Can't get shell_exec() to work!

I have a registration page in php for webhosting. It has all the users
stored in a mysql database with their information... when a new user signs
up.. it first checks with the mysql database and then if the username
doesn't already exist.. it creates an account on my machine along with an
ftp directory and a virtual directory where their website will reside....
only one problem... I can't get php to execute the vbscript to create the
account on my machine.

code looks like this:

$command ="mkaccount /username:".$user." /password:".$pass."";
shell_exec($command);

I have already checked my php.ini and safemode is set to off and the only
error it comes up with is
Unable to execute command: "mkaccount /username:testuser
/password:testpass"

testuser and testpass being the username and password i entered

if someone could help me out i would greatly appreciate it!

Thanks in advance.
NeoPhreak >.<

On 22-Sep-2003, "NeoPhreak" <admin@neophreak.com> wrote:

> I have a registration page in php for webhosting. It has all the users
> stored in a mysql database with their information... when a new user signs
> up.. it first checks with the mysql database and then if the username
> doesn't already exist.. it creates an account on my machine along with an
> ftp directory and a virtual directory where their website will reside....
> only one problem... I can't get php to execute the vbscript to create the
> account on my machine.
>
> code looks like this:
>
> $command ="mkaccount /username:".$user." /password:".$pass."";
> shell_exec($command);
>
> I have already checked my php.ini and safemode is set to off and the only
> error it comes up with is
> Unable to execute command: "mkaccount /username:testuser
> /password:testpass"
>
> testuser and testpass being the username and password i entered
>
> if someone could help me out i would greatly appreciate it!

Two thoughts come to mind-- 1: permissions (can mkaccount run from the web
server's user and group?) and 2: path (have you tried the fully qualified
path to 'mkaccount'?)

--
Tom Thackrey
www.creative-light.com

Is it possible to su - root from the shell_exec($command); ????? or
another user?

Mairhtin


"Tom Thackrey" <tomnr@creative-light.com> wrote in
news:8uNbb.4$A41.2653325@newssvr13.news.prodigy.co m:

>
> On 22-Sep-2003, "NeoPhreak" <admin@neophreak.com> wrote:
>
>> I have a registration page in php for webhosting. It has all the
>> users stored in a mysql database with their information... when a new
>> user signs up.. it first checks with the mysql database and then if
>> the username doesn't already exist.. it creates an account on my
>> machine along with an ftp directory and a virtual directory where
>> their website will reside.... only one problem... I can't get php to
>> execute the vbscript to create the account on my machine.
>>
>> code looks like this:
>>
>> $command ="mkaccount /username:".$user." /password:".$pass."";
>> shell_exec($command);
>>
>> I have already checked my php.ini and safemode is set to off and the
>> only error it comes up with is
>> Unable to execute command: "mkaccount /username:testuser
>> /password:testpass"
>>
>> testuser and testpass being the username and password i entered
>>
>> if someone could help me out i would greatly appreciate it!
>
> Two thoughts come to mind-- 1: permissions (can mkaccount run from the
> web server's user and group?) and 2: path (have you tried the fully
> qualified path to 'mkaccount'?)
>

That becomes a security issue....

"Mairhtin O'Feannag" <irishboyca@rocketmail.com> wrote in message
news:Xns9400B585AF891mairhtinofeannag@64.164.98.6. ..
> Is it possible to su - root from the shell_exec($command); ????? or
> another user?
>
> Mairhtin
>
>
> "Tom Thackrey" <tomnr@creative-light.com> wrote in
> news:8uNbb.4$A41.2653325@newssvr13.news.prodigy.co m:
>
> >
> > On 22-Sep-2003, "NeoPhreak" <admin@neophreak.com> wrote:
> >
> >> I have a registration page in php for webhosting. It has all the
> >> users stored in a mysql database with their information... when a new
> >> user signs up.. it first checks with the mysql database and then if
> >> the username doesn't already exist.. it creates an account on my
> >> machine along with an ftp directory and a virtual directory where
> >> their website will reside.... only one problem... I can't get php to
> >> execute the vbscript to create the account on my machine.
> >>
> >> code looks like this:
> >>
> >> $command ="mkaccount /username:".$user." /password:".$pass."";
> >> shell_exec($command);
> >>
> >> I have already checked my php.ini and safemode is set to off and the
> >> only error it comes up with is
> >> Unable to execute command: "mkaccount /username:testuser
> >> /password:testpass"
> >>
> >> testuser and testpass being the username and password i entered
> >>
> >> if someone could help me out i would greatly appreciate it!
> >
> > Two thoughts come to mind-- 1: permissions (can mkaccount run from the
> > web server's user and group?) and 2: path (have you tried the fully
> > qualified path to 'mkaccount'?)
> >
>

I realize it is a security issue. Is it possible?

Mairhtin


"NeoPhreak" <admin@neophreak.com> wrote in news:awAcb.7370$yD1.1230128
@news20.bellglobal.com:

> That becomes a security issue....
>
> "Mairhtin O'Feannag" <irishboyca@rocketmail.com> wrote in message
> news:Xns9400B585AF891mairhtinofeannag@64.164.98.6. ..
>> Is it possible to su - root from the shell_exec($command); ????? or
>> another user?
>>
>> Mairhtin
>>

On Thu, 25 Sep 2003 17:34:36 GMT, "Mairhtin O'Feannag"
<irishboyca@rocketmail.com> wrote:

>>> Is it possible to su - root from the shell_exec($command); ????? or
>>> another user?
>>
>> That becomes a security issue....
>>
>
>I realize it is a security issue. Is it possible?

What happens when you tried it?

(The answer is yes, if you're mad enough to put your root password in a
script)

--
Andy Hassall (andy@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)