0

I have a PHP script which does the following

$command = '/usr/bin/python /srv/www/vhosts/someurl.com/html/SftpUpload.py ' .
    $config::SFTP_SERVER . ' ' . $config::SFTP_USER . ' ' . $config::SFTP_PASSWORD . ' ' .
    $downloadZip . ' ' . $config::UPLOAD_LOCATION.$extDetails;
exec($command, $retval);
print_r($retval);

So it essentially executes a Python file passing it certain parameters. The Python file looks like the following

import sys, paramiko

if len(sys.argv) < 5:
    print "args missing"
    sys.exit(1)

print 'Argument List:', str(sys.argv)

hostname = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]
localpath = sys.argv[4]
filepath = sys.argv[5]

port = 22

try:
    transport = paramiko.Transport((host, port))

    # Auth

    transport.connect(username = username, password = password)

    # Go!

    sftp = paramiko.SFTPClient.from_transport(transport)

    # Upload

    sftp.put(localpath, filepath)

finally:
    sftp.close()
    transport.close()

So it is supposed to use the arguments to SFTP a file to a server. At the top, I print out the arguement list just to see what I am getting, and it looks something like this

Array
(
    [0] => Argument List: ['/srv/www/vhosts/someurl.com/html/SftpUpload.py', 'SFTPHostUrl.com', 'someUsername', 'somePassword', 'http://localurl.com/thefile.zip', '/srv/www/vhosts/destinationurl.com/html/thefile.zip']
)

I have tried changing the argv numbers and added one to each one, incase the first argument is the Python file.

Anyways, the file seems to execute but nothing happens. Is there any way I can see some errors or something so I can find out what is wrong, because at the moment I am only seeing the arguement list.

Thanks

Improve this question

1 Answer 1

Reset to default
1

The variable host is not defined when calling transport = paramiko.Transport((host, port)). You most likely ment to use hostname instead. See code below which fixed that issue and added more debug output.

Other than that your script is fine, although what you're doing poses a high security risk since none of the variables is sanitized/validated (path traversals, shell command injections) nor the shellcmd is executed in a safe manner. So keep that in mind if you plan on leaving this script on a productive server with others allowed to call it.

debugging these kind of issues

At first try to call your external script with the exact same parameters passed from your php script and check for exceptions/errors. Since you wrapped the fun part of your script with a try catch silently ignoring all exception you'll not see any errors. Thats the main problem. So either remove the try catch finally block or add more debug output as seen below.

In order to debug this from php you'll have to capture output when executing the command (the modified .py will print errors to stdout):

<?php
$command = '/usr/bin/python /srv/www/vhosts/someurl.com/html/SftpUpload.py ' . $config::SFTP_SERVER . ' ' . $config::SFTP_USER . ' ' . $config::SFTP_PASSWORD . ' ' .  $downloadZip . ' ' . $config::UPLOAD_LOCATION.$extDetails;
$output = shell_exec($command);
echo "<pre>$output</pre>";
?>

add more debugging to your sftp script, catch exceptions and print them as well as check sftp and transport for None before closing them:

import sys, paramiko

if __name__=="__main__":
    if len(sys.argv) < 5:
        print "args missing"
        sys.exit(1)

    print 'Argument List:', str(sys.argv)

    hostname, username, password, localpath, filepath = sys.argv[1:6]
    port = 22
    sftp, transport = None, None
    try:
        print "connecting to: %s"%hostname
        transport = paramiko.Transport((hostname, port))
        print  "Auth"
        transport.connect(username = username, password = password)
        print  "Go!"
        sftp = paramiko.SFTPClient.from_transport(transport)
        print "Upload"
        sftp.put(localpath, filepath)
        print "Upload succeeded"
    except Exception, e:
        print "Exception: %s"%repr(e)
    finally:
        if sftp:
            sftp.close()
        if transport:
            transport.close()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.