Page 1 of 1

Need help validating linux system users through php web site

Posted: Thu Jan 16, 2003 9:14 am
by redptam
Here is the dilema:

I am the IT Chair for a student chapter of IEEE. I have one linux machine that is used as the domain, web, and database server. Currently, I have to give my members (users) two acounts. One account allows my users to log onto the IEEE workstations which is validated by the linux domain server, the other account allows the users to login and access our web based services which is validated by using mysql.
The problem: when a user changes his/her password on the domain (workstations), the online account does not change and when the online password is changed, the domain account is not changed. Basically, I want to sync these passwords so that if one is changed, then the other is changed as well. Therefore, to the user the separation of accounts will be transparent.
I figured the best way to achieve this integration of accounts is to just forget the database validation completely and use the linux system accounts as the web site validation. I have seen web sites where one can sign up for an account online and then is able to use linux system services like ftp and ssh.
Now for my question. Is this possible with PHP? I have seen where one can run system commands through a php web interface.

Obviously I do not expect anyone to say, "Here is a script, it will do it all for you AND pay for dinner!" I would like someone to point me in the right direction. Some good documentation about how to go about doing something like this would be great.

If you read all of the above, thank you for your time. Any advice?
-redptam-

Posted: Thu Jan 16, 2003 9:22 am
by laserlight
I have never tried such a setup before, but since you asked for a possible direction and running system commands, I can point you to:
http://www.php.net/manual/en/function.system.php

hopefully it will help

system commands

Posted: Thu Jan 16, 2003 9:31 am
by redptam
Thank you for your replyy. I have seen the system() function in php. I have come to the conclusion that this will definately be a part of the challenge.

Posted: Thu Jan 16, 2003 10:28 am
by oldtimer
You can definately do this with the system command. I currently use system() to update a htpasswd file as well as on that page update a mysql DB. Just create a web based change password form. When they submit it the script will update the DB and then run the system() command to change the password.

Crude Example:

Code: Select all

<form name="form1" method="post" action="">
  <input name="username" type="text" id="username">
  Username<br>
  <input name="currentpw" type="password" id="currentpw">
  Current Password<br>
 <input name="newpw" type="password" id="newpw">
  New Password<BR>
  <input name="confirmnewpw" type="password" id="confirmnewpw">
  Confirm New Password 
</form>

Code: Select all

<?php

// your script for updateing db

// end of your script for updating db

$string="passwd ".$username.""

system($string); 
system($currentpw); 
system($newpw); 
system($confirmnewpw); 
?>
Of course you will need to make some error control as well. Linux will not let you use simple passwords. Hope this helps you some.

Posted: Thu Jan 16, 2003 3:10 pm
by redptam
Thank you very much for your reply.

The above suggestion is very promising. I can use this if I restrict users from updating their passwords on the domain workstations. If they were able to change their passwords on the workstations, then there would be no way to update the mysql DB passwords, correct?

In this way, I would have to require every user to goto the web site and change passwords there.

Please let me know if I am on the wrong track.

Thanks again.

Posted: Thu Jan 16, 2003 3:17 pm
by oldtimer
Yes you would have to tell them to change their pws from the web page or they would not update the web aps as well. As an IT you will still run accross people not doing it the way they are told to. Fact of life :cry: