},"content":{"rendered":"\n

You can issue commands using the PHP system() function.<\/p>\n\n\n\n

Examples:<\/p>\n\n\n\n

\/\/Echo some system status:\n\techo '<pre>';\n\tsystem('netstat -a');\n\techo '<\/pre>';\n\/\/Run an executable file:\n\techo '<pre>';\n\tsystem(\"sudo \/home\/pi\/projects\/my_project.a\");\t\t\/\/system() will echo the output of the executable, use shell_exec() instead if you don't want this\n\techo '<\/pre>';<\/code><\/pre>\n\n\n\n
WARNING!! When allowing user-supplied data to be passed use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.<\/em><\/strong><\/p>\n\n\n\n
system()<\/p>\n\n\n\n
Also echo’s the output of the command to the web page<\/p>\n\n\n\n
shell_exec()<\/p>\n\n\n\n
Does not echo the output of the command and returns you all of the output<\/p>\n\n\n\n
exec()<\/p>\n\n\n\n
Does not echo the output of the command but returns only the last line of any output<\/p>\n\n\n\n
If it doesn’t work<\/p>\n\n\n\n
Try adding this to the end of your command: 2>&1
For example: sudo fping -c1 -t750 192.168.1.1 2>&1
This will cause error text to be returned<\/p>\n\n\n\n
Issuing commands in the background<\/p>\n\n\n\n
You can’t just add the ‘&’ character to the end of commands In PHP, because all calls are always waiting for the command to return.  There’s a good post in the issue here: http:\/\/phaq.phunsites.net\/2012\/01\/18\/run-command-in-background-from-php\/<\/a><\/p>\n\n\n\n
To fix it you need to direct the console output to a file instead and just adding this to the end of a command will do that:  > \/dev\/null 2>&1 & echo $!<\/p>\n\n\n\n
The following example issues a reboot command after a 2 second delay (you need to add the command to sudoeres for it to work \u2013 see below) and does it in the background so that the page is loaded before the reboot is actioned:<\/p>\n\n\n\n
<?php\n\t\/\/----- DO THE REBOOT -----\n\t\t\/\/THIS SUDO COMMAND HAS AUTHORISED FOR APACHE TO USE IN THE FILE: sudo nano \/etc\/sudoers\n\t\t\/\/\t# Special for this system - let apache run exes we use in the web interface\n\t\t\/\/\twww-data ALL=NOPASSWD: \/sbin\/reboot\n\techo '<pre>';\n\tsystem(\"(sleep 2 ; sudo \/sbin\/reboot ) > \/dev\/null 2>&1 & echo $!\");\n\techo '<\/pre>';\n?><\/code><\/pre>\n\n\n\n
Issuing sudo commands<\/h5>\n\n\n\n
Apache will typically run using account www-data and this account is not permitted to use sudo.  If you need to use sudo you need to enable this, but you don’t want to simply give www-data global sudo access. If a malicious script is uploaded to your web server and gets executed this opens a massive security risk. The more secure approach is to restrict it to only the commands that you actually use in your own scripts.<\/p>\n\n\n\n
You can use this command to open the sudoers file:<\/p>\n\n\n\n
sudo nano \/etc\/sudoers<\/code><\/pre>\n\n\n\n
BE VERY CAREFUL TO COPY THIS FILE BEFORE YOU CHANGE IT \u2013 IF YOU MAKE AN ERROR YOU CAN STOP YOURSELF BEING ABLE TO OPEN THE FILE USING SUDO (changes to it are instant)!<\/p>\n\n\n\n
An example enabling it to run a single executible, add this to the end of the file:<\/p>\n\n\n\n
www-data ALL=NOPASSWD: \/home\/pi\/some_executable_name<\/code><\/pre>\n\n\n\n
An example enabling it to run several different executables, add this to the end of the file:<\/p>\n\n\n\n
www-data ALL=NOPASSWD: \/home\/pi\/some_executable_name, \/home\/pi\/some_executable_name some_option, \/home\/pi\/some_other_executable_name<\/code><\/pre>\n\n\n\n
Passing $_POST Data To A Running Application<\/h5>\n\n\n\n
There is a really useful way of using the PHP system function to pass data to a running application on your RPi (e.g. your own application doing something with the IO) if you create a FIFO within it<\/a>.  Then you can use use a web page like this to pass it data from a form or $_POST input:<\/p>\n\n\n\n
-<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd\">\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=utf-8\" \/>\n<title>My Page<\/title>\n<\/head>\n<body>\n<?php\n\tif ($_POST['Command'])\n\t{\n\t\t$Command = trim($_POST['Command']);\n\t\techo \"Command received: $Command<br \/>\";\n\t\tsystem(\"sudo sh -c 'echo \\\"\". escapeshellarg($Command) . \"\\\" > \/tmp\/my_fifo'\");\n\t}\n?>\n\n<div align=\"center\">\n  <form id=\"form1\" name=\"form1\" method=\"post\" action=\"\">\n    <p>\n      <label for=\"Command\">Command:<\/label>\n      <input type=\"text\" name=\"Command\" id=\"Command\" size=\"80\" \/>\n      <input type=\"submit\" name=\"Send\" id=\"Send\" value=\"Send\" \/>\n    <\/p>\n  <\/form>\n<\/div>\n<\/body>\n<\/html><\/code><\/pre>\n\n\n\n
Escaping user supplied data \u2013 IMPORTANT!<\/h5>\n\n\n\n
When allowing user-supplied data to be passed to the system() function, ensure you use escapeshellarg() or escapeshellcmd() so that users can’t trick the system into executing arbitrary commands.<\/p>\n\n\n\n
Confirming which user apache is running as<\/h4>\n\n\n\n
<?php\necho exec('whoami');\n?><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
You can issue commands using the PHP system() function. Examples: WARNING!! When allowing user-supplied data to be passed use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands. system() Also echo’s the output of the command to the web page shell_exec() Does not echo the output of the command and returns you […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[143],"tags":[],"class_list":["post-5301","post","type-post","status-publish","format-standard","hentry","category-console"],"_links":{"self":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/5301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/comments?post=5301"}],"version-history":[{"count":1,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/5301\/revisions"}],"predecessor-version":[{"id":5302,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/5301\/revisions\/5302"}],"wp:attachment":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/media?parent=5301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/categories?post=5301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/tags?post=5301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}