Crypt formatting

john8675309

How can I format a crypt string where ever there is a $ i want a \$ in ideas str_replace dosen't work. Please advise asap I will try anything very desperate

mmilano

str_replace works fine if you escape the proper characters. there is a php function to add slashes, but here is how to do it manually.

here is an example of the code below:
http://www.codenewbie.com/test.php

<?
// define $var and escape any characters unless you are pulling form a database
$var="\$test";

echo "original var: $var <br>";

// replace all $ with \$  remember you ahve to escape the \ also
$var=str_replace("\$","\\\$",$var);

echo "after str_replace: $var <br>";

// encyrpt the string
$var=md5($var);

echo "after encryption: $var";
?>

john8675309

Well the thing is though is that I am tring to do it this way

crypt($var);
$pass = str_replace("\", "\$", $var);
echo $pass
so the $var will be different all of the time. I am trying to make this so I can just directly insert it into /etc/shadow file so I can make userlogins from a webpage. but everytime I insert it it always custs off the $ or the / but I have notcied if I could have a \ in front of the $ then it will keep it the same. but str_replace doesen't work with the crypt function

mmilano

i don't know much about crypt. i'm curious though, .. does crypt ever generate backslashes as part of the encryption like it does "$" ? if it does, i don't see how replacing $ with \$ would work as sometimes the encryption might put a "\" and "$" next to eachother. i suppose the solution for that would be to escape the "\" as well..

anyhow, good luck with that.

john8675309

how would one go about escaping that a crypt string looks like this $1$FvpXZP82$.OyXqvWsguconVY6hQaqS1 and I need to escape the $ i have never seen one with a \ one / I suppose it is all possible

mmilano

maybe this will work:

addslashes($var);

http://www.php.net/manual/en/function.addslashes.php

john8675309

it does the same thing. here is the source for the entire program. Don't beat me because it looks bad please

<?
include('valid.php');
$dir = opendir("/home");
while ($file_name = readdir($dir))
if($file_name == $email) {
echo "We apologize for the inconvience but the email address $email@jkcool.com has already been taken please try a
different on";
exit;
} else {

if ($password != $confirmpassword) {
echo "Sorry but the passwords you entered do not match";
exit;
} else {

$md5pass= crypt($password);
$final = addslashes($md5pass);

$str2 = "mkdir /home/$email";
$str3 = "touch /home/$email/.profile";
$str4 = "echo /usr/bin/pine >> /home/$email/.profile";
$str5 = "echo logout >> /home/$email/.profile";
$str6 = $final;

$fp2 = fopen("/website/job", 'a+');
fwrite($fp2, "$str2 \n");
fclose($fp2);

$fp3 = fopen("/website/job", 'a+');
fwrite($fp3, "$str3 \n");
fclose($fp3);

$fp4 = fopen("/website/job", 'a+');
fwrite($fp4, "$str4 \n");
fclose($fp4);

$fp5 = fopen("/website/job", 'a+');
fwrite($fp5, "$str5 \n");
fclose($fp5);

$fp6 = fopen("/website/job", 'a+');
fwrite($fp6, "useradd $email -p $str6");
fclose($fp6);

echo $final;

$connection = @mysql_connect("localhost", "john", "camaro") or die ("Can't
connect to SQL host");

$db = @mysql_connect_db(authorize, $connection) or die ("Can't select the
sql database you specified");

$sql = "insert into email (username, password) values ($email,
$password)";

$result = @($sql, $connection) or die ("Can't run the SQL
query");

echo "The User Has been Created Please wait for 5 minutes before loggining
in";
}
}

it just dosen't seem to want to add those slashes anymore ideas

John

dannys

Try:

$md5pass= crypt($password); 
$final = str_replace('$','\$',$md5pass);

Note the single quotes - they force php to take everything 'as-is' i.e. a $ is a $ not the beginning of a variable.

john8675309

A million thank you's it works GREAT

John