Closed xzaz closed 11 years ago
GM-Script-Writer-62850
commented
11 years ago which distro (and version) are you using?
this looks like a bug in the access enabler possibly from a really old version of imagescan this is the oldest version tested (by which i mean i ever used) scanimage (sane-backends) 1.0.20; backend version 1.0.20 it is also possible that your distro does not require the access enabler in which case the scanner server will work and you can ignore the error
xzaz
commented
11 years ago I am sorry for the lack of backgroundinformation and thanks for the quick response.
I am using:
I already gave up though, I am running Red Hat right now and going to switch to Ubuntu server in a couple of weeks. There I rebuild the server configuration and will install this server scanning software for home usage.
GM-Script-Writer-62850
commented
11 years ago scanimage -V
will give you the version
cat /etc/lsb-release
will give you your OS info
xzaz
commented
11 years ago Scanning works with:
GM-Script-Writer-62850
commented
11 years ago is upgrading scanimage possible? package name is "sane-utils"
on ubuntu 12.04 that install script will work
i think this command is your problem:
scanimage -f "%d%n%v%n%m%n"
xzaz
commented
11 years ago I'm afraid its not possible to upgrade. The latest version I can find (with my limited knowledge (http://pkgs.org/)) is 1.0.18 for CentOS 5.5 (that's the one i'm currently running right? ClearOS 5.2 is baded on CentOS 5.5).
Everything works fine though, its just the connection between scanimage (sane-backends) 1.0.18 and the web interface.
Commands like:
scanimage --test -d 'epson:libusb:001:011'
are working perfectly...
this is de debug data in de web application:
apache@apollo:/var/www/html/scanner2$ scanimage -f \"{\\\"ID\\\":%i,\\\"INUSE\\\":0,\\\"DEVICE\\\":\\\"%d\\\",\\\"NAME\\\":\\\"%v %m %t\\\"},\"
apache@apollo:/var/www/html/scanner2$ groups www-data
www-data : www-data lp
apache@apollo:/var/www/html/scanner2$ is the server able to detect the scanner from this page? http://localhost/index.php?page=Config keep in mind centos uses really old software, even ubuntu 9.10 (released in oct 2009) has newer software an centos 5.5 you will likely have issues with imagemagick also see bug #2 thus involves centos 6.2 ubuntu 10.04 and up do work, see readme for imagemagick fix for 10.04
the exact issue you have right now ifs a tool that was made to fix a permission issues preventing www-data from accessing scanners, you probably should ask the author of it http://ubuntuforums.org/member.php?u=162029 but even if you do get that working, imagemagick is too out of date to be used, which renders the php scanner useless
xzaz
commented
11 years ago Yhe I though that was the problem though, as I said, I will upgrade to Ubuntu server in a couple of weeks because it gives me some benefits, the reason for this 'old' system is to learn and practise. It did its job but is not keeping up with the requirements right now.
Thanks for the help!
xzaz
commented
11 years ago So I did some coding and figuring some things out. I ended up with a really, (I mean really bad code in aspect of security) I want to share it with all the people any way:
if($_POST)
{
exec("scanimage --mode=Color --resolution 400 > /var/www/html/scanner2/tmp/".$_POST["naam"] .".pnm");
exec("pnmtojpeg --quality=100 /var/www/html/scanner2/tmp/". $_POST["naam"] .".pnm > /var/flexshare/shares/scans/". $_POST["naam"]. ".jpg");
exec("rm -f /var/www/html/scanner2/tmp/". $_POST["naam"] .".pnm");
echo 'Klaar!';
}
?>You need to create a form here with one field (in this case "naam") a post action to _self and a button :).
====== ATTENTION ====== DO NOT use this on a life server, a server that is accessible from the outside. This is a way of scanning a simple file with scanimage process it to jpg en share it on a local network share. It is the concept not a version you can implement directly.
You can see the potential, 1) creater security, 2) AJAX loaded content for example create a draft -> do real scan... etc
with this code:
1) sane has to be installed and only one scanner needs to be attached 2) pnmtojpeg needs to be installed (problems > http://stackoverflow.com/questions/6247225/how-to-fix-pnmscale-pnmtojpeg-command-not-found) 3) the tmp folder needs to get OUTSIDE the www root and needs to be chmod for the apache or www-data user. 4) the final destination folder needs also write premissions from the apache or www-data user.
GM-Script-Writer-62850
commented
11 years ago using a post variable like that is a major security risk
pretend $_POST["naam"]="cd /tmp;wget malicious.jar;chmod +x malicious.jar;malicious.jar"
you know something bad is about to happen
you would be better of using
if($_POST["naam"])Run php in safe mode, from the manual:
"With safe mode enabled, the command string is escaped with escapeshellcmd(). Thus, echo y | echo x becomes echo y | echo x."
Anyway you need to escape and check the user input anyway.
If I find some spare time this week I will update this. You also need to do some other things that involves user rights on the usb device and keeping this alive when the USB is turned off and on.
GM-Script-Writer-62850
commented
11 years ago that would require root access
the scanner access enabler can be run manually from your applications menu or by running scanner-access-enabler
i was unaware of the escapeshellcmd function
edit:
the escapeshellcmd function breaks the scanner server
I got the following back from the script:
What causes this?