This article describes how to apply a PHP script to correct the Linux or Unix system password. Required Tools and installation: you must install the following tools and software:-Shell script for password fixing;-Sudo access permission;-ApacheorLighttpdweb server;-PHP service
This article describes how to apply a PHP script to correct the Linux or Unix system password.
Required Tools and installation:
You must install the following tools and software:
-Shell script for password modification;
-Sudo access permission;
-Apache or Lighttpd web server;
-PHP server program.
Step 1: Install a shell script that can correct the user password
This script can be used to modify the password of a Linux user (tested in Linux and FreeBSD ).
Example: shell script code
#!/bin/sh# \exec expect -f “$0″ ${1 ”$@”}set password [lindex $argv 1]spawn passwd [lindex $argv 0]sleep 1expect “assword:”send “$password\r”expect “assword:”send “$password\r”expect eof
Run the shell script (download link ):
$ chpasswd username password
Download the script and copy it to your web root directory or other web server status (readable ):
$ cp chpasswd /var/www/
Or, if you apply the Lighttpd web server:
$ cp chpasswd /home/lighttpd
Step 2: execute the command as root through sudo
After the Apache or Lighttpd web server enters the background for running, it will immediately apply non-root permissions. This can prevent password modification, just as the passwd command requires the root permission to correct the passwords of other user accounts.
Generally, Apache 2 uses www-data users and Lighttpd uses lighttpd users (both common and non-root users ). Log on to the application root user and execute the following command:
# visudo
Now your web server promises to fulfill the chpasswd script ). If you use the Apache web server, execute the following command:
www-data ALL=NOPASSWD: /var/www/chpasswd
Or, if you apply the Lighttpd web server, execute the following command:
httpd ALL=NOPASSWD: /home/lighttpd/chpasswd
Retain and exit files.
Step 3. create a PHP-based interface
Now you need to write a php script. There is a php script instance. You can fix the issue as needed. At least you need to accurately set the shell script status. Open the php script and find the shellscript line:
$shellscript = “sudo /home/lighttpd/chpasswd”;
Corrected shellscript's position to accuracy. Download the PHP source code from here:
Step 4: run the script
Enter the address https://mydomain.com/changepassword.php in the address bar of your web browser. You will see the username and password prompt:
If the password is successfully corrected, you will receive the following confirmation prompt:
For some reason, if the password correction fails, you can refer to the following prompts for more specific error information:
Step 5: Security
◆ Never run the above script directly through the http protocol. Instead, it applies the https protocol.
◆ Put the script in a password-protected directory.
◆ Never trust the user's input or output. The above php script is just an example. In the real production environment, you need to consider using stronger user input and output confirmation. The security of PHP programming is beyond the scope of this article. You can refer to a good PHP book or apply your favorite search engine to search for related websites.