I have a way to run client side server status without shell_exec. Interested?

[durangod]

Im working on a little project here to bypass the need to have shell_exec to be able to display server load and uptime on the client side server status.

 

The rule has been that you must have shell_exec enabled to be able to do this on the client side of whmcs, but i have found a way that you dont need to do that. I have most of the process built and i have my server data stored in my own php file variables so i know this will work.

 

The only thing i need to do is get the session vars set so i can pull the data from the tpl file and then its perfect.

 

This will allow everyone to disable their shell_exec again to secure their system. shell_exec is disabled by default and is normally safe as long as you dont use it with user input. There is no user input as it is now, they just click a link.

 

But wouldnt you rather be able to just disable shell_exec as it was in the beginning and not worry about the security of it?

 

 

I have posted my suggestion in a ticket to whmcs and I will share what i have done here if anyone is interested...

Edited January 10, 2013 by durangod

[WHMCS JamesX]

exec isn't used to get the load; file_get_contents is utilized. Uptime should work without exec as well, using file_get_contents instead. I've never had an issue with the server status script as-it-is out-of-the-box with exec disabled.

Edited January 10, 2013 by WHMCS JamesX

[durangod]

James your a lucky one then, cause i have a ticket open and they till me i must have it enabled to show server load and uptime on the client side. My admin side works fine, its the client side im talking about. And its in the forum posts as well that on client side you must have shell_exec enabled. So your a lucky lucky man, bless you

[WHMCS JamesX]

You can open the status script yourself to see about what I'd said. I'm not sure exactly who told you that, but it's not entirely accurate. The client-side serverstatus.php page calls out to the status script as defined within your server configuration within WHMCS using cURL and fsockopen; not exec... Unless something's drastically changed since I last spoke with Matt about this. But, it's still working just fine for me with the exec family disabled.

Edited January 10, 2013 by WHMCS JamesX

[durangod]

here is the ticket text from Don R.

 

 

Hello,

 

Please first ensure the following:

 

- The status folder has been uploaded to the server in question

- Status URL for the server under Setup > Products/Services > Servers points to the correct server and contains a / at the end

- The exec and shell_exec functions have not been disabled in the disable_functions setting in the php.ini configuration file on the server in question.

 

In order for these values to be obtained, the status folder that you uploaded to every server has to be able to execute the PHP functions exec and shell_exec on that server - so please check that these have been enabled on the servers which you are trying to return the status for.

 

The status script is source viewable so you can see the functions required, and the alternatives if the main function is not available. I've attached it here for you just to ensure you have the correct file.

 

For the ports, the check is done using the IP address defined on the server in Setup -> Products/Services -> Servers and then the default ports are 21, 80 & 3306, but you can customise this by editing the serverstatus.tpl file in your active template directory.

 

If you have any other questions or still have trouble, please let us know and we will be more than happy to further assist you!

 

Regards,

 

Don R.

WHMCS Support Staff Member

 

 

 

And then another reply from Don

 

 

 

Hello,

 

Ok, no problem. If your host does decide to enable this feature for you then your server status should work properly.

 

Also, Attached is the requested dbconnect file.

 

If you have any other questions, please let us know.

 

Regards,

 

Don R.

WHMCS Support Staff Member

Edited January 10, 2013 by durangod

[WHMCS JamesX]

Client-side or admin-side, it makes no difference... They both call out to the server status script that you upload to the server itself.

 

Open up the /status/index.php file and have a look at it; it's not encoded so you can see what I'm saying for yourself. While it's true that exec functions will be used if available, file_get_contents will be used if they aren't.

 

I have a lot of PHP functions (including the exec family) disabled on most servers and the status script works alright without them. The individual port checks though, use fsockopen from your WHMCS installation to the remote server's IP address.

 

With that said, I'm going to assume that you have some sort of issue. What's the specific problem that you're having?

Edited January 10, 2013 by WHMCS JamesX

[durangod]

Thanks, im starting to get the impression that i have been sent on a wild goose chase my tech support if so i promise them they will not be happy with me.

 

Any way thanks for offering to help. The specific issue is that the load and uptime do not display on the client side, everything display perfect on the admin side, but the client side the two items have no data (uptime and load)

 

So after taking days reading and finding forum threads covering the issue i finally did a ticket, and that is what i was told to have that enabled.

 

So what i did to try to solve the issue was i built a php file that uses ajax to grab the info and put it in my own php vars, then i passed that to the session and passed that to the tpl file. I could have just done this using their file but i thought what if they decide to encrypt their file one day, so myprocess is totally outside their file but it does use the output..

 

If you want to see what i did ill show you... But if we can get this fixed without that, then thats great too.

Edited January 10, 2013 by durangod

[WHMCS JamesX]

Feel free to reference my replies in this thread within your ticket if you like.

 

You can also have a look at modules/widgets/network_status.php as it's not encoded either. You'll find the same there, cURL and fsockopen are used to call out to the remote server for the admin-side the same as with the client-side page. If it works for one, it should for both; they both get their stats using the same methods...

 

• cURL to the remote status script to get the load, uptime, etc.
  
• fsockopen to the server's IP to get the individual port status.
  

Edited January 10, 2013 by WHMCS JamesX

[durangod]

Ok thanks ill check it out appreciate that. I will keep my php script handy just in case something has changed and i have to have it in the end. But ill check out the module and see whats going on and do some testing.. thanks so much...

 

If i have to use my script ill be back cause im trying to learn how to grab the session data from in the tpl files, i know how to normally but i think its different in the tpl files, but whatever the outcome i will update this thread thanks...

[durangod]

I just looked at the module file and your right, but im wondering if you have a dif version than me because my status index file on the client side is differnent and i got this file right from tech support.

 

here is the bottom half where it gets the data.

 

$load = file_get_contents("/proc/loadavg");
$load = explode(' ',$load);
$load = $load[0];

      if (!$load && function_exists('exec')) 
      {
$reguptime=trim(exec("uptime"));

if ($reguptime)
        {
          if (preg_match("/, *(\d) (users?), .*: (.*), (.*), (.*)/",$reguptime,$uptime))
           {
           $load = $uptime[3];
            }//close if
         }//close if reguptime

      }//close if !load

$uptime_text = file_get_contents("/proc/uptime");
$uptime = substr($uptime_text,0,strpos($uptime_text," "));
if (!$uptime && function_exists('shell_exec')) $uptime = shell_exec("cut -d. -f1 /proc/uptime");
$days = floor($uptime/60/60/24);
       $hours = str_pad($uptime/60/60%24,2,"0",STR_PAD_LEFT);
$mins = str_pad($uptime/60%60,2,"0",STR_PAD_LEFT);
$secs = str_pad($uptime%60,2,"0",STR_PAD_LEFT);

$phpver = phpversion();
$mysqlver = (function_exists("mysql_get_client_info")) ? mysql_get_client_info() : '-';
$zendver = (function_exists("zend_version")) ? zend_version() : '-';

       echo "<load>$load </load>\n";
echo "<uptime>$days Days $hours:$mins:$secs</uptime>\n";
echo "<phpver>$phpver</phpver>\n";
echo "<mysqlver>$mysqlver</mysqlver>\n";
echo "<zendver>$zendver</zendver>\n";
    }//close else

?>

[WHMCS JamesX]

I'm using the one from the v5.1.2 download in the client area. What you have there looks correct; the layout is a little different with comments where I don't have them. However, the code looks right though.

 

Both the admin-side widget and the client-area page call out to it and the server the same way; pulling the same information. So, if the status script is returning results for one and being displayed, it should for both.

 

The status script returns the same data, regardless of whether the admin widget, client page, or you open it direct in your Web browser.

Edited January 10, 2013 by WHMCS JamesX

[durangod]

yeah because it displays to the page on the client side just fine when i run it form the url. So maybe its the serverstatus tpl thats the issue.

[durangod]

yep ill be a son of a gun , by mistake i opened up the portal template by mistake and i was like wait whats this file its totally different. Then i realized i opened up the default portal template instead of my custom template file. so i copied the code over to my file and whala there is the data.

 

un freaken believable 3 days worken on this... im so ticked off at tech support right now i could just catch on fire..

 

i guess when i recently updated to 512 then to 513 i didnt update my tempate files.

 

So this is my first time updating this beast, how do i update my tpl files, just copy all of them over or just start with this one and leave it at that.. Now i have no clue where im at on my update...

[WHMCS JamesX]

Possibly, but given the fact that it works just fine for your admin widget and when opening the status script directly in your Web browser, it's definitely not an issue with exec family functions being disabled. If it were, the script would fail regardless of how you called it. The status script doesn't give a damn who or what's calling it, it will return the same data regardless.

 

 

__ EDIT __

 

I'm glad to see that you've got it working now at least.

Edited January 10, 2013 by WHMCS JamesX

[durangod]

That was the issue, i think i commented at the same time as you lol, read my prev comment

[durangod]

James thank you soooooooooooo much, above and beyond do not even begin to cover your performance tonight. Really appreciate your help...

 

You can be assured that tech support is going to get a not so nice little letter from me for costing me 3 days of my time for nothing, they just gave me the first thing that came to mind as an answer and they never even really asked any questions or really gave a hoot. They def did not dig when they should have. I guess they are so busy in the limelight with cPanel and stuff they have lost touch with us. At least thats how i feel.

 

Anyhooo, thanks again awesome job james

[WHMCS JamesX]

James thank you soooooooooooo much, above and beyond do not even begin to cover your performance tonight. Really appreciate your help...

Your welcome. I'm glad to have been able to help you to get it sorted out.