After a long period of development of PHP, many users know PHP very well. Here I will express my personal understanding and discuss with you. Mostly I use exec() commands and data arrays for everything. Or use shell_exec() for simpler commands, especially if you don't care about the results. If I just need to return a PHP shell script, I use passthru(). Often I use different functions on different occasions, and sometimes they are interchangeable.
For example, a user with appropriate permissions in your application (such as admin rights) wants to send 50 PDF files from one server to another. The user then needs to navigate to the correct location in the application, click Transfer, select the PDF that needs to be sent, and click Submit. Along the way, the form should have a PHP script that runs the rsync script via passthru() using the return options variable as shown below.
Listing 1. Sample PHP script to run rsync script via passthru()
<ol class="dp-xml"><li class="alt"><span><span class="tag"><?</SPAN><SPAN class=tag-name>php</SPAN><SPAN> </SPAN></SPAN><LI class=""><SPAN>passthru('xfer_rsync.sh',$returnvalue); </SPAN><LI class=alt><SPAN> </SPAN><LI class=""><SPAN>if ($returnvalue != 0){ </SPAN><LI class=alt><SPAN>//we have a problem! </SPAN><LI class=""><SPAN>//add error code here </SPAN><LI class=alt><SPAN>}else{ </SPAN><LI class=""><SPAN>//we are okay </SPAN><LI class=alt><SPAN>//redirect to some other page </SPAN><LI class=""><SPAN>} </SPAN><LI class=alt><SPAN></SPAN><SPAN class=tag>?></span><span> </span></span></li></ol>
If your application needs to list processes or files, or data about those processes or files, You can easily accomplish this using one of the commands summarized in this article. For example, a simple grep command can help you find files that match specific search criteria. Using it with the exec() command saves the results into an array, which allows you to build an HTML table or form, which in turn allows you to run other commands.
So far, I've discussed user-generated events - whenever the user presses a button or clicks a link, PHP runs the corresponding script. You can also use standalone PHP scripts with cron or other schedulers to achieve some interesting effects. For example, if you have a backup script, you can run it via cron, or package it into a PHP script and run it. Why do you do this? It seems redundant, doesn't it? Not so - you need to think of it this way, you can run the backup script via exec() or passthru() and then perform some behavior based on the return code. If an error occurs, you can log it to the error log or database, or send a warning email. If the script succeeds, you can dump the raw output to a database (for example, rsync has a verbose mode, which is useful for diagnosing problems later).
Security
Let’s briefly discuss security here: If you accept user input and pass the information to the shell, it’s a good idea to filter the user input. Remove commands you consider harmful and disallowed, such as sudo (run as superuser) or rm (remove). In fact, you probably don't want the user to send an open request, but instead let them choose from a list.
For example, if you run a transfer program that accepts a list of files as an argument, you should list all the files via a series of checkboxes. Users can select and deselect files and activate the rsync shell script by clicking Submit. Users cannot enter files themselves or use regular expressions.