Help with WHM Login script (PHP)

**asofrank** · 07-27-2010 11:24 AM

I'm creating a login script for WHM that would allow techs to login without having to enter a root password everytime they access it. I am having a bit of trouble on how I should perform the authentication. I am using the curl method in another script for executing queries against the cPanel API (using the access hash) but that just doesnt seem right for this since its the users computer I want to authenticate, not the script itself.

Is there a better method for doing this that I am overlooking?

Heres the code I have so far:

Code:

<?php

include('config.php');

if (!isset($_REQUEST['server'])) {
    print "You didn't specify a server.";
    exit(1);
} else {
    $server = $_REQUEST['server'];
}

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbName", $db) or die ("Couldn't select the database.");
$sql = "SELECT * FROM servers WHERE srv_name = '$server'";
$data = mysql_query($sql);
if (!mysql_num_rows($data)) {
    print "Invalid server name.";
    exit(1);
} else {
    $r = mysql_fetch_array($data);
    $serverip = $r['srv_ip'];
    $serverhash = $r['srv_hash'];
    // Do Auth stuff here
    $head = "Location: https://$serverip:2087";
    header($head);
}

?>

**asofrank** · 07-27-2010 11:54 AM

Update:

I was able to get logged in using the root credentials by passing the information in the headers, but I would like to use the access key if possible.

Code:

$username="root";
$password="password";
$uphash = base64_encode($username.":".$password);
header('Authorization: Basic " . $uphash . "\n\r");
header('Location: https://$servername:2087');

**cPanelDavidN** · 07-28-2010 07:05 AM

Hi Frank,

You should be able to just use 'WHM' instead of 'Basic' in your Authorization header

This is a snippet from the xml-api PHP Client Class (which I HIGHLY recommend you take a look at):

Code:

// $this->auth may contain a remote access hash OR a password,
//  depending on $this->auth_type;
// $this->user should contain 'root' for 'hash', or any valid user for 'pass'
// 'hash' will use 'WHM' auth and 'pass' will use 'Basic' auth in headers

if ( $this->auth_type == 'hash' ) {
    $authstr = 'Authorization: WHM ' . $this->user . ':' . $this->auth . "\r\n";
} elseif ($this->auth_type == 'pass' ) {
    $authstr = 'Authorization: Basic ' . base64_encode($this->user .':'. $this->auth) . "\r\n";
} else {
    throw new Exception('invalid auth_type set');
}

Best Regards,
-DavidN

**asofrank** · 07-28-2010 07:26 AM

Thanks David, I got it working. I was forgetting to pass the username along with the access hash in the header.

Cheers.

LinkBack

Thread Tools

Help with WHM Login script (PHP)

Something blocks php script to login to cpanel

Whm/Cpanel Login Script

Someone or virus spam WHM login root and script disable us

php Script to login on Horde and Neomail

php login script