Spiritway is correct about basic procedure. You need to call getpwnam as root to get the shadow entry for the password hash.

I hope you aren't trying to implement a design which hands out shell accounts to self-identified web users. If you are, shoot the designer. The http server has sufficient authentication support for site membership without involving host accounts.