Code: Select all
<?PHP
$pwmValue=$_POST["pwmValue"];
exec("mode COM4 BAUD=9600 PARITY=N data=8 stop=1 xon=off");
$fp = fopen("com4", "w");
if (!$fp) {
echo "Not open";
}else {
fwrite($fp, $pwmValue);
fclose($fp);
}
?>
Code: Select all
<?
if ($mode == 'submit') {
//grab posted data (save to var)
$drinkRecipe = $_POST['selectedDrink'];
//set-up com port
exec("mode /dev/ttyACM0 BAUD=9600 PARITY=N data=8 stop=1 xon=off");
//saw this on several RPi posts? (but not sure of the difference? or why one would be used over the other?)
//stty -F /dev/ttyACM0 cs8 9600 ignbrk -brkint -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke noflsh -ixon -crtscts
//open serial port
$fp = fopen("/dev/ttyACM0", "w+"); //w = write w+ = read/write
//check if open
if (!$fp) {
echo "Not open";
//die();
} else {
//if open send data (via PHP) to connected Arduino on serial comm port 1 (ttyACM0)
fwrite($fp, '<' . $drinkRecipe . '>');
//arduino takes serial data, parsed it.. does it duty,
//and is supposed to reply back via serial to the awaiting (listening)
//PHP script executed via AJAX, since the front end needs to display
//a 'waiting' type message.. and the callback 'success' will
//re-direct back to menu/initial state
?>
<script type="text/JavaScript" language="JavaScript">
$.ajax({
//async: false,
//type: "POST",
url: "serial_listener.php",
//define success handler actions
success: function(response) {
//alert("PHP RETURN CHECK: "+response);
if($.trim(response) == 'complete'){
alert("Drink making is complete... return to main menu");
//do redirect here
}else{
alert("Some value other than 'complete' was returned... look into it!");
//not sure what to do? (back to main menu anyways?)
}
},
//define error handler actions
error: function(response) {
alert("PHP SERIAL READ FAIL: "+ 'Ready State: '+ response.readyState + ' Status: ' + response.status);
}
});
</script>
<?
//close connection
fclose($fp); //needed? //should this go in the external php script instead now?
}
}
Code: Select all
if ($mode == 'submit') {
//grab posted data (save to var)
$drinkRecipe = $_POST['selectedDrink'];
//set-up com port
exec("mode /dev/ttyACM0 BAUD=9600 PARITY=N data=8 stop=1 xon=off");
//saw this on several RPi posts? (but not sure of the difference? or why one would be used over the other?)
//stty -F /dev/ttyACM0 cs8 9600 ignbrk -brkint -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke noflsh -ixon -crtscts
//open serial port
$fp = fopen("/dev/ttyACM0", "w+"); //w = write w+ = read/write
//check if open
if (!$fp) {
echo "Not open";
//die();
} else {
//if open send data (via PHP) to connected Arduino on serial comm port 1 (ttyACM0)
fwrite($fp, '<' . $drinkRecipe . '>');
//arduino takes serial data, parsed it.. does it duty,
//and is supposed to reply back via serial to the awaiting (listening)
//PHP script executed via AJAX, since the front end needs to display
//a 'waiting' type message.. and the callback 'success' will
//re-direct back to menu/initial state
?>
<script type="text/JavaScript" language="JavaScript">
$.ajax({
//async: false,
//type: "POST",
url: "serial_listener.php",
//define success handler actions
success: function(response) {
//alert("PHP RETURN CHECK: "+response);
if($.trim(response) == 'complete'){
alert("Drink making is complete... return to main menu");
//do redirect here
}else{
alert("Some value other than 'complete' was returned... look into it!");
//not sure what to do? (back to main menu anyways?)
}
},
//define error handler actions
error: function(response) {
alert("PHP SERIAL READ FAIL: "+ 'Ready State: '+ response.readyState + ' Status: ' + response.status);
}
});
</script>
<?
//close connection
fclose($fp); //needed? //should this go in the external php script instead now?
}
}
Code: Select all
//set-up com port
exec("mode /dev/ttyACM0 BAUD=9600 PARITY=N data=8 stop=1 xon=off");
//open serial port
$fp = fopen("/dev/ttyACM0", "w+"); //w = write w+ = read/write
//check if open
if (!$fp) {
echo "Not open";
//die();
} else {
while(!feof($fp)){
$response = fread($fp, 10);
}
echo $response;
fclose($fp);
}
Code: Select all
error: function(response) {
alert("PHP SERIAL READ FAIL: "+ 'Ready State: '+ response.readyState + ' Status: ' + response.status);
}
Code: Select all
exec("mode /dev/ttyACM0 BAUD=9600 PARITY=N data=8 stop=1 xon=off");
Code: Select all
stty -F /dev/ttyACM0 cs8 9600 ignbrk -brkint -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke noflsh -ixon -crtscts
Code: Select all
$responseValue = "";
do{
$incomingChar = fread($fp, 1);
$responseValue .= $incomingChar;
}while(strlen($responseValue) < 1);
echo $responseValue;
Code: Select all
if ($mode == 'submit') {
//grab posted data (save to var)
$drinkRecipe = $_POST['selectedDrink'];
?>
<div id="waitingContainer">
<p>Please wait, your brink is being made.</p>
</div>
<script type="text/JavaScript" language="JavaScript">
console.log("ajax routine hit");
//var drinkRecipe = "<?php echo $drinkRecipe ?>";
var drinkRecipe = "<?=$drinkRecipe?>";
var xhr = $.ajax({
//async: false,
type: "POST",
url: "serial_listener.php",
//datatype: "html",
datatype: "text",
data:({"drinkData":drinkRecipe}),
//define success handler actions
success:function(response) {
//alert("PHP RETURN CHECK: "+response);
if($.trim(response) == 'complete'){
console.log("Drink making is complete... return to main menu");
//do redirect here
}else{
console.log("Some value other than 'complete' was returned... look into it!");
console.log("RESPONSE SENT WAS: " + response);
//not sure what to do? (back to main menu anyways?)
}
//kill the request
xhr.abort();
},
//define error handler actions
error: function(response) {
console.log("PHP SERIAL READ FAIL: "+ 'Ready State: '+ response.readyState + ' Status: ' + response.status);
//kill the request
xhr.abort();
}
});
</script>
<?
}
Code: Select all
$drinkData = $_POST['drinkData'];
//open serial port
$fp = fopen("/dev/ttyACM0", "w+"); //w = write w+ = read/write
//$fp = fopen("/dev/ttyUSB0", "w+"); //w = write w+ = read/write //tried with USB-TTL cable too.. couldnt even send data)
//check if open
if (!$fp) {
echo "Not open";
//die();
} else {
if($drinkData != ''){
//send drink data
fwrite($fp, '<' . $drinkData . '>');
//wait for response
$chars = "";
do{
$char = fread($fp, 1);
$chars .= $char;
}while(strlen($char) < 1);
echo $char;
}else{
echo 'drink recipe is empty';
}
}
Do that and EVERYTHING that can access your web server owns your machine and all the machines on your LAN behind it.
I admire your tenacity. Hopefully you have not been waiting because there are tons of tutorials and blogs on the net about setting up Apache and HHP and setting permissions etc.Waiting for 2+ months for some sort of 'solid' direction/help... I had no other choice to keep the project moving forward.
As I've mentioned before, never change the group and permissions on a device file. Devfs is generated, and your modifications are good as last year's snow.
Code: Select all
$ ls -la /dev | grep tty
...
crw--w---- 1 root tty 4, 0 Nov 10 11:48 tty0
crw------- 1 user tty 4, 1 Nov 10 11:48 tty1
...
Code: Select all
$ groups user
user
Code: Select all
$ sudo adduser user tty
Code: Select all
$ groups user
user tty
Code: Select all
$ echo "How do you doin, mate?" >/dev/tty0
"echo" is a command. You enter commands in a terminal** I also was a bit unclear as to WHY the echo needed to be run in terminal/Putty?
"echo "www-data ALL=NOPASSWD: ALL" | sudo tee -a /etc/sudoers"
if I didnt have the ECHO in there.. it didnt work.![]()
Code: Select all
echo "www-data ALL=NOPASSWD:ALL" >>/etc/sudoers
Code: Select all
sudo /bin/bash -c "echo \"www-data ALL=NOPASSWD:ALL\" >>/etc/sudoers"
I'd dispute there's nothing wrong in that except that it opens your webserver as a massive security hole and a vector for the bad actors to get root access. Once they have root access to your Raspberry they own your whole LAN and every device connected to it.bzt wrote: ↑Sat Nov 10, 2018 12:39 pmwhich has exactly the same effect. But since you need superuser privileges, you need sudo, and the ">>" append operator would redirect sudo's output and not the echo's output. For that, you'd needCode: Select all
echo "www-data ALL=NOPASSWD:ALL" >>/etc/sudoers
Whoever wrote that tee soultion though it's simpler to give root permission to tee, and he was right.Code: Select all
sudo /bin/bash -c "echo \"www-data ALL=NOPASSWD:ALL\" >>/etc/sudoers"
Now what's wrong with this. This allows the www-data user to run ANYTHING as supervisor without any authentication. Because your webscript is running under the user "www-data", that means even the slightest issue in your code opens up your ENTIRE system to an attacker without any restrictions.
Code: Select all
crw-rw-rw- 1 root tty 5, 2 Nov 10 08:19 ptmx
lrwxrwxrwx 1 root root 7 Oct 8 22:17 serial1 -> ttyAMA0
crw-rw---- 1 root dialout 166, 0 Oct 8 22:17 ttyACM0
crw-rw---- 1 root dialout 204, 64 Oct 9 07:07 ttyAMA0
crw-rw-rw- 1 root tty 5, 0 Oct 8 22:17 tty
crw--w---- 1 root tty 4, 0 Oct 8 22:17 tty0
crw--w---- 1 root tty 4, 1 Oct 9 07:07 tty1
crw--w---- 1 root tty 4, 10 Oct 8 22:17 tty10
crw--w---- 1 root tty 4, 11 Oct 8 22:17 tty11
crw--w---- 1 root tty 4, 12 Oct 8 22:17 tty12
crw--w---- 1 root tty 4, 13 Oct 8 22:17 tty13
crw--w---- 1 root tty 4, 14 Oct 8 22:17 tty14
crw--w---- 1 root tty 4, 15 Oct 8 22:17 tty15
crw--w---- 1 root tty 4, 16 Oct 8 22:17 tty16
crw--w---- 1 root tty 4, 17 Oct 8 22:17 tty17
crw--w---- 1 root tty 4, 18 Oct 8 22:17 tty18
crw--w---- 1 root tty 4, 19 Oct 8 22:17 tty19
crw--w---- 1 root tty 4, 2 Oct 8 22:17 tty2
crw--w---- 1 root tty 4, 20 Oct 8 22:17 tty20
crw--w---- 1 root tty 4, 21 Oct 8 22:17 tty21
crw--w---- 1 root tty 4, 22 Oct 8 22:17 tty22
crw--w---- 1 root tty 4, 23 Oct 8 22:17 tty23
crw--w---- 1 root tty 4, 24 Oct 8 22:17 tty24
crw--w---- 1 root tty 4, 25 Oct 8 22:17 tty25
crw--w---- 1 root tty 4, 26 Oct 8 22:17 tty26
crw--w---- 1 root tty 4, 27 Oct 8 22:17 tty27
crw--w---- 1 root tty 4, 28 Oct 8 22:17 tty28
crw--w---- 1 root tty 4, 29 Oct 8 22:17 tty29
crw--w---- 1 root tty 4, 3 Oct 8 22:17 tty3
crw--w---- 1 root tty 4, 30 Oct 8 22:17 tty30
crw--w---- 1 root tty 4, 31 Oct 8 22:17 tty31
crw--w---- 1 root tty 4, 32 Oct 8 22:17 tty32
crw--w---- 1 root tty 4, 33 Oct 8 22:17 tty33
crw--w---- 1 root tty 4, 34 Oct 8 22:17 tty34
crw--w---- 1 root tty 4, 35 Oct 8 22:17 tty35
crw--w---- 1 root tty 4, 36 Oct 8 22:17 tty36
crw--w---- 1 root tty 4, 37 Oct 8 22:17 tty37
crw--w---- 1 root tty 4, 38 Oct 8 22:17 tty38
crw--w---- 1 root tty 4, 39 Oct 8 22:17 tty39
crw--w---- 1 root tty 4, 4 Oct 8 22:17 tty4
crw--w---- 1 root tty 4, 40 Oct 8 22:17 tty40
crw--w---- 1 root tty 4, 41 Oct 8 22:17 tty41
crw--w---- 1 root tty 4, 42 Oct 8 22:17 tty42
crw--w---- 1 root tty 4, 43 Oct 8 22:17 tty43
crw--w---- 1 root tty 4, 44 Oct 8 22:17 tty44
crw--w---- 1 root tty 4, 45 Oct 8 22:17 tty45
crw--w---- 1 root tty 4, 46 Oct 8 22:17 tty46
crw--w---- 1 root tty 4, 47 Oct 8 22:17 tty47
crw--w---- 1 root tty 4, 48 Oct 8 22:17 tty48
crw--w---- 1 root tty 4, 49 Oct 8 22:17 tty49
crw--w---- 1 root tty 4, 5 Oct 8 22:17 tty5
crw--w---- 1 root tty 4, 50 Oct 8 22:17 tty50
crw--w---- 1 root tty 4, 51 Oct 8 22:17 tty51
crw--w---- 1 root tty 4, 52 Oct 8 22:17 tty52
crw--w---- 1 root tty 4, 53 Oct 8 22:17 tty53
crw--w---- 1 root tty 4, 54 Oct 8 22:17 tty54
crw--w---- 1 root tty 4, 55 Oct 8 22:17 tty55
crw--w---- 1 root tty 4, 56 Oct 8 22:17 tty56
crw--w---- 1 root tty 4, 57 Oct 8 22:17 tty57
crw--w---- 1 root tty 4, 58 Oct 8 22:17 tty58
crw--w---- 1 root tty 4, 59 Oct 8 22:17 tty59
crw--w---- 1 root tty 4, 6 Oct 8 22:17 tty6
crw--w---- 1 root tty 4, 60 Oct 8 22:17 tty60
crw--w---- 1 root tty 4, 61 Oct 8 22:17 tty61
crw--w---- 1 root tty 4, 62 Oct 8 22:17 tty62
crw--w---- 1 root tty 4, 63 Oct 8 22:17 tty63
crw--w---- 1 root tty 4, 7 Oct 9 07:07 tty7
crw--w---- 1 root tty 4, 8 Oct 8 22:17 tty8
crw--w---- 1 root tty 4, 9 Oct 8 22:17 tty9
crw------- 1 root root 5, 3 Oct 8 22:17 ttyprintk
crw-rw---- 1 root tty 7, 0 Oct 8 22:17 vcs
crw-rw---- 1 root tty 7, 1 Oct 8 22:17 vcs1
crw-rw---- 1 root tty 7, 2 Oct 8 22:17 vcs2
crw-rw---- 1 root tty 7, 3 Oct 8 22:17 vcs3
crw-rw---- 1 root tty 7, 4 Oct 8 22:17 vcs4
crw-rw---- 1 root tty 7, 5 Oct 8 22:17 vcs5
crw-rw---- 1 root tty 7, 6 Oct 8 22:17 vcs6
crw-rw---- 1 root tty 7, 7 Oct 9 07:07 vcs7
crw-rw---- 1 root tty 7, 128 Oct 8 22:17 vcsa
crw-rw---- 1 root tty 7, 129 Oct 8 22:17 vcsa1
crw-rw---- 1 root tty 7, 130 Oct 8 22:17 vcsa2
crw-rw---- 1 root tty 7, 131 Oct 8 22:17 vcsa3
crw-rw---- 1 root tty 7, 132 Oct 8 22:17 vcsa4
crw-rw---- 1 root tty 7, 133 Oct 8 22:17 vcsa5
crw-rw---- 1 root tty 7, 134 Oct 8 22:17 vcsa6
crw-rw---- 1 root tty 7, 135 Oct 9 07:07 vcsa7
The "l" (lower case "L") in front means the file is a link to the real file ttyAMA0. The rwxrwxrwx means that the link is visible to anyone, which is standard and doesn't reflect the permissions on the file it points at.
Yes, that is your serial port. It is owned by root, and also the group "dialout". The pi user should be a member of that group and will have read/write access to that interface (the second "rw-" applies to group members).crw-rw---- 1 root dialout 204, 64 Oct 9 07:07 ttyAMA0
Code: Select all
sudo nano /etc/group
Code: Select all
sudo nano /etc/sudoers