[php] comparing found username with string

Erhnam · 03-15-2005, 10:02 AM

I'm trying to build a server script to add local system users. Before creating a user the system must be sure that the user does not already exist. I'm trying to do this with the following code:

PHP Code:



$temp = passthru ("ssh root@$_SESSION[server] 'cat /etc/passwd | grep $user'"); 
if (!empty($temp)) { 
   echo "A match was found, user exists."; 
} else {

Somewhere there is a mistake. The script is always passing and no matches are found.. I debuged this with echo'ing the result of $temp. What could be wrong?

PS: I'm using a copy of the file /etc/passwd.. This is only an example!

Matir · 03-15-2005, 10:30 AM

Passthru is just supposed to display the output directly to the screen. You probably want to be using exec here. Also, your script sent shivers down my spine from a security standpoint.

keefaz · 03-15-2005, 02:07 PM

I would do :

PHP Code:



$users = file_get_contents("/etc/passwd"); 
if(($pos = strpos($users, $user)) === false) { 
    echo "$user was not found in /etc/passwd\n"; 
} else { 
    echo "$user was found in /etc/passwd\n"; 
}

Now if you want to get user values like shell, uid... better is to
use an user Array and loop its values

Matir · 03-15-2005, 04:40 PM

strpos is dangerous in that context! suppose the following:
Someone attempts to sign up with the username "ack". In the /etc/passwd, there exists the following user:

Code:

jack:*:..... remainder of line

strpos would match on this, but there is no user ack. the following regular expression would be more suited to finding the matches:
/^$username:/, though you would want to make sure username contains no colons first (not that they should be there in a username anyway)

keefaz · 03-15-2005, 09:34 PM

In this case, better is to do a strict string compare

PHP Code:



$fd = fopen("/etc/passwd", "r"); 
$found = false; 
 
while( ($infos = fgetcsv($fd, 256, ":")) !== FALSE ) { 
    if($user == $infos[0]) { 
        $found = true; 
        echo "$user was found\n"; 
        echo "$user infos are: \n"; 
        print_r($infos); 
        break; 
    } 
} 
fclose($fd); 
if(!$found) { 
    echo "$user was not found\n"; 
}