Posted by Daemon on 01/01/06 22:44

4site wrote:
> Happy New Year and all that!
>
> I'd like to write a short PHP script that will allow users to alter
> their virtual server password via a secure web form. I had hoped that
> I might be able to call the shell passwd command from PHP, something
> like this:
>
> exec( "passwd -O $oldpassword -P $newpassword $username" );
>
> but of course that doesn't seem to work.
>
> Is it possible to execute the passwd command silently, ie without the
> shell prompting (twice) for New Password? Or should I be looking in
> another direction altogether - perhaps by editing the
> /usr/local/etc/passwd file instead, yes?
>
> Some advice would be greatly appreciated, thanks.
>
However...

If you are sure what you are doing is the best, and you entrust PHP. I
would turn the passwd file into a large array! Or use it by line thus
ensure the intregrity of your data in case the file becomes exessivly
big! To parse the lines, use $data = explode($line, ':'); "I think!!"

Besure you limit the access to such a script, to many loads at the
sametime, without locking the file, it may cause the file to become
corrupt indefinitly!

Though, how are you going to give PHP that much power over your system,
as root is the only user with writeable flag! (Or it should be!)

[Back to original message]