Category Archives: php

php system log in

I’m trying to make a php program that will authenticate users based on if they have a userid on the system.  In my environment my system has a number of users who can just ssh into the machine if they want.  But I am trying to make some applications available via a web interface.

I first saw this link and tried to explore the posix_getpwnam function.  This looked promising, but unfortunately Linux puts the password in /etc/shadow so you can’t parse the hash that’s returned to do pattern matching.

I also didn’t want to change any file permissions on the system.  I saw a number of posts that suggested that approach.

So I just did a simple expect script:

lib/passwdV.expect

#!/usr/bin/expect

log_user 0

set argc [llength $argv]
if { $argc != 2} {
 puts "Usage: $argv0 \[userid\] \[password\]"
 exit 1
}

set user [lindex $argv 0]
set password [lindex $argv 1]

spawn su $user -c true

expect "Password:"
send "$password\r"
expect {
 "su: incorrect password" {
 exit 1
 }
}
exit 0

Now I just take my calling script and pass the parameters in:

exec("lib/passwdV.expect $user $passwd", $output, $rc);
 if($rc == '0'){
 echo "You are logged in!!\n";
 }else{
 echo "Login Failed!\n";
 }

You can then take the user and set the session logged in portion if you want.  This is how I did it.  This way I don’t need to store user information in a database since its already part of the system.

There is still the security concern that when this exec happens the ps -ef output will actually print the password and userid.  A better way would be to encode this. I hope to get back to this soon and fix it.