-2
我正在託管一個帶有登錄Web界面的電子郵件服務器,但是我之前沒有有效的方式向服務器註冊用戶以創建用戶登錄。因爲這個原因,我創建了一個PHP系統來創建用戶,並設置密碼,但是已經創建了所述系統,我知道有一個重大的安全問題,因爲服務器將執行創建用戶的腳本,然後將更改所述用戶密碼。所以人們可以更改不同用戶的密碼。我現在創建了一個root安全防護,但我需要永久解決此問題以保護我的用戶電子郵件。這裏是php腳本和我用來創建和設置用戶密碼的shell腳本。Linux用戶創建+ PHP和電子郵件
的index.php
<?php
$user=$_POST['user'];
$pass=$_POST['pass'];
$check=$_POST['check'];
if(isset($_POST['submit'])) {
if($user!="root"){
if($pass == $check) {
echo exec ("sudo /root/bin/newuser.sh ".$user." ".$pass."");
echo ("<html> <title>User Created!</title> <p><h1>Congratulation on the successful creation of your user! </h1></p><p><h1>Your login credentials are as follows:</h1></p><p><h1>Username: ".$user."</h1></p><p><h1>Password: " .$pass."</h1></p></html>");
} else {
echo "<html><title>Error creating account!</title><p><h1>Passwords did not match! Please <a href='index.php' reload/> this page!</h1></p></html>";
}
} else {
echo "Stahp plox!";
}
}
?>
<html>
<p align="center">Magnum Dongs Email Registration</p>
<p align="center">Username will be created as [email protected], there is no need to add the @magnumdongs.com to the enter of the username you create.</p>
<p align="center">Upon creation, you will be able to access your email through our Magnum Dongs Email Web Interface, however you will be unable to recieve email via Outlook or an open source alternative at this time.</p>
<form method="POST" action="index.php" align="center">
<p>Username :
<input name="user" type="text"/>
</p>
<p>Password :
<input name="pass" type="password"/>
</p>
<p>Verify :
<input name="check" type="password"/>
</p>
<input type="submit" name="submit" value="Create User" />
</form>
</html>
newuser.sh提前
#!/usr/bin/env bash
#echo "Enter username..."
#read user
#echo -e "Username :: $user \n Is this correct? [y,n]"
#read y
#if [[ $y == "y" ]]; then
# useradd -m $user
#else
# echo "Wrong username"
# exit
#fi
usr=$1
pass=$2
useradd -m -s /usr/bin/nologin $usr
echo "$usr:$pass" | chpasswd
感謝您的幫助