Index of /xyz/
Name Last modified Size Description
Parent Directory 16-Feb-2012 21:00 -
phpshell.ico 11-Feb-2011 19:03 4k
COPYING 18-Feb-2011 20:18 20k
INSTALL 14-Feb-2012 17:04 4k
AUTHORS 14-Feb-2012 17:04 4k
SECURITY 14-Feb-2012 17:05 8k
style.css 14-Feb-2012 17:06 4k
ChangeLog 16-Feb-2012 20:31 8k
pwhash.php 16-Feb-2012 20:33 4k
phpshell.php 16-Feb-2012 20:35 24k
config.php 20-Sep-2014 06:04 4k
README file for PHP Shell
Copyright (C) 2000-2012 the Phpshell-team
Licensed under the GNU GPL. See the file COPYING for details.
What is PHP Shell?
PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
to execute arbitrary shell-commands or browse the filesystem on your
remote webserver. This replaces, to a degree, a normal
You use it for administration and maintenance of your website, which
is often much easier to do if you can work directly on the server.
For example, you could use PHP Shell to unpack and move big files
around. All the normal command line programs like ps, free, du, df,
etc... can be used.
There are some limitations on what kind of programs you can run. It
won't do no good if you start a graphical program like Firefox or even
a console based one like vi. All programs have to be strictly command
line programs, and they will have no chance of getting user input
after they have been lunched.
They probably also have to terminate within 30 seconds, as this is the
default time-limit imposed unto all PHP scripts, to prevent them from
running in an infinite loop. Your ISP may have set this time-limit to
But you can rely on all the normal shell-functionality, like pipes,
output and input redirection, etc... (There is no -completion,
Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode
then PHP Shell will normally not work --- sorry. Please read the
detailed explanation in the SECURITY file.
Who am I?
You may not be the same user when using PHP Shell, as you are when you
upload your files with FTP. On some systems you will be ``nobody``,
on other systems you will become ``httpd`` or ``www-data``. This is a
rather dangerous "feature" of the way PHP is run by the webserver. A
possible effect of this is that you might end up creating files using
PHP Shell which you cannot delete afterwards using FTP and maybe not
even using PHP Shell. Strange, but true :-)
If you want to execute code as different user, then it's possible to
do so by using the Sudo program available from this address:
The trick is to configure Sudo to allow the user running the webserver
to execute certain commands as a more privileged user. This will have
to be done by the administrator of the server. Please refer to the
documentation for Sudo for further information about doing this.
How to Use It
When you point your browser at PHP Shell you will be asked to
authenticate yourself. By default no username/password will work, so
please go read INSTALL for information about adding a user.
You're back? Good. Enter your username and password and press
the "Login" button.
You will then be presented with a rather simple page containing
nothing much except a big window with the cursor blinking at the
bottom, signaling that it's ready to obey your commands.
Write a command and press ENTER --- or alternatively, press the 'Execute
Command' button if you really want. The command will be executed and
the result will be shows in the terminal. You can now enter another
To be more precise: the terminal is updated with the command line you
have just executed, the output of the command to standard out
(stdout), and following that any error output sent to stderr.
The commands are executed relative to a current working directory,
which is written at the top. You change this by the normal 'cd'
command (or by selecting a other working directory using the links).
The commands must also be complete, so you cannot enter a multiline command:
$ for i in a b c ; do
> echo $i
However, in one line it is allowed: for i in a b c ; do echo $i ; done
Variables are also not preserved between the commands, so
$ echo $A
will output 0 instead of 1. But in one line it works as expected:
$ A=1 ; echo $A
will give you the expected result: 1
An incomplete list of alternatives to PHP Shell would be:
* SSH. The Secure Shell is the standard solution to the problem that
PHP Shell tries to solve. SSH lets you login to a remote system in a
secure way where the traffic and password is encrypted at all
times. You can also upload and download files securely and make
encrypted TCP tunnels.
If your host supports SSH then use it and forget about PHP Shell or
any other solution.
* Telnet. This is the old way to obtain an interactive login on a
remote system. Unfortunately telnet is insecure since the password
and subsequent traffic are sent in clear text. SSH was developed
precisely to replace telnet. The advantage of telnet over PHP Shell
is that it gives you an interactive session.
* See more alternatives at the Anyterm homepage:
You can download the newest version of PHP Shell from
The tarball/zipfile contains these files:
This is the script you run when you use PHP Shell.
A utility used to generate a hashed password. Please read INSTALL
for more information. This file poses no security risk.
This file describe the changes I've made to PHP Shell. By reading
it you'll always know when I've added a new feature or made a
bugfix, and the nature of the feature/bugfix.
This file! :-)
Tells you how to install PHP Shell. Among other things, it
explains how to change the password protection so that you can use
Remember that it's very important to have PHP Shell password
protected, or else everybody will be able so snoop into your files
and perhaps also be able to delete them! Please take the time to
protect your installation of PHP Shell.
A separate guide about security with PHP in general and PHP Shell in
particular. Be sure to read this too, especially if you are getting
strange errors back from PHP Shell.
Standard GNU GPL.
Proudly Served by LiteSpeed Web Server at seroja.kotabatu.net Port 80