<?php
/*

Telnet to localhost and create a new account.

Accepts the following HTTP POST variables:
    $adduserargs - arguments to adduser command
    $privilage_login - login name of the privilaged person who can create accounts
    $privilage_password
    $submit - form submitted

*/

$exitcode = 101;


// Match the pattern of $adduserargs
// Set $exitcode to 102 if cannot be matched
$pattern = ".*[;&|><`].*";
if(ereg($pattern, $adduserargs))
    $exitcode = 102;

if($submit && ($exitcode == 101)) {

    include('Telnet.php');

    // Telnet to the machine
    $t = new Telnet("localhost", 23);

    if($t->connect()) {
    	if($t->login($privilage_login, $privilage_password)) {
	    // Gain superuser privilage
	    $t->send("sudo -v\r".chr(0));
	    if($t->expect("Password:")) {
		$t->send("$privilage_password\r".chr(0));
		if($t->expect($t->bashPrompt)) {
	    	    // Send the command
	    	    $adduserargs = stripslashes($adduserargs);
	            $t->send("sudo /usr/sbin/adduser $adduserargs\r".chr(0));
	    	    // If bash prompt cannot be seen, break the command
    	            if(!$t->expect($t->bashPrompt)) {
	    		$t->send(chr(3));
	    	    	fread($t->connection,3);
    	    	    }
		} else {
	    	    $t->send(chr(3));
	    	    fread($t->connection,3);
		}
	    } else {
	        $t->send(chr(3));
	        fread($t->connection,3);
	    }
	    
	    $exitcode = (int) $t->getExitStatus();
	    // Kill the sudo session
	    $t->send("sudo -K\r".chr(0));
	    $t->flushInput();
		
	    $t->logout();
    	} // if logged in ends
    } // if Connected ends
} // if submitted ends

echo $exitcode;