• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

E-Mail Register shell_exec PHP Script

M

MailServiceFree

New Pleskian
Dear PP community,

I want to create a free e-mail service.
I'm using a vServer with 200gb (for the first time) on Debian 6 with Parallels Plesk 11 backend.

Now I just want a simple php script which is for guests to register a new mail (for themselves).

I've asked a good programming friend if he could help me, so he did.

He has written a script like this:

Code: 
<form method="post" action="">
<input type='hidden' name='submitted' id='submitted' value='1'/>


<label for='email' >Email Address:</label>
<input type='text' name='email' id='email' maxlength="50" />
<br> 
<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" />
<input type="submit" name="submit" value="Submit" />


</form>


<?
function sanitize($data) {
$data = strip_tags(trim($data));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}




if(isset($_POST['email'])){
// STRIP OUT ANY UNWANTED STUFF
$_POST['email'] = sanitize($_POST['email']);
$_POST['password'] = sanitize($_POST['password']);




if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$email = $_POST['email'];
} else {
echo "Invalid email<br>";
$_POST['email'] = null;
return;
}


$password = $_POST['password'];




shell_exec ("/usr/local/psa/bin/./mail --create $email -passwd $password -mailbox true");
echo "Your account '$email' has been setup with password '$password'";
}


?>

Looks like it would work, I've tested it, but the shell_exec doesn't work correctly. (index.php permissions are at 755)
I have just this file as index.php I don't need more for the first time, I'll code the other stuff when the index.php works fine.

I've read a bit about Plesk and the creation of mails.
They have written, that shell_exec is disabled in Plesk by default and I have to activate it.

I don't know how and where I can do that.. do you know a solution?

PLEASE ANSWER IF YOU NOW THE SOLUTION...

And no, I won't use XML because I don't know how to work with it.

Thanks in advance!!
 
The shell_exec will not work because it is executed as the webserver user. Obviously that user has no permissions to alter Plesk settings and/or create mailaccounts. Otherwise _everyone_ on a shared server could adjust/change/modify server settings. CLI commands only work as root. You will either need to run sudo, so this is executed as root. But I would recommend using Plesk API/XML as it is much more secure.

shell_exec() is bad practice.
 
You must log in or register to reply here.

Similar threads

C
Issue 38080 connection refused, plesk FW setup
Replies
1
Views
441
chester_e
C
C
Question Trying to make my own login page which ive made, now i just need to link it to the plesk admin login thing.
Replies
0
Views
606
Cjshost
C
A
Resolved 503 Error on submission of API call, still works though...
Replies
16
Views
3K
ajtaylordev
A
D4NY
Issue Outgoing mail queue, how to find the source of the spam?
Replies
19
Views
4K
mow
M
A
Resolved Need help adding a customer with a service plan using with REST Api/CLI method
Replies
1
Views
2K
ajtaylordev
A
Back
Top