hi ,
Since the adduser command demans input from the shell from the
user, i would be tempted to use the useradd command to do what you are
planning to do , give that shot . Thank you
On Sat, 2010-07-10 at 23:02 -0400, Adam Richardson wrote:
> On Sat, Jul 10, 2010 at 4:39 PM, Matt M. <cmorrow132@xxxxxxxxx> wrote:
>
> > The only thing is, when I execute this command from a shell, it works.
> > Obviously I'm replacing $username and $password with something valid when
> > doing this manually.
> >
> > It's like the script clears the $username variable just before it executes
> > the command, or because the variable is inside quotes, it is not getting
> > through.
> >
> >
> > From: Ashley Sheridan
> > Sent: Saturday, July 10, 2010 2:01 PM
> > To: Matt Morrow
> > Cc: php-general@xxxxxxxxxxxxx
> > Subject: Re: adduser & php
> >
> >
> > On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
> > I am using php 5 on OpenBSD 4.7
> >
> > I have a script which takes a username and password from $_POST, and is
> > supposed to add the user to the system database. The problem is, adduser
> > creates a username with the same name as the group. The code is:
> >
> > $username=$_POST['username'];
> > $password=$_POST['password'];
> > $output=exec('/usr/bin/sudo adduser -unencrypted -batch
> > $username hosting "$firstname $lastname" $password');
> > echo "result: " . $result . " output: " . $output;
> >
> >
> > The output is:
> > Added user ``hosting''
> >
> > I have validated that $username and $password contain the correct values
> > from the form, by outputting them as well above the line which calls the
> > adduser command.
> >
> > Any help is appreciated.
> >
> > Matt
> >
> > I'm not entirely sure about the syntax you're using here, as it doesn't
> > quite match up with what I see on the useradd (which is what adduser
> > synonyms to) man page (type 'man useradd').
> >
> > Aside from that, be very, very, very careful with this command. In your
> > example you've not sanitised the user input, and the useradd command is used
> > to update details as well as add new users, and you're running it with root
> > privileges under sudo. Maybe enforce some specific name mechanism (a prefix
> > like 'yoursystemname_username') to ensure that people aren't unwittingly or
> > deliberately trying to overwrite existing system user details.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> >
> >
> Matt, one problem I see:
>
> output=exec('/usr/bin/sudo adduser -unencrypted -batch $username hosting
> > "$firstname $lastname" $password');
>
>
> The code won't replace the variables (i.e., variables are not expanded)
> because they're contained within single quotes and will be evaluated
> literally:
> http://php.net/manual/en/language.types.string.php
>
> That said, as others have pointed out, be very, very careful with this type
> of functionality. Even just viewing the code makes me feel like I should
> smoke a cigarette to calm my nerves (and I've never been a smoker ;)
>
> Adam
>
Regards, <br>
Gautam Bhatia <br>
mail2gautambhatia@xxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
