phpshell /

Filename Size Date modified Message
162 B
705 B
17.6 KB
4.5 KB
1.9 KB
5.4 KB
203 B
7.3 KB
2.4 KB
1.1 KB
README for PhpShell 1.8
Copyright (C) 2000-2003 Martin Geisler <>
Licensed under the GNU GPL.  See the file COPYING for details.

What is PhpShell?
PhpShell is a shell wrapped in a PHP script.  It's a tool you can use
to execute arbitrary shell-commands or browse the filesystem on your
remote webserver.  This replaces, to a degree, a normal
telnet-connection.  You can use it for transferring your site as a
compressed file, and then unpack it on the webserver, administration
and maintenance of your website using commands like ps, free, du, df

There are some limitations on what kind of programs you can run.  It
won't do no good if you start something like Netscape or even vi.  All
programs have to be strictly command-line programs, and they will have
no chance of getting user input after they have been lunched.  They
probably also have to terminate within 30 seconds, as this is the
default time-limit imposed unto all PHP-scripts, to prevent them from
running in an infinite loop.  Your ISP may have set this time-limit to
something else.

But you can rely on all the normal shell-functionality, like pipes,
output and input redirection, etc...  (There is no <tab>-completion,
though :-)

Safe Mode
If PHP is running in Safe Mode, then you cannot use PhpShell ---
sorry.  Safe Mode restricts the commands that can be executed using
the shell_exec() call in PHP, and it also restricts the files and
directories that can be accessed using other calls in PHP.

The effect is, that PhpShell simply doesn't work --- you cannot
change directory and you cannot execute any commands.

Safe Mode is often used on servers that host several websites for
different users to limit the users ability to peek at each others

Who am I?
(Well, my name is Martin, but that's not the point :-)

You may not be the same user when using PhpShell, as you are when you
upload your files with ftp.  On some systems you will be 'nobody', on
other systems you will become 'httpd' or 'www-data'.  This is a rather
dangerous "feature" of PhpShell! So use it at your own risk --- I
wont be responsible if your account is closed or something like that

If you want to execute code as different user, then it's possible to
do so by using the Sudo program available from this address:

The trick is to configure Sudo to allow the user running the webserver
to execute certain commands as a more privileged user.  Please refer
to the documentation for Sudo for further information about doing

How to use it
When you point your browser at PhpShell and types in your password
(see the file INSTALL for more information on how to change the
password), you'll be presented with a rather simple page.  It has the
following elements:

The Command Input box:
  Here you can type a command, and when you press the "Execute" button
  the command will be executed in the current working directory.

  If your command is 'cd something', then it won't be executed like an
  ordinary command --- the current working directory will be updated
  instead.  This works with both relative and absolute paths.

  And if your command is 'ls', then it will be changed to 'ls -F'.
  This makes ls append indicators to the filenames: directories end with 
  a slash, executable files will end with an asterisk and so on.

The current working directory:
  This is the directory where all command are being executed.  You can
  use the dropdown-box to choose a new working directory.  To quickly
  jump toward the root of the filesystem, just click on one of the
  links to jump to that directory.

The Output
  Here goes the output from your commands.  You will be able to scroll
  thought the box if the output is to large to fit inside.  It is only
  output to stdout that goes into the Output box.  This can be rather
  confusing, because then sometimes you just don't get any output.
  I've made a workaround, that fixes the problem most of the time.  If
  you select "Enable stderr-trapping" your command <cmd> will be
  executed this way:
  <cmd> 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt

  It is done by simply appending the arguments to your command.  It
  redirects all output from your command to a file, both stdout and
  stderr.  It then shows the file, and cleans things up when finished.
  It's quick and dirty, and will only work if you haven't already
  redirected the output.

You can download PhpShell from
The tarball/zipfile contains these files:

  This is the script you run when you use PhpShell.

  This file describe the changes I've made to PhpShell.  By reading
  it you'll always know when I've added a new feature or made a
  bugfix, and the nature of the feature/bugfix.

  This file :-)


  Tells you how to install PhpShell.  Amoung other things, it
  explains how to change the password protection so that you can use

  Remember that it's very important to have PhpShell password
  protected, or else everybody will be able so snoop into your files
  and perhaps also be able to delete them!  I've already seen one site
  that were using PhpShell without password-protection --- I was able
  so quickly find their file from phpMyAdmin, and read
  the password to the database!  So please take the time to protect

  Standard GNU disclaimer