exec() and /usr/bin/passwd

ollybach

hi!
i'm tearing my hair out and just wondered if anyone knows the answer to this. Im trying to run a php script as cgi to add a new ftp user.

the adduser works fine, but how on earth can i change/add the password, since , on a command line, you would have to hit return twice te re-enter the new password. i tried everything, but its just not happening.
any hints clues etc would be most appreciated. thanks.
here's what i've got

#!/usr/bin/php
<?
$ftp_path="the path";
$folder="the folder";
$user_name="the user name";

//add user from here - this works

$adduser = "/usr/sbin/useradd -m -d $ftp_path$folder $user_name";
exec ($adduser, $resultArray);
reset($resultArray);
while (list ($key, $val) = each ($resultArray))
{
$resultLines .= "\n" . trim($val);
}

//add user to here

// set password it doesnt work from here onwards

$setpw = "/usr/sbin/passwd $order_user_name ";
$setpw1 = "$or_pwd";
$setpw2 = "$or_pwd";

exec ($setpw , $result1Array);
reset($result1Array);
while (list ($key, $val) = each ($result1Array))
{
$resultLines .= "\n" . trim($val);
}
exec ($setpw1, $result2Array);
reset($result2Array);
while (list ($key, $val) = each ($result2Array))
{
$resultLines .= "\n" . trim($val);
}
exec ($setpw2, $result2Array);
reset($result2Array);
while (list ($key, $val) = each ($result2Array))
{
$resultLines .= "\n" . trim($val);
}

// not working to here

// set rights from here - is fine
// more code etc etc

i also tried all sorts of permutations for the set password part , but to no avail, nor did i find any more usable hints anywhere on the net.
Thnks for your time guys

ollybach

sorry , obviously that $order_user_name in the password part of the code should have read $user_name (no ,that doesnt make it work either)

john8675309

Let me show you my add user script in PHP:

$pass = md5($password);

if ($password != $confirmpassword) {
header("location:signupnow.php?error=12&&user=$username&&password=$pass&&question=$question&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($username)) {
header("location:signupnow.php?error=1&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($password)) {
header("location:signupnow.php?error=2&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($question)) {
header("location:signupnow.php?error=3&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($answer)) {
header("location:signupnow.php?error=4&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($fname)) {
header("location:signupnow.php?error=5&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($lname)) {
header("location:signupnow.php?error=6&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($address1)) {
header("location:signupnow.php?error=7&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}


if (empty($zip)) {
header("location:signupnow.php?error=8&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

if (empty($state)) {
header("location:signupnow.php?error=9&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}

$namecheck = "$username@jkcool.com";

$validEmail = "^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,4}$";
if(!eregi($validEmail, $namecheck)){

header("location:signupnow.php?error=42&&user=$username&&password=$pass&&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");
exit;
}else {




$username = strtolower($username);
$password = strtolower($password);


$connection = mysql_connect("localhost", "john", "camaro");
$db = mysql_select_db("instant", $connection);
$sql = "select * from users where user =  \"$username\" ";
$result = mysql_query($sql,$connection) or die("$sql:<br>" . mysql_error());
$num = mysql_numrows($result);
if ($num == 0) {
include ("header.php");
$sql1 = "insert into userinfo (fname, lname, username, password, question, answer, address1, address2, state, zip, email) values
('$fname', '$lname', '$username', '$password', '$question', '$answer', '$address1', '$address2', '$state', '$zip', '$email')";
$result1 = mysql_query($sql1, $connection);
$sql2 = "insert into users(user, password) values ('$username', '$password')";
$result2 = mysql_query($sql2, $connection) or die("$sql2:<br>" . mysql_error());

$md5pass= crypt($password);
$final = str_replace('$', '\$', $md5pass);



$str = "mkdir /users/$username";
$str2 = "touch /users/$username/.profile";
$str3 = "echo /usr/bin/pine >> /users/$username/.profile";
$str4 = "echo logout >> /users/$username/.profile";
$str5 = $final;


$fp = fopen("/website/job", 'a+');
fwrite($fp, "\n $str \n");
fclose($fp);

$fp2 = fopen("/website/job", 'a+');
fwrite($fp2, "$str2 \n");
fclose($fp2);

$fp3 = fopen("/website/job", 'a+');
fwrite($fp3, "$str3 \n");
fclose($fp3);

$fp4 = fopen("/website/job", 'a+');
fwrite($fp4, "$str4 \n");
fclose($fp4);

$fp5 = fopen("/website/job", 'a+');
fwrite($fp5, "useradd $username -d /users/$username -s /dev/null -p $str5 \nchown $username /users/$username \n");
fclose($fp5);

$fp6 = fopen("/website/job", 'a+');
fwrite($fp6, "echo stty -isig >> /users/$username/.profile \n");
fclose($fp6);

$fp7 = fopen("/website/job", 'a+');
fwrite($fp7, "sendmail $username@jkcool.com < /home/john/.welcome \n");
fclose($fp7);

$fp8 = fopen("/website/job", 'a+');
fwrite ($fp8, "cp /home/john/.sig /users/$username/.sig \n");
fclose($fp8);

$fp9 = fopen("/website/job", 'a+');
fwrite($fp9, "chown $username /users/$username/.sig \n");
fclose($fp9);

$fp10 = fopen("/website/job", 'a+');
fwrite($fp10, "chmod 777 /users/$username/.sig \n");
fclose($fp10);

$fp11 = fopen("/website/job", 'a+');
fwrite($fp11, "cp /users/.forward /users/$username \n");
fclose($fp11);

$fp12 = fopen("/website/job", 'a+');
fwrite($fp12, "chmod 644 /users/$username/.forward\n");
fclose($fp12);

$fp13 = fopen("/website/job", 'a+');
fwrite($fp13, "chown $username /users/$username/.forward\n");
fclose($fp13);


echo "<b>New Accounts Created Every 1 Minute</b><br>";
passthru(date);
echo "<br>";
echo "The Account you requested has been created $username";

} Else {
header("location:signupnow.php?error=11&&user=$username&&password=$pass&question=$question1&&answer=$answer&&fname=$fname&&lname=$lname&&address1=$address1&&address2=$address2&&zip=$zip&&state=$state&&email=$email");

}
}

this is probably more then you wanted to know but pay close attention how I took the password and encrypted it shadow style then I used the -p switch that will add it to the shadow file automatically.

(OH YEAH I WENT BALD FIGURING THIS OUT)

John

john8675309

oh yeah forgot. I added all my users to a database so I would check it against that as well as my home directory just to make sure I didn't do an add user with a user that already exsisted. Also ignore how $md5pass= crypt($password) I had a hard time figureing out how to make the password shadow style and I never changed the varible so it should probably read $shadowpass = crypt($password); FYI

John

gid

function rannum(){
        mt_srand((double)microtime()*1000000);
        $num = mt_rand(46,122);
        return $num;
}

function genchr(){
        // return random salt character
        do {
                $num = rannum();
        } while (($num>57 && $num<65) || ($num>90 && $num<97));
        $char = chr($num);
        return $char;
}

function saltstr($size){
        // make salt
        for($i=1;$i<=$size;$i++) {
                $string = $string.genchr();
        }
        return $string;
}

function gensalt($type){
        if($type=="md5") {
                // use md5 encryptions for debian systems
                return sprintf("$1$%s$",saltstr(8));
        } else {
                // default to regular 2 char des
                return saltstr(2);
        }
}

using these functions you would then set the password using this:

$crypt = crypt($password,gensalt($passtype));

where passtype is either md5 or des depending on your system.

then you can call usemod like this:

echo `usermod 2>&1 -p '$crypt' $username`

Most of this code is taken from our exim web config program called Theem, that we're working on polishing up and then eventually releasing.

gid

actually, now the mt_srand() should be taken out as php > 4.2 seeds the random number generator for you.