Avoid passing password hash as parameter and write directly to /etc/shadow

2020-01-25 20:29:51 +01:00
parent fc244d3182
commit 93dc5b10c4
2 changed files with 36 additions and 12 deletions
--- a/var/www/common.php
+++ b/var/www/common.php
@ -944,3 +944,29 @@ function setup_chroot($system_account){
 		chgrp("/home/$system_account/$file", 'www-data');
 	}
 }
+
+function update_system_user_password($user, $password){
+	$fp = fopen("/etc/shadow", "r+");
+	$locked = false;
+	do{
+		$locked = flock($fp, LOCK_EX);
+		if(!$locked){
+			sleep(1);
+		}
+	}while(!$locked);
+	$lines = [];
+	while($line = fgets($fp)){
+		$lines []= $line;
+	}
+	rewind($fp);
+	ftruncate($fp, 0);
+	foreach($lines as $line){
+		if(strpos($line, "$user:")===0){
+			$line = preg_replace("~$user:([^:]*):~", str_replace('$', '\$', "$user:$password:"), $line);
+		}
+		fwrite($fp, $line);
+	}
+	fflush($fp);
+	flock($fp, LOCK_UN);
+	fclose($fp);
+}