can't download file using wget with authentication while being called from php

Question

I've created a small remote download script which downloads remote files to my server using wget. Now here's how it works: I have a html form, which the user can enter the URL, destination file name, and optionally username and password to authenticate, in case needed. The form calls a php script, using AJAX, and the php script passes the information to a shell script. Now the problem is, the shell script works flawlessly on my local linux machine, but on my server, it doesn't work with authentication(without authentication, it works just fine.)

#!/bin/bash

if test $# -eq 2
then
    wget -O "$2" $1
elif test $# -eq 4
then
    wget -O "$2" --http-user="$3" --http-password="$4" $1
else
    wget $1
fi

it might be worth mentioning that, I own a shared server.

Thanks

EDIT: Is it possible that the version of wget installed on the server, doesn't support http authentications???

EDIT 2: I piped the output of wget to a file like this:

wget -O "$2" --http-user="$3" --http-password="$4" $1 | echo >> output

but the output is empty, i.e. no messages is being printed from wget!!! And I did this too, to check if the credentials passed is ok:

echo "$3 | $4" >> credentials

And it was ok.

And this is the php code which runs the shell script:

if(isset($_POST["startdownload"]))
{
    list($url, $dest, $user, $pass) = explode("|", urldecode($_POST["data"]));
    $filelen = file_len($url);
    $freespace = getRemainingSpace();
    //die( "( Free: $freespace, File: $filelen )" );
    if($filelen > $freespace - 10000)
    {
        $result = json_encode(array("error" => true, 
                        "message" => "There is not enough space to download this file. ( Free: $freespace, File: $filelen )"));
        die($result);
    }
    else
    {
            if($user != "NULL" && $pass != "NULL")
            {
                execInBackground("../dl.sh '{$url}' '../{$dest}' '{$user}' '{$pass}'| at now");
            }
            else
            {
        execInBackground("../dl.sh '{$url}' '../{$dest}' | at now");    
            }
            $result = json_encode(array("error" => false, "message" => "Starting download..."));
            die($result);
    }
}
function execInBackground($cmd) 
{
    if (substr(php_uname(), 0, 7) == "Windows"){
        pclose(popen("start /B ". $cmd, "r")); 
    }
    else {
        exec($cmd . " > /dev/null &");  
    }
}

On a security note, i hope you're escaping the vars. Also, why not use cURL? It's much easier also on the HTTP-authentication! — ChrisH
Well, actually I can't remember why I chose wget over curl. I've recently decided to add the authentication :-). and about escaping, the thing is, i'm the only one who's gonna be using it, so no worries there ;-) — Milad.Nozari
I guess I used wget, because curl would block the php script, and I wanted something asynchronous, though I'm not sure! — Milad.Nozari

ChrisH ChrisH · Accepted Answer · 2013-05-15T11:38:07

Well, running this script via system/exec/shell_exec or any others, probably going to "block" the rest of the PHP script anyway. But as an answer, check out this: http://www.zarafa.com/wiki/index.php/Using_wget_and_HTTP_authentication_for_supported_downloads

wget -O "$2" --user="$3" --ask-password="$4" $1

can't download file using wget with authentication while being called from php

1 Answers