Solved

PHP net user $_POST["username"] $_POST["password"] /add

Posted on 2007-12-04
12
794 Views
Last Modified: 2013-12-13
I'm trying to make a php page that will add a local user and a password using data entered into a previous page.  The $_POST variables don't work.

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\process.php on line 4
<html>

<body>

<?php

$output = `net user $_POST["username"] $_POST["password"] /add`; ?>

echo "<pre>$output</pre>";

?>

</body>

</html>

Open in new window

0
Comment
Question by:subl1m1nal
  • 6
  • 4
  • 2
12 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406242
This should fix it.
<html>

<body>

<?php

$output = "net user" . $_POST["username"] . $_POST["password"] . "/add"; ?>

echo "<pre>$output</pre>";

?>

</body>

</html>

Open in new window

0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406383
Almost works.  No error anyway.  I was wondering how to incorporate the backticks so it runs the command.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406401
NOt too sure what you mean by runs the command, but I am guessing maybe something like this?

<html>
<body>
<?php
$output = "`net user" . $_POST["username"] . $_POST["password"] . "/add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406459
I'm trying to execute a windows command from the PHP using variables that PHP has gathered from user input.  Net User will add a user to the local computer.

sytax:
net user joe joespwd /add

This will add a user named Joe with a password of joespwd to the local computer.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406528
ahh ok i kind of get it, though unfamiliar on how it works.

I misse a couple of spaces which may prevent it from working, here is the fixed version, not sure if it will work for what you want, but you can try.


<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406597
That didn't do it either.  I can get it to work without the variables.  E.G.

$output = `net user subl1m1nal subp@ss /add`

I just got to somehow add variables to that.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 21

Assisted Solution

by:nizsmo
nizsmo earned 200 total points
ID: 20406641
I guess you can try it all with backticks, but try echo out the output to see if the command is what you are expecting, and the $_POST is actually working:


<html>
<body>
<?php
$output = `net user ` . $_POST["username"] . ` ` . $_POST["password"] .  `/add`; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406689
That didn't do it either.  Is there a way to pass the parameters to a batch file?
0
 
LVL 17

Accepted Solution

by:
nplib earned 300 total points
ID: 20406728
you need to invoke the shell_exec() function to execute a command
<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
shell_exec($output);
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406993
Awesome!  This works now.  nplib, you almost had the code perfect.  The only thing is you left the backticks in, so I took them out and it works perfect now.  Thanks nizsmo and nplib for your help.  Final code is attached.
<html>

<body>

<?php

$output = "net user " . $_POST["username"] . " " . $_POST["password"] . " /add";

shell_exec($output);

echo "<pre>This is the output: $output</pre>";

?>

</body>

</html>

Open in new window

0
 
LVL 17

Expert Comment

by:nplib
ID: 20407000
You wanted the back ticks, I didn't know why, so I just went with it.
0
 
LVL 3

Author Closing Comment

by:subl1m1nal
ID: 31412681
Good job guys.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Keep getting 503 on Curl request 6 30
wamp versus xampp 4 44
can windows 10 wamp send mail()? 3 32
Php pie charts 3 26
If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now