adduser under linux slackware

[Dopey82]

hello everyone im working on a script to add user when they confirm by a email sent to them i got the script to read confirm number, username, etc and i can get the script to even add the user but even if i use crypt() to make the password encrypted the person still cant login after they are added.. if i go in a manualy do passwd and change it then it works.. any idea? im useing useradd to add the user. heres a copy of what im working with im also getting another error i dunno what is but the script still runs

Warning: fgetcsv(): 3 is not a valid stream resource in /var/www/htdocs/private/test.php on line 10


the url i use is something like this
confirmphp?config=conf&package=shell&num=12345&user=mike&pass=password

keep in mind everything works just i cant login to the account using ssh after its added
has something todo with the password

is there another way to add a user? maybe using the adduser command. or even sending  it a passwd command for the user insted of including it

Thanks for the help


<?php // by Micheal Deckard 2010 confirm.php
ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);
$pack = $_GET['package'];
$problem = TRUE;
if(isset($_GET['config'])) {

if ($_GET['config'] == 'conf'){
$fp = fopen ('../confirmationfile', 'rb');
while ( $line = fgetcsv ($fp, 200, "\t")) {
if (($line[0] == $_GET['user']) AND ($line[2] == $_GET['num'])) {
   $problem = FALSE;
   print '<p>Confirmation number not found</p>';
  fclose($fp);
if (! $problem){
     if ($pack == shell) {
    $user = $_GET['user'];
    $md5pass = crypt($_GET['pass']);
    $final = str_replace('$', '\$', $md5pass);
    $str5 = $final;
    exec("sudo useradd -d /home/$user -s /bin/bash -p $str5 -m $user");
} else {
    $user = $_GET['user'];
     exec("sudo useradd -d /home/$user -s /dev/null -p $pass $user");
   break;
}
}
}else{
   print '<p>not confirmed/<p></br>';
}
}
}
}
?>

[Dopey82]

okay well i got it working now i had to add slat to the crypt line but i still have the error from fgetcsv

heres what i changed the crypt line to

    $md5pass = crypt($_GET['pass'],salt);

LOL i had to put some salt on it to get it to work atleats it taste good now

[Dopey82]

Hello. everyone just a follow up as i work on this script.. its very secure adding with my other script which send a random number and there user name to a file.. this way they have to open there email, click a link to activate the account. and if the confirmation number isnt current the script wont add them and the number is random i used mt_rand which works great! but anyhow heres the script i came up with for adding a user BTW i fixed the fgetcvs issue by how i moved stuff around, re organized it the way it should be

<?php // Michael Deckard 2010 adduser.php
ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);
$pack = $_GET['package'];
$problem = TRUE;
if(isset($_GET['config'])) {
if ($_GET['config'] == 'conf'){
$fp = fopen ('newer', 'rb');
while ( $line = fgetcsv($fp, 100, "\t")) {
if (($line[0] == $_GET['user']) AND ($line[2] == $_GET['num'])) {
   $problem = FALSE;
  fclose($fp);
  break;
}
}
if (!$problem){
     if ($pack == shell) {
    $user = $_GET['user'];
    $passwd = $_GET['pass'];
    $md5pass = crypt($_GET['pass'],salt);
    $final = str_replace('$', '\$', $md5pass);
    $str5 = $final;
    exec("sudo useradd -d /home/$user -s /bin/bash -p $str5 -m $user");
    print 'Ftp And Shell access granted, username, password set';
} else {
    $user = $_GET['user'];
     exec("sudo useradd -d /home/$user -s /dev/null -p $str5 -m $user");
    print 'Ftp Access granted public_html is the html directory';
}
}
}
if ($problem == TRUE){
   print "<p>Confirmation number is wrong or info entered wrong try agian<p>";
}
} else {
   print 'no info to send';
}
?>