Page 1 of 1

Start Python by PHP over Browser

Posted: Sat Jan 19, 2019 1:03 pm
by gintonik
Hi,

i´m alreday build my photobooth and now i want to do the next step of Engineering.

I´d like to start the Procedure with a Tablet/Smartphone. The most compability was given by using a PHP-Website for controlling the RPI.

That´s what i want to do:
logical_php.jpg
logical_php.jpg (148.01 KiB) Viewed 852 times
Apache + PHP already installed on RPI and still working. The Capture.py already working to.
Now i need a way where i can execute a python-script by click a button/picture at the PHP-Website.

I read something about www-data permissions but everything i tried just ends that my raspian ist broken and have to reflashed by a saved image :roll:

The just thing i want to use i maybe the start.php who start the capture.py with admin-rights, because the rpi is working by ssh with an other pi and take control about them.

Can somebody give me an Example of simple Coding?

Thx....

Re: Start Python by PHP over Browser

Posted: Fri Jan 25, 2019 12:01 pm
by bzt
Hi,
gintonic wrote:Now i need a way where i can execute a python-script by click a button/picture at the PHP-Website.
...
The just thing i want to use i maybe the start.php who start the capture.py with admin-rights
Steps:
1. create a link on the website to (let's say) start.php
2. in that start.php, call your python script and redirect the user to reload the page when it's finished

Code: Select all

<?php
system("sudo -u adminuser /usr/bin/python capture.py");
header("Location: index.php");
3. finally, add www-data to your sudoers file. If capture.py requires root privileges (shouldn't) then you can leave the "-u adminuser" part, otherwise replace "adminuser" with a username which has the required admin-rights to access your camera (the one you use with ssh will do, but I recommend to create a new user).

This is the secure way. You can add the www-data user to the required groups, but that could pose a security risk.

Cheers,
bzt

Re: Start Python by PHP over Browser

Posted: Fri Jan 25, 2019 1:25 pm
by DougieLawson
Adding www-data to sudoers is an exceedingly Bad Idea®, if your website is compromised, then the bad actor owns the whole system with zero extra effort. If you have stuff that really, positively can't run non-privileged use suexec.

Run benign python3 programs on the webserver that communicate with a privileged server (using a private protocol) is a much better design. For gpio the python pigpio and pigpiod stuff is ideal for that (the private protocol is built-in). pigpio is benign and runs as non-privileged, pigpiod runs the privileged stuff (it can even work with a Windows system running python and pigpio).

If it's not gpio, then write your own privileged server that subscribes to an MQTT topic (on Mosquitto) and does whatever's needed when it gets a trigger message. In your web page use MQTT websockets to publish a message for the server (no python needed make it simple by using javascript websockets).