Posted by Steve on 01/02/06 07:05

On Sun, 01 Jan 2006 20:44:29 +0000, Daemon wrote:

> 4site wrote:
>> Happy New Year and all that!
>>
>> I'd like to write a short PHP script that will allow users to alter
>> their virtual server password via a secure web form. I had hoped that
>> I might be able to call the shell passwd command from PHP, something
>> like this:
>>
>> exec( "passwd -O $oldpassword -P $newpassword $username" );
>>
>> but of course that doesn't seem to work.
>>
>> Is it possible to execute the passwd command silently, ie without the
>> shell prompting (twice) for New Password? Or should I be looking in
>> another direction altogether - perhaps by editing the
>> /usr/local/etc/passwd file instead, yes?
>>
>> Some advice would be greatly appreciated, thanks.
>>
> However...
>
> If you are sure what you are doing is the best, and you entrust PHP. I
> would turn the passwd file into a large array! Or use it by line thus
> ensure the intregrity of your data in case the file becomes exessivly
> big! To parse the lines, use $data = explode($line, ':'); "I think!!"
>
Not necessarily. Because the world and his dog need read access to
/etc/passwd, the password itself is usually stored in /etc/shadow.

Steve

[Back to original message]