Execute php code only if javascript statement is true

Question

I try to execute php code, depending on how the value of a confirm checkbox was, like in this code snippet.

<script>
    var check = confirm ('Are you sure ?');

    if (check == true)
    {
        <?php shell_exec('sudo shutdown -r now'); ?>
    } else {
        <?php 
            header("Location: index.php"); 
            exit();
        ?>
    }

</script>

But the confirm dialog box is not showing up, and the shutdown command is executed? Is this even possible?

Answer 1

Javascript is executed by the browser after it's send to him. PHP is executed by the server before the answer is analyzed. Use an XMLHttpRequest to tell you when check is true.

Answer 2

You can try AJAX to send the request to php for executing the shell_exec part, for the redirect part can be managed within jquery you don't need php for that. But again shell_exec is VERY VERY sensitive , use it with precaution.

in place of header("Location: index.php"); use window.location

in place of <?php shell_exec('sudo shutdown -r now'); ?> <?php shell_exec('sudo shutdown -r now'); ?> use $.ajax({ code here });

Answer 3

PHP is a server-side language, so you can NOT execute it from your client side JavaScript. PERIOD. The dialog box is not showing up, because you have some JS errors, an the command is executed because the HTML is rendered on the server, and executes the PHP before sending the whole HTML to the Browser.

AND by the way, you should never do a shell_exec based on a confirm dialog like this.

This might be an approach:

Part of your HTML:

<script>
    function shutDown() {
        if ( confirm ('Are you sure ?') )
        {
            var xhReq = new XMLHttpRequest();

            xhReq.open( "POST", "ajax.php", false );
            xhReq.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
            xhReq.send("cmd=shutdown");

            var serverResponse = xhReq.responseText;
            alert(serverResponse); // Shows the return from the PHP script
        } else {
            window.location.href = "index.php";
        }
    }
</script>
<a href="javascript:void(0)" onclick="javascript:shutDown()"/>shutdown</a>

Part of your PHP file (ajax.php), that handles the AJAX request(s):

if( isset( $_POST["cmd"] ) && $_POST["cmd"] == "shutdown" ) {
    // your shutdown code
    // I'm not sure if "sudo" really works in this context, because you have to verify with a password, except your php process is already running with sudo rights
    shell_exec('sudo shutdown -r now');
}

// you can return something here,
// but it only makes sense if you don't shutdown the server
// you are running the website to shutdown ;) 

Answer 4

This should work as long as the page is save as *.php

<script>

    if (confirm ('Are you sure ?'))
    {
        <?php shell_exec('sudo shutdown -r now'); ?>
    } else {
        <?php 
            header("Location: index.php"); 
            exit();
        ?>
    }

</script>