Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Escaping powershell command

Status
Not open for further replies.
MikeM2468

MikeM2468

IS-IT--Management
Apr 5, 2011
100
0
0
US
I've got a working PHP script that changes Active Directory passwords. The one problem I have is that I can't pass a password with a & in it because it breaks the powershell command. Is there a good way to escape that?
Here is what I'm running:
Code: 
$adpwchange = shell_exec("powershell import-module activedirectory ; Set-ADAccountPassword -identity $login -reset -newpassword (convertto-securestring -asplaintext '$password' -force) < NUL");
 
Sort by date Sort by votes
would shellescapearg() be what you are looking for? note that it enquotes the argument, so you should not double enquote yourself
 
Upvote 0 Downvote
I'm not having any luck putting that anywhere.
 
Upvote 0 Downvote
Code: 
shell_exec("powershell import-module activedirectory ; Set-ADAccountPassword -identity " . escapeshellarg($login) ." -reset -newpassword (convertto-securestring -asplaintext " . escapeshellarg($password) ." -force) < NUL");
i'm guessing as I don't use windows I'm afraid. perhaps the ampersand is an illegal character in windows passwords?
 
Upvote 0 Downvote
No, it's legal. Powershell, however, sees it as an escape character. The above didn't work either.
 
Upvote 0 Downvote
please try echoing the command string to the screen and then copying it directly into a powershell window. logically powershell should also refuse that as the data is precisely the same.

a brief research suggests that the ampersand is not an escape/special character in powershell, nor in active directory (see this link ). So I am not convinced that we've found the actual problem yet! Might it be an issue with encoding? i.e. input in utf8 and it should be piped through in ascii? if so perhaps utf8_decode()? or even html_entity_decode if it is possible that the input came in over a GET or urlencoded input.

 
Upvote 0 Downvote
If I echo the output and then throw that at the command line I get what I expect. It stops at the & and thinks the rest is a new command.
 
Upvote 0 Downvote
still clutching at strings as no windows in my world!

i have two possibilities. the first is enquoting the password in double quotes.

Code: 
$login =  'mylogin';
$password = 'mypassword';
$command = 'powershell ';
$args = array(
		'import-module ActiveDirectory;',
		'Set-ADAccountPassword -identity ' . $login . ' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "' . $password . '" -force)',
		);
		
$output = shell_exec( $command . implode(' ', $args) . ' < NUL');
print_r($output);

the second is creating a script and then using php to call the script

Code: 
$query = shell_exec("powershell -command " . escapeshellarg('c:\path\to\script.ps') . " -username '$username' -password '$newPassword' < NUL");
 
Upvote 0 Downvote
I think I need to focus on getting the command to work from the Windows command line first. Then come back to see how to format it properly with PHP.
 
Upvote 0 Downvote
ah. yes. I thought you were working from a known good position and trying to make it work with php.

definitely get the command line version working first. I think the path of least resistance would be to create a powershell function that uses LDAP to change the password that takes two arguments. plenty of examples on the web.

also could you just use the net user command rather than powershell ?
 
Upvote 0 Downvote
I figured out the powershell part. The & needs to be escaped with a ^. Now the question is how do I find and prefix & in the password field with ^ in PHP? Looks like I'll also need to escape ^ with ^ in the event it is used.
 
Upvote 0 Downvote
Wow. How surreal!

Assuming this is just the password part use str_replace('&','^&', $password).
 
Upvote 0 Downvote
Is there a way to catch the output of shell_exec()? Something isn't passing correctly. Does it see ^ as something special?
 
Upvote 0 Downvote
Shell_exec returns all output. So everything is captured. I do not know what the effect of piping to null is on a windows computer but try deleting that bit if you are not getting any response.

I do not believe that a carat is a special character outside of regex. I'm still massively surprised that power shell uses a carat as a method of escaping special characters.
 
Upvote 0 Downvote
If I run the command with the substituted variables at the cli, it works ok. shell_exec() is passing it in a way that isn't working. But with no output to see what the error is, I can't troubleshoot it.

If I remember correctly, without the NUL, powershell never exits.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BobMCT
  • Locked
  • Question
Rehash of escaping strings to/from mysql/mariadb?
Replies
1
Views
45
vacunita
vacunita
bradoirs
  • Locked
  • Question
writing a PHP command as a string
Replies
2
Views
31
vacunita
vacunita
raphael75
  • Locked
  • Question
PHP command line, echo, &amp; exec
Replies
3
Views
43
Michael42
Michael42
Chelsea7
  • Locked
  • Question
How do I change the date format using the echo command?
Replies
2
Views
22
dkdude
dkdude
gavray
  • Locked
  • Question
Create array for db result place in soap command
Replies
1
Views
22
jpadie
jpadie

Part and Inventory Search

Sponsor

Back
Top