Php validate user

moxum
moxum used Ask the Experts™
on
I would like to validate a user against the normal linux security file.

Eg. I have a user named "user1" with the password "apassword" that can login to a shell. I want to have a php function that returns if the "shell" password for a specified username is correct.

eg:

function valid_password( $username ) {
//code here
}

Please advice.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I found on the Internet a link:
http://www.phpbuilder.com/mail/phplib-list/2000111/0062.php
that suggests a code like:

    function valid_user ($user, $passwd) {
        $autharray = file("/etc/shadow");
        for ($x = 0; $x < count($autharray); $x++) {
            if (eregi("^$user:", $autharray[$x])) {
                $passwd = explode(":", $autharray[$x]);
                $salt = substr($passwd[1],0,2);
                $cryptpw = crypt($pass,$salt);
                if ($cryptpw == $passwd[1]) {
                    return "OK";
                }
            }
        }
        return "NOT OK";
    }

It sould work if you use /etc/passwd to store the passwords. If you use shadow passwords I think that you should use an external program. I recommend Checkpassword from:
http://cr.yp.to/checkpwd.html

Commented:
From PHP you can use function posix_getpwnam() which does same as unix getpwnam(3). For username as argument it returns array with info about user.

This will not be complete solution for you since linux uses shadow passwords, so for passwd field it will return 'x' or '*', so you want be able to use it like that.

One of solutions for this is to write and call C program, which will obtain real, of course crypted, password from /etc/shadow via getspnam() function. Example of this can be found on php.net:
http://www.php.net/manual/en/function.posix-getpwnam.php

Beside all this, note that accessing files like /etc/passwd from PHP is security risk, and it's not bad idea to think, do you really want and need to do that.

Commented:
Just short on code from phpbuilder: this actually suggests to read /etc/shadow directly from PHP, which means to run your PHP script as root and read /etc/shadow. This is not a security risk, this is HUGE security risk.
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

The man wanted to know how can be done. I tried to tell him. I agree that using php to read /etc/shadow is not a good practice.
I also suggested an external program. It's his choice to pick one of the possible ways to solve this problem.

Razvan

Author

Commented:
how about pam?
Commented:
http://www.math.ohio-state.edu/~ccunning/pam_auth.html

I think I will go for this one...

Thanks for your idea's anyway.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial