ID: 38931
Comment by: michael at chunkycow dot com dot au
Reported By: anfsm at uaa dot alaska dot edu
Status: Open
Bug Type: Feature/Change Request
Operating System: windows (2003 SP1)
PHP Version: 5.1.6
New Comment:
G'day
This would be insane for security, exec is bad enough to try and
shelter from the evil outside army of skript kiddies and friends.
Previous Comments:
------------------------------------------------------------------------
[2006-09-23 01:31:22] anfsm at uaa dot alaska dot edu
Description:
------------
i would like the feature to modify user non-domain, windows accounts
directly without having to resort to an exec(); or shell_exec(); command
(probably because i cannot get them to work anyway). a standard old
password, new password, confirm password setup would be ideal.
i have tried exec() and shell_exec with sysinternals psexec.exe and
windows' built-in runas.exe with net user commands. i have tried setting
safe_mode off but i cannot get it to work.
see below for sample
Reproduce code:
---------------
$pp = popen("runas /noprofile /user:machine_name\\administrator \"net
user $username $newpassword\"", 'w');
fwrite($pp, $adminpassword);
// and also tried
shell_exec("echo $adminpass | runas /noprofile
/user:machine_name\\administrator \"net user $username
$newpassword\"");
// as well as for the sysinternals psexec.exe
shell_exec("psexec -u administrator -p $adminpass net user $username
$newpassword");
Expected result:
----------------
be able to change local system passwords by web interface without
relying on external utilities.
Actual result:
--------------
not possible
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38931&edit=1
