Practical: Use PHP script to modify Linux or Unix system passwords

This article describes how to use a PHP script to modify a Linux or Unix system password.

Required Tools and Installation:

You must install the following tools and software:

– The shell script that modifies the password;

–sudo access rights;

–apache or LIGHTTPD Web server;

–php Service-side program.

Step 1: Install shell scripts that can modify user passwords

This script can actually be used to modify the password of the Linux user (already tested in Linux and FreeBSD).

Example: Shell scripting code

#!/bin/sh # \ Exec expect-f "$0″${1+" $@ "} set password [lindex $argv 1] Spawn passwd [lindex $argv 0] Sleep 1 expect" as Sword: "Send" $password \ r "expect" Assword: "Send" $password \ r "Expect EOF run shell script (download link):

$ chpasswd Username password Download the script and copy it to your Web root directory or to another location on your Web server (user readable):

$ CP chpasswd/var/www/or if you use a LIGHTTPD Web server:

$ CP chpasswd/home/lighttpd Step 2: Execute command as root through sudo

The Apache or LIGHTTPD Web server will immediately use non-root permissions when it enters the background. This is a good way to prevent password changes, just as the passwd command requires root permission to modify the password of other user accounts.

Typically, Apache 2 uses www-data users, lighttpd use LIGHTTPD users (both regular users, not root users). Log in using the root user, and then execute the following command:

# Visudo Now your Web server allows you to perform password modification scripts (CHPASSWD). If you use the Apache Web server, execute the following command:

Www-data all=nopasswd:/var/www/chpasswd or, if you use the LIGHTTPD Web server, execute the following command:

httpd all=nopasswd:/home/lighttpd/chpasswd Save and exit files.

Step 3. Create a PHP-based interface

Now you need to write a PHP script. Here is a PHP script instance. You can modify it according to your needs. At the very least you need to properly set up the shell script location. Open the PHP script and find the Shellscript line:

$shellscript = "SUDO/HOME/LIGHTTPD/CHPASSWD"; modify Shellscript to point to the correct location. The source code of PHP is downloaded from here:

Step 4: Run the script

In your Web browser address bar Input network address-https://mydomain.com/changepassword.php. You will see the username and password prompt:

If the password is modified successfully, you will receive a confirmation prompt:

For some reasons, if password modification fails, you can refer to the following tips for more detailed error messages:

Step 5: Secure

Never run the above script directly through the HTTP protocol. Instead, the HTTPS protocol is used.

Put the script into a password-protected directory.

Never trust the user's input. The above PHP script is just an example. In a real-world production environment, you need to consider more robust user input validation. Discussing the security of PHP programming is beyond the scope of this article. You can refer to a good PHP book or use your favorite search engine to search for relevant websites.