Programming Forums - View Single Post

titaniumdecoy · May 10th, 2006, 2:55 PM

I'm not sure whether this should be under PHP or Bash/Shell Scripting.

I'm attempting to write a PHP frontend for the Unix rcs utility for a classroom environment. In order to work with multiple users I need to verify the password that user enters coincides with that user's account name on the server. How can I do this? What I have come up with so far is the following:

(Toggle Plain Text)

// Read $user and $pass and run through 
// escapeshellarg()/escapeshellcmd() functions
$result = system("echo $pass | login $user");

Is using login insecure or a bad idea for some reason? More importantly, after this code has been executed (assuming the login was successful) will further calls to system() be under this user? Is there any way to test the output ($result) of this call to determine whether the login was successful under any Unix system (as the output after login varies on most systems)? Is there a better way to accomplish this?

Thanks.

May 10th, 2006, 2:55 PM	#1
titaniumdecoy Expert Programmer Join Date: Nov 2005 Posts: 903 Rep Power: 3	Using the shell to check passwords? I'm not sure whether this should be under PHP or Bash/Shell Scripting. I'm attempting to write a PHP frontend for the Unix rcs utility for a classroom environment. In order to work with multiple users I need to verify the password that user enters coincides with that user's account name on the server. How can I do this? What I have come up with so far is the following: (Toggle Plain Text) // Read $user and $pass and run through // escapeshellarg()/escapeshellcmd() functions $result = system("echo $pass \| login $user"); // Read $user and $pass and run through // escapeshellarg()/escapeshellcmd() functions $result = system("echo $pass \| login $user"); Is using login insecure or a bad idea for some reason? More importantly, after this code has been executed (assuming the login was successful) will further calls to system() be under this user? Is there any way to test the output ($result) of this call to determine whether the login was successful under any Unix system (as the output after login varies on most systems)? Is there a better way to accomplish this? Thanks.