#!/usr/bin/perl -w
# ----------------------------------------------------------------------------
# Shell.pl v 1.3   Modified 11/10/00
# Copyright (c) 2000 Jason M. Hinkle. All rights reserved. This script is
# free software; you may redistribute it and/or modify it under the same
# terms as Perl itself. For information: http://www.verysimple.com/scripts/
#
# LEGAL DISCLAIMER: This software is provided as-is.  Use it at your own risk.
# The author takes no responsibility for any damages or losses directly  or 
# indirectly caused by this software.
# ----------------------------------------------------------------------------

# re-route fatal errors
$SIG{__DIE__} = \&CommandFailed;
$SIG{__WARN__} = \&CommandFailed;

#flush the buffer, require modules and create our objects
$|++;
use CGI;
my ($objFormData) = new CGI;
my ($VERSION) = "1.3";
my ($input) = "";

# check for form input
if (defined($objFormData->param("command"))) {
	$input = $objFormData->param("command");
}

# make it look nice
&print_header();
&print_form($input);

# execute the command
if ($objFormData->param) {
	&execute_command($input);
}

&print_footer();
exit;

#______________________________________________________________________________
sub print_form {
	my ($value) = shift || "";
	print "This application executes commands on the server using\n";
	print "the permission level of the web server account.\n";
	print "See the ReadMe file about using this program on Windows servers.\n";
	print "<p>\n";
	print "<form action='" . &CurrentUrl . "' method='post'>\n";
	print "<b>Shell Command:</b><br>\n";
	print "<input type='text' name='command' size='55' value='" . $value . "'>\n";
	print "<input type='submit' value='Execute'>\n";
	print "</form>\n";
}

#______________________________________________________________________________
sub print_header {
	print "Content-type: text/html\n\n";
	print "<html>\n";
	print "<head>\n";
	print "<title>VerySimple Shell Command Processor</title>\n";
	print "</head>\n";
	print "<body link='blue' vlink='blue'>\n";
	print "<font face='arial,helvetica' size='2'>\n";
	print "<table width='100%' bgcolor='\#CDCDCD'><tr><td>\n";
	print "<b>VerySimple Shell Command Processor $VERSION</b>\n";
	print "</td></tr></table>\n";
	print "<p>\n";
}

#______________________________________________________________________________
sub print_footer {
	print "<p><hr><font size='1'>\n";
	print "VerySimple Shell Command Processor: &copy 2000, <a href='http://www.verysimple.com/'>VerySimple</a><br>\n";
	print "A component of the <a href='http://www.verysimple.com/scripts/toolbox.html'>VerySimple Developer Toolbox</a>\n";
	print "</font><p>\n";
	print "</font>\n";
	print "</body>\n";
	print "</html>\n";
}


#______________________________________________________________________________
sub execute_command {
	my $command = shift || "";
	
	if ($command eq "") {
		print "No command submitted\n";
		return 0;
	}
	
	if (defined($ENV{'PATH_TRANSLATED'})) {
		execute_win_command($command);
	} else {
		execute_unix_command($command);
	}
}

#______________________________________________________________________________
sub execute_unix_command {
	my $command = shift || "";

	# redirect error to stdout
	open (STDERR, ">>&STDOUT");
	
	print "<form>\n";
	print "<b>Results:</b><br>\n";
	print "<textarea name='results' rows='10' cols='80' wrap='off'>\n";
    my (@output) = `$command`;
	my ($output) = "";
    foreach $output (@output) {
        print $output;
    }
	print "</textarea></form>\n";

	# attempt to get the username:
	@output = `whoami`;
	print "Username: " . $output[0] . "<br>\n";
	print "Process Id: " . $$ . "<br>\n";
}

#______________________________________________________________________________
sub execute_win_command {
	my $command = shift || "";
	my ($exitcode) = 0;
	my ($wincompath) = $ENV{'COMSPEC'};
	my ($wincom) = substr($wincompath,rindex($wincompath,"\\") + 1);
	
	# check that we were able to locate the command interpreter
	unless (-r $wincompath) {
		&CommandFailed("Win32 command interpreter could not be found.");
		exit;
	}

	# use the win32 libraries for windows servers.
	eval 'use Win32::Process';
	eval 'use Win32';
	print "<form>\n";
	print "<b>Results:</b><br>\n";
	print "<textarea name='results' rows='10' cols='80' wrap='off'>\n";
	Win32::Process::Create($ProcessObj,
	    $wincompath,
	    $wincom . " /c " . $command,
	    0,
	    NORMAL_PRIORITY_CLASS,
	    ".")|| die ErrorReport();
	$ProcessObj->Suspend();
	$ProcessObj->Resume();
	$ProcessObj->Wait(5000);
	$ProcessObj->Kill($exitcode);
	print "</textarea></form>\n";
	print "Username: " . Win32::LoginName() . "<br>\n";
	print "Command Interpreter: " . $wincompath . "<br>\n";
	print "Process Id: " . $ProcessObj->GetProcessID() . "\n";
}

#______________________________________________________________________________
sub ErrorReport{
    print Win32::FormatMessage( Win32::GetLastError() );
}

#______________________________________________________________________________
sub CurrentUrl {
	if (defined($ENV{'SCRIPT_NAME'})) {
		return $ENV{'SCRIPT_NAME'};
	} else {
		return $ENV{REQUEST_URI};
	}
}

#______________________________________________________________________________
sub CommandFailed {
	my ($error) = shift || "Unknown Error";
	if (index($error,"NORMAL_PRIORITY_CLASS",1) > 0) {
		# ignore this warning from the Win32 module.
	} elsif (index($error,"No such file or directory at",1) > 0) {
		print "Command not found.";
	} else {
		print $error;
	}
}