I'm not sure whether this should be under PHP or Bash/Shell Scripting.
I'm attempting to write a PHP frontend for the Unix
rcs utility for a classroom environment. In order to work with multiple users I need to verify the password that user enters coincides with that user's account name on the server. How can I do this? What I have come up with so far is the following:
// Read $user and $pass and run through
// escapeshellarg()/escapeshellcmd() functions
$result = system("echo $pass | login $user"); Is using
login insecure or a bad idea for some reason? More importantly, after this code has been executed (assuming the login was successful) will further calls to system() be under this user? Is there any way to test the output ($result) of this call to determine whether the login was successful under any Unix system (as the output after login varies on most systems)? Is there a better way to accomplish this?
Thanks.
May 10th, 2006, 2:55 PM
Threaded Mode