Login

i have a VBScript file. When its on the computer it works fine. I want to put it on a php site for it to be executed by a button click. but i have not been successful. it actually get computer info. hoping it will work on the users machine. any ideas will be appreciated. If or if anyone knows how to do it with jscript

Here is the code :

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")

For Each objOperatingSystem in colSettings
Wscript.Echo "OS Name: " & objOperatingSystem.Caption
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Available Physical Memory: " & _
objOperatingSystem.FreePhysicalMemory
Next

Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colSettings
Wscript.Echo "Total Physical Memory: " & _
objComputer.TotalPhysicalMemory
Next

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

Set colSettings= objWMIService.ExecQuery _
("SELECT * FROM Win32_DiskDrive")
For Each objItem In colSettings
WScript.Echo "Disk Size: " & objItem.Size
Next

Dim WSHShell
Dim objAdr
On error resume next
Set WSHShell = WScript.CreateObject("WScript.Shell")
test = wshshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names")
If err.number > 0 Then
msgbox "SQL Server not found"
else msgbox "SQL Server found"
end if

Ok, let's just pretend we live in a world where what you want is possible:

1. Every webserver in the world can dump code onto a client machine and execute it
2. Your machine will happily execute whatever the webserver wants
3. Do it all silently without the user knowing.
4. Magically turns every machine in the world into a Windows PC so that this VB script code can be executed
5. Sarcasm detectors become commonplace on the web and preceding 4 points will read as such.

Web browsers are locked down to prevent exactly the type of abusive things your snoop code is attempting to do, because what your code is trying to retrieve from computers is NONE OF YOUR BUSINESS.

You can have external vbscript files included just like an external js file but it'll only run in IE on a Windows environment, with special privilegies.

You can run an executable from the client machine using an ActiveXObject, and the executable will need to be installed on the client machine with the proper permissions for the browser to execute it.

an example in javascript using ActiveXObject:

var shellActiveXObject = new ActiveXObject("WScript.Shell");
shellActiveXObject.CurrentDirectory = currentFolder;
shellActiveXObject.Run(executableFullPath, 1, false);
shellActiveXObject = null;

If you (and especially chloe's boss) agree, that

- a website shouldn't spy on the client's computer
- a user is entitled to a little help wrt the system requirements for a software he is about to install
- such help shouldn't involve a lowering of the security settings

your options are

- list the requirements and give detailed instruction how to determine them
- windows: offer the user (to download) the source of a HTA ([HTML Application][1]) that generates/shows an appropriate report
- unix/linux: offer the user (to download) the source of a script (pick at least two popular languages) that generates/shows an appropriate report
- given that you'll write an installer anyway that will check requirements, you can bundle those checks into an independent "make sure of the requirements" application

If you decide a HTA would be suitable, say so, and I will add to this answer.

To get you started:

Minimalistic sysreq.hta:

<html>
<head>
<title>System Requirements For XXX</title>
<hta:application
id="sysreq"
></hta>
<script type="text/vbscript" src="sysreq.vbs"></script>
<script type="text/jscript" src="sysreq.js"></script>
</head>
<body onload="onload">
<table id="tblSysReq" border="1" summary="KeepTidyHappy">
<tr>
<td id="tdOS">
</td>
</tr>
<tr>
<td id="tdMSSQL">
</td>
</tr>
</table>
</body>
</html>

For the production version you should write a nice page using your HTML editor/ide and just insert the hta element. There is a rather dated [wizard][2] that may help you to put HTA specific (interactive) elements/code into your HTML. Some MS install CD/DVD/ISO contain a setup.hta that you may use for further inspiration; some googleing will point you to .hta apps like [System Documenter Wizard][3]. None of these sources are to be trusted without carefull single step testing; e.g.: I started my .hta from [the official docs][4] and couldn't get it to run on Windows 7 until I zapped the nasty `<meta http-equiv="x-ua-compatible" content="ie=9">`.

While you probably will include your script inline into the .hta, for developing it's better to include code via the src attribute of the script tag. In sysreq.vbs:

Sub onload()
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
' Wscript.Echo "OS Name: " & objOperatingSystem.Caption
document.getElementById("tdOS").innerText = "OS Name: " & objOperatingSystem.Caption
Next
If False Then
Dim WSHShell : Set WSHShell = CreateObject("WScript.Shell")
On error resume next
' test = wshshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names")
test = wshshell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL\SQLEXPRESS")
If 0 <> Err.Number Then
' msgbox "SQL Server not found"
MsgBox Err.Description
test = "SQL Server <b>not</b> found"
Else
' msgbox "SQL Server found"
test = "<i>SQL Server found</i>"
End If
document.body.all("tdMSSQL").innerHTML = test
Else
JsHelper
End If
End Sub

I tried to follow the code you published; the necessary changes are to replace the WScript.Echo output by 'writing' to the HTML elements' innerText/HTML by using either `document.getElementById()` or `document.body.all()`.

To get ideas/sample code for the gathering of information, look at tools like [Scriptomatic][5]. As you mentioned JScript, I throw in sysreq.js:

function JsHelper() {
var WSHShell = new ActiveXObject("WScript.Shell")
try {
var test = WSHShell.RegRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\Instance Names\\SQL\\SQLEXPRESS");
document.all.tdMSSQL.innerHTML = "<i>SQL Server found</i>";
}
catch(e) {
alert(e);
document.all.tdMSSQL.innerHTML = "SQL Server <b>not</b> found";
}
}

to let you compare JScript and VBScript code dealing with the same problem.

For what this is worth - **I** tested this on Windows XP and 7 using a non-privileged user account; I hope **your** mileage may not vary.

WRT chloe's question "is it possible to put two different scripting languages in the same hta?": In .HTAs (and .WSFs or .WSCs) you can mix all (installed) ActiveScript languages (VBScript, JScript, Perlscript, Pythonscript, Rubyscript, ...) by using the script tag either inline or via the src attribute. This is great for learning, but in general not appropriate for production code.

[1]: