Executing the 'whois' unix shell command via PHP

Category: Software and Systems Engineering
Author: Sean O'Donnell
Thu, Feb. 20th, 2003 @ 2:20:22 (MST)

This example will help you build a (secure) 'whois' object (wrapper) for your PHP Web Application, but more importantly, it will show you how to execute Unix shell commands 'safely' using object oriented programming.

If you're not familiar with what 'whois' is, it's a simple method to 'look-up' (or 'query') the registrar information for a domain name, which should provide detailed information regarding the person who registered/owns the domain name.

Object: whois

<?php
/**
 * @file whois.php
 *
 * A simple WHOIS (wrapper) object written in PHP4
 *
 * @author Sean O'Donnell <sean@seanodonnell.com>
 *
 * $Id: whois.php,v 1.2 2003/02/16 12:24:19 seanodonnell Exp $
 *
 */

class whois
{
    var 
$cmd;

    function 
whois()
    {
        
$this->set_whois_cmd();
        return;
    }
    
    function 
set_whois_cmd()
    {
        if (
file_exists('/usr/local/bin/whois'))
        {
            
$this->cmd '/usr/local/bin/whois';
        }
        elseif (
file_exists('/usr/bin/whois'))
        {
            
$this->cmd '/usr/bin/whois';
        }
        elseif (
file_exists('/bin/whois'))
        {
            
$this->cmd '/bin/whois';
        }
        else
        {
            die(
"<h1>Error:</h1>\n<p>Couldn't locate the 'whois' program.</p>");
        }
    }
    
    function 
query($domain
    {
        
/**
         * return the whois results with text linebreaks converted into html linebreaks 
         */
        
return nl2br(shell_exec(escapeshellcmd($this->cmd ." "$domain)));
    }
}
?> 

The object above is intended to be saved as 'whois.php', and then included into a script that will call upon the 'whois::query()' object/method.

Example:

The following example (below) will demonstrate a simple way to use the whois object (above).

<?php
/** 
 * @file whois_example.php
 *
 * A simple example of how to use my whois.php class.
 *
 * @author Sean O'Donnell <sean@seanodonnell.com>
 *
 */
@require_once 'whois.php';

$whois = new whois();

print 
$whois->query("seanodonnell.com");
?>

This example should return the results of the whois (seanodonnell.com) query.

Security

The whois object uses the 'shell_exec' function, so 'safe_mode' must be turned 'off' in order for this to work. Technically, turning safe_mode off is a Security Risk, so you may not even want to run this script, it's really up to you.

I use this on my own laptop web server (localhost), and on my web site.

In most shared-hosting environments, safe_mode will be 'on', so this script probably won't work in such an environment.

The whois object is programmed to avert any unwanted shell arguments or shell command tricks that would allow execution of other (or multiple) shell commands.

Alternatives

There is also a PEAR 'Net_Whois' extension that can be used in a similar fashion.

I just feel it's easier to have my own set of (non-PEAR) objects to use, so I tend to not use PEAR if I can, but sometimes using PEAR is the more logical/practical solution.

Copyleft (<) 1998-2019 www.seanodonnell.com