Linux Terminal Emulator For Website

[l11h]

Hi,

 

I am trying to find a terminal emulator which I could embed into my website. 

 

I have found a few like ajaxterm / shellinabox / Gate One. 

 

But what I wanted was an emulator but I could do checks on what the user has inputted. So what I mean in the emulator if a user inputs chmod 777 the emulator will say "Sorry this is not accepted" and this command is never passed to the server. 

 

I would appreciate all your help.

 

Thank You

[lutzee]

Terminal emulators just load a shell, what you really should be doing is just preventing some users from executing such commands by not letting them read/execute them, also if you stop them from being able to read directories and lock them to their own home directory it shouldn't be a problem.

 

The other option is to write a web program that only accepts certain commands then passes them to a hidden shell.

[l11h]

The other option is to write a web program that only accepts certain commands then passes them to a hidden shell.

Hey Iutzee,

 

Do you know how I could get the command to pass through to a hidden shell? I would appreciate all your help.

 

Thank You.

[rashdanml]

I'm completely spitballing here, but don't terminal emulators need to be set up with some kind of user account on the server-side? You can restrict permissions on the server-side easily, assuming you had root access to the server. 

[l11h]

Yes you are correct I could just do it on the server side however, that will be too easy. This is actually for a school project so need to make it complicated, so making the website validation should get me more marks. 

 

I know it can be done as there are terminal sites which don't allow certain commands, maybe this is on the server side I have no idea, but Iutzee could be right, if I have a text box with certain matching phrases that should put an extra layer of security. And then maybe use that to send it to the terminal emulator which is connected to the server. 

 

The problem is I have no idea of how this could be done. 

 

lol

 

But thanks for all your help it's giving me more ideas

[rashdanml]

Well, I know PHP has the ability to execute shell/terminal commands. http://php.net/manual/en/function.exec.php The page shows some examples as well as warnings for security reasons. 

 

You can then write a fairly simple script that reads the entered command from a textbox, and then compare it to an array of black-listed commands. If the command is black-listed, throw an error. If not, command is sent to the server, which can then be displayed inside another box (which can be refreshed using Javascript/Ajax to show a running list of executed commands and outputs). 

 

Essentially creating your own terminal emulator using PHP/Javascript. 

 

e: Depending on where the PHP script is hosted, it may not have the permissions to execute certain commands by default. This is due to PHP not having the required permissions server-side which can be modified to grant it unrestricted access - then control access through the PHP script. 

[l11h]

Well, I know PHP has the ability to execute shell/terminal commands. http://php.net/manual/en/function.exec.php The page shows some examples as well as warnings for security reasons. 

 

You can then write a fairly simple script that reads the entered command from a textbox, and then compare it to an array of black-listed commands. If the command is black-listed, throw an error. If not, command is sent to the server, which can then be displayed inside another box (which can be refreshed using Javascript/Ajax to show a running list of executed commands and outputs). 

 

Essentially creating your own terminal emulator using PHP/Javascript. 

 

e: Depending on where the PHP script is hosted, it may not have the permissions to execute certain commands by default. This is due to PHP not having the required permissions server-side which can be modified to grant it unrestricted access - then control access through the PHP script. 

hmmm... this seems like an interesting project

 

But problem is I have googled some ways on how to make my own terminal but all I get is terminal emulators that are pre-created, sure they are easy to use, but there seems to be nothing from where I could get a basic idea of how I could develop my own. 

 

Do you have any ideas on how this could be made? I have bought some basic books on Javascript / Ajax so yh I am pretty weak on those topics but I will learn, but I do understand the basic principles. 

 

Thanks again for all the help you have provided. 

 

e: what I mean is how would i get the output from the terminal to show on the site? 

[IdeaStormer]

Its been done, insecure as hell but doable:

 

http://phpshell.sourceforge.net/

[rashdanml]

e: what I mean is how would i get the output from the terminal to show on the site? 

I usually break down the process step by step. Makes it easier to figure out what's actually needed.

 

1) You need an input box to send the command to the server. You also need a window to display the output. Both are easily accomplished using HTML and a PHP script to read the inputs. I call it a window, but it's really an outlined box (<div> with a few styles to make it look like a terminal window). 

2) The exec() function has an argument for output. You can specify an output array which will send every line of the command output to that array. All that remains is to then read that array and display it in the window above. It'll be something like exec($command, $output) where $output contains every line of output from the terminal.

 

The rest is figuring out how to display an ongoing stream of inputs and outputs. You could use a text file and simply add each line of input/outputs (formatting it as necessary) as the command is sent to the server, then use the display box to load that text file. With a bit of Ajax, you can set the display box to refresh a few seconds after a command is sent to the server through  the input box. 

 

As for commands that the user shouldn't be using, I've already mentioned how to do it. A simple conditional works - but can get messy. Perhaps a more elegant solution is to use a database of commands and arguments that aren't permitted; on input, the script checks the database before exec() runs. 

 

Also, see the above link. It's more or less the above process. Security is a huge concern, though. Typically, PHP has restricted access on a shared server. On a dedicated server/VPS, you can allow PHP unrestricted access, but that's dangerous - unless used in a controlled environment (only by you).