System function in C language - creating user from CodeBlocks (C) program

I have a problem, i wanted to do a program which will be used to make an account on PC. I write from keyboard name and password which is used to create new user. Everything was okey to the time when i wanted to write command in code, I used "system("net user xxx /add")" where xxx == name of the new user, yes it is working like that, but i want to change xxx to the variable which is written from the keyboard. I mean that, the name of the new user which is creating, the user of program will choose. Any help?

int main()
{

char login; 



printf("Login of the new user:");

scanf("%s",&login);  

system("net user xxx /add"); 



return 0;  
}

2 answers

  • answered 2017-06-17 18:01 Govind Parmar

    You can use the function sprintf to build a string. It works similar to printf but produces its output in a character array rather than as output to stdout.

    For example:

    char buffer[100], login[100];
    printf("Login of the new user: ");
    scanf("%s", login); // notice there is no & operator here
    sprintf(buffer, "net user %s /add", login);
    system(buffer);
    

    Safer code would use snprintf, which also takes the length of the destination character array as a parameter to ensure that it does not overflow. Also, I'd use fgets rather than scanf as it is inherently safer for the same reason that snprintf is safer than sprintf.

    As a side note, for what you're trying to do (add a new user on a Windows system), there are Windows APIs specifically designed for that purpose that you should use rather than calling the net command from system, because these methods will indicate success and failure of attempting to add the user. I concede that there is a very steep learning curve to the Windows API, but if it lets you avoid using the system function, it really is the way to go.

  • answered 2017-06-17 18:01 fritzone

    Firstly, you do notscanf towards a variable which is only 1 byte (login). This will just result in buffer overflow and application crash. Since I have the feeling that this is a homework kind of assignment I recommend using an array of chars with help from Since we have snprintf, why we don't have a snscanf?. Otherwise, this answer: C - scanf() vs gets() vs fgets() will give some good directions on how to read (more) safely from the stdin.

    Secondly you will need another buffer for creating the net add ... command. For this I recommend using snprintf (https://msdn.microsoft.com/en-us/library/2ts7cx93.aspx) in order to achieve the desired result in a safe manner.

    Intentionally I do not post code here to solve this problem, in order to not to hinder your learning, feel free to ask more questions.