I have a script that adds users via a web form. Here it is:
Code:
#!/usr/bin/perl
###############
## Moray ##
###############
###
## Written for Cpellizzi.
## --Secesh
use strict;
use Expect;
## Use expect instead of perl Sudo module for <5.8.1 compatibility
use Crypt::Passwd;
my $DEBUG=1;
use CGI;
my $q = new CGI;
my $first = $q->param("first");
my $last = $q->param("last");
my $username = $q->param("username");
my $password = $q->param("password");
undef($q);
my $crypted_password = unix_std_crypt($password, "at");
if($username =~ /^([\w]+)$/) {
## These both ONLY ACCEPT [a-zA-Z0-9]... meaning case-sensitive alpha-numeric
## and NO special characters allowed. This should limit system damagability to
## creation of users (which is the intended use...)
if($password =~ /^([\w]+)$/) {
## Do Nothing, password code is below...
}else{
print "Content-type: text/plain\n\n";
print "Unacceptable password!\n";
exit;
}
}else{
print "Content-type: text/plain\n\n";
print "Unacceptable Username!\n";
exit;
}
#print "$crypted_password\n";
my $system_command = "sudo /usr/sbin/useradd -m -p $crypted_password $username -c "$first $last"";
if($DEBUG){
print "Content-type: text/plain\n\n";
print "Running --$system_command--: $0 as ";
printf "%s.\n",(getpwuid($>))[0];
}
my $process = Expect->spawn($system_command) || die ("No go, $!\n");
$process->debug($DEBUG);
$process->log_stdout($DEBUG);
#$process->expect(undef);
if(not $DEBUG){
print "Content-type: text/html\n\n";
print <<endHTML;
<html>
<head>
<title>Redirecting</title>
</head>
<body>
<script type="text/javascript">
<!-- //do we still really need to do this commenting?
document.location="/add-success.html";
// -->
</script>
</body>
</html>
endHTML
}
Above where you see: my $system_command = "sudo /usr/sbin/useradd -m -p $crypted_password $username -c
"$first $last""; I need the quotes in the system comand, but when I add the quotes, it intefiers with the scripting and I get an internal server error. How can I keep the quotes, and not get an internal server error?