I'm currently trying to get a input box with a submit button that puts the command into a string and executes it on a detached screen. Currently I have the following:


    <form id="commandForm" method="post" action="command.php">
        <input type="text" name="command" />
        <input name="sendCommand" id="sendCommand" type="submit" value="Send" />



    shell_exec(screen -S minecraft -p 0 -X stuff "$_'command'$(printf \\r)")


In the screen command $_'command' is the text from the text box in the index page.

I'm missing some stuff in my PHP and I've spent quite a while looking and reading but I do not understand.
Is there any chance someone could help me out wih this one please?

Also I understand the security implications of shell_exec, this page will be hidden behind a login screen.

2 Years
Discussion Span
Last Post by cereal

can you try something like this ?

$command = 'put all command here';


if you want it to work in the background, then you can do something like this

shell_exec(" $command > /dev/null ");

Try also:


    $input    = "ls -lh";
    $command  = escapeshellcmd($input);
    $command .= '^M';

    shell_exec("screen -X stuff '$command'");

If the "stuff" screen is attached you should see the execution of the command.

But keep in mind this is really unsafe action, depending on configuration it can run with webserver privileges. It should be better to perform a regular expression to match the input with a precompiled list of allowed commands and parse the supported arguments for each command, through an array... A good library for this can be Console from Symfony framework:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.