Solved

PHP net user $_POST["username"] $_POST["password"] /add

Posted on 2007-12-04
12
803 Views
Last Modified: 2013-12-13
I'm trying to make a php page that will add a local user and a password using data entered into a previous page.  The $_POST variables don't work.

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\process.php on line 4
<html>
<body>
<?php
$output = `net user $_POST["username"] $_POST["password"] /add`; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>

Open in new window

0
Comment
Question by:subl1m1nal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406242
This should fix it.
<html>
<body>
<?php
$output = "net user" . $_POST["username"] . $_POST["password"] . "/add"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>

Open in new window

0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406383
Almost works.  No error anyway.  I was wondering how to incorporate the backticks so it runs the command.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406401
NOt too sure what you mean by runs the command, but I am guessing maybe something like this?

<html>
<body>
<?php
$output = "`net user" . $_POST["username"] . $_POST["password"] . "/add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406459
I'm trying to execute a windows command from the PHP using variables that PHP has gathered from user input.  Net User will add a user to the local computer.

sytax:
net user joe joespwd /add

This will add a user named Joe with a password of joespwd to the local computer.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406528
ahh ok i kind of get it, though unfamiliar on how it works.

I misse a couple of spaces which may prevent it from working, here is the fixed version, not sure if it will work for what you want, but you can try.


<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406597
That didn't do it either.  I can get it to work without the variables.  E.G.

$output = `net user subl1m1nal subp@ss /add`

I just got to somehow add variables to that.
0
 
LVL 21

Assisted Solution

by:nizsmo
nizsmo earned 200 total points
ID: 20406641
I guess you can try it all with backticks, but try echo out the output to see if the command is what you are expecting, and the $_POST is actually working:


<html>
<body>
<?php
$output = `net user ` . $_POST["username"] . ` ` . $_POST["password"] .  `/add`; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406689
That didn't do it either.  Is there a way to pass the parameters to a batch file?
0
 
LVL 17

Accepted Solution

by:
nplib earned 300 total points
ID: 20406728
you need to invoke the shell_exec() function to execute a command
<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
shell_exec($output);
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406993
Awesome!  This works now.  nplib, you almost had the code perfect.  The only thing is you left the backticks in, so I took them out and it works perfect now.  Thanks nizsmo and nplib for your help.  Final code is attached.
<html>
<body>
<?php
$output = "net user " . $_POST["username"] . " " . $_POST["password"] . " /add";
shell_exec($output);
echo "<pre>This is the output: $output</pre>";
?>
</body>
</html>

Open in new window

0
 
LVL 17

Expert Comment

by:nplib
ID: 20407000
You wanted the back ticks, I didn't know why, so I just went with it.
0
 
LVL 3

Author Closing Comment

by:subl1m1nal
ID: 31412681
Good job guys.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question