Use PHP scripts to correct Linux or Unix system passwords

Source: Internet
Author: User
Tags php book
This article describes how to apply a PHP script to correct the Linux or Unix system password. Required Tools and installation: you must install the following tools and software:-Shell script for password fixing;-Sudo access permission;-ApacheorLighttpdweb server;-PHP service

This article describes how to apply a PHP script to correct the Linux or Unix system password.

Required Tools and installation:

You must install the following tools and software:

-Shell script for password modification;

-Sudo access permission;

-Apache or Lighttpd web server;

-PHP server program.

Step 1: Install a shell script that can correct the user password

This script can be used to modify the password of a Linux user (tested in Linux and FreeBSD ).

Example: shell script code


#!/bin/sh# \exec expect -f “$0″ ${1 ”$@”}set password [lindex $argv 1]spawn passwd [lindex $argv 0]sleep 1expect “assword:”send “$password\r”expect “assword:”send “$password\r”expect eof

Run the shell script (download link ):


$ chpasswd username password

Download the script and copy it to your web root directory or other web server status (readable ):


$ cp chpasswd /var/www/

Or, if you apply the Lighttpd web server:


$ cp chpasswd /home/lighttpd

Step 2: execute the command as root through sudo

After the Apache or Lighttpd web server enters the background for running, it will immediately apply non-root permissions. This can prevent password modification, just as the passwd command requires the root permission to correct the passwords of other user accounts.

Generally, Apache 2 uses www-data users and Lighttpd uses lighttpd users (both common and non-root users ). Log on to the application root user and execute the following command:


# visudo

Now your web server promises to fulfill the chpasswd script ). If you use the Apache web server, execute the following command:


www-data ALL=NOPASSWD: /var/www/chpasswd

Or, if you apply the Lighttpd web server, execute the following command:


httpd ALL=NOPASSWD: /home/lighttpd/chpasswd

Retain and exit files.

Step 3. create a PHP-based interface

 

Now you need to write a php script. There is a php script instance. You can fix the issue as needed. At least you need to accurately set the shell script status. Open the php script and find the shellscript line:


$shellscript = “sudo /home/lighttpd/chpasswd”;

Corrected shellscript's position to accuracy. Download the PHP source code from here:

Step 4: run the script

Enter the address https://mydomain.com/changepassword.php in the address bar of your web browser. You will see the username and password prompt:


If the password is successfully corrected, you will receive the following confirmation prompt:


For some reason, if the password correction fails, you can refer to the following prompts for more specific error information:


Step 5: Security

◆ Never run the above script directly through the http protocol. Instead, it applies the https protocol.

◆ Put the script in a password-protected directory.

◆ Never trust the user's input or output. The above php script is just an example. In the real production environment, you need to consider using stronger user input and output confirmation. The security of PHP programming is beyond the scope of this article. You can refer to a good PHP book or apply your favorite search engine to search for related websites.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.