Solved

PHP net user $_POST["username"] $_POST["password"] /add

Posted on 2007-12-04
12
801 Views
Last Modified: 2013-12-13
I'm trying to make a php page that will add a local user and a password using data entered into a previous page.  The $_POST variables don't work.

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\process.php on line 4
<html>
<body>
<?php
$output = `net user $_POST["username"] $_POST["password"] /add`; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>

Open in new window

0
Comment
Question by:subl1m1nal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406242
This should fix it.
<html>
<body>
<?php
$output = "net user" . $_POST["username"] . $_POST["password"] . "/add"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>

Open in new window

0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406383
Almost works.  No error anyway.  I was wondering how to incorporate the backticks so it runs the command.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406401
NOt too sure what you mean by runs the command, but I am guessing maybe something like this?

<html>
<body>
<?php
$output = "`net user" . $_POST["username"] . $_POST["password"] . "/add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406459
I'm trying to execute a windows command from the PHP using variables that PHP has gathered from user input.  Net User will add a user to the local computer.

sytax:
net user joe joespwd /add

This will add a user named Joe with a password of joespwd to the local computer.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20406528
ahh ok i kind of get it, though unfamiliar on how it works.

I misse a couple of spaces which may prevent it from working, here is the fixed version, not sure if it will work for what you want, but you can try.


<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406597
That didn't do it either.  I can get it to work without the variables.  E.G.

$output = `net user subl1m1nal subp@ss /add`

I just got to somehow add variables to that.
0
 
LVL 21

Assisted Solution

by:nizsmo
nizsmo earned 200 total points
ID: 20406641
I guess you can try it all with backticks, but try echo out the output to see if the command is what you are expecting, and the $_POST is actually working:


<html>
<body>
<?php
$output = `net user ` . $_POST["username"] . ` ` . $_POST["password"] .  `/add`; ?>
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406689
That didn't do it either.  Is there a way to pass the parameters to a batch file?
0
 
LVL 17

Accepted Solution

by:
nplib earned 300 total points
ID: 20406728
you need to invoke the shell_exec() function to execute a command
<html>
<body>
<?php
$output = "`net user " . $_POST["username"] . " " . $_POST["password"] . " /add`"; ?>
shell_exec($output);
echo "<pre>$output</pre>";
?>
</body>
</html>
0
 
LVL 3

Author Comment

by:subl1m1nal
ID: 20406993
Awesome!  This works now.  nplib, you almost had the code perfect.  The only thing is you left the backticks in, so I took them out and it works perfect now.  Thanks nizsmo and nplib for your help.  Final code is attached.
<html>
<body>
<?php
$output = "net user " . $_POST["username"] . " " . $_POST["password"] . " /add";
shell_exec($output);
echo "<pre>This is the output: $output</pre>";
?>
</body>
</html>

Open in new window

0
 
LVL 17

Expert Comment

by:nplib
ID: 20407000
You wanted the back ticks, I didn't know why, so I just went with it.
0
 
LVL 3

Author Closing Comment

by:subl1m1nal
ID: 31412681
Good job guys.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Partnership Agreement 2 43
Dump data from mysql to xls php 10 55
Form not executing correctly 1 28
Select Query Fails in PHP but not in TERMINAL Mysql 9 31
This article discusses four methods for overlaying images in a container on a web page
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question