In this case you have to use sudo (man sudo). Also you have to make some checks like
if (ereg("[|;,:`'\\\"]", $_POST[PASSWORD]) || ereg("[|;,:`'\\\"]", $_POST{USERNAME])) {
die "<B>Invalid username or password.<br>";
}
Remember that it's very important to check for "|" and ";" in the username/password otherwise some nasty user could inject code after
the useradd command.
Stratsimir
Rajendra Kumar wrote:
hello Mr. Thomas,
thanks for the quick reply. i implimented your code. let me know what's wrong with my code.
newuser.htm:
html
head
body
form action = "signup.php" method = post
Username: input type = text size = 30 name = "USERNAME"
Password: input type = password size = 30 name = "PASSWORD"
Confirm: input type = password size = 30 name = "VERIFYPASSWORD"
input type = submit value = "Sign Up" /form /body /html
signup.php
<?php
IF ($_POST[PASSWORD] == $_POST[VERIFYPASSWORD]){
exec("/usr/sbin/useradd -p $_POST[PASSWORD] $_POST[USERNAME]");
} else { Print("<b> Passwords did not match"); } ?>
can u suggest me.?
-- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
