Remote login with hash, but not using api

[MACscr]

I am writing a whmcs plugin that will communicate with the csf firewall. As far as i know, there is no web api for csf, thus I am forced to post data to the cgi script located at https://hostname:2087/cgi/addon_csf.cgi. Anyway, I have everything written, but I cant seem to be able to use the WHM access key has to remotely login through curl. Here is a snippet of my code and I sincerely appreciate any help:

Code:

<?php 

	$url = "https://$hostname:2087/cgi/addon_csf.cgi";
	$username = 'root';
	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash

	$postfields["action"] = $action;
	$postfields["ip"] = $ip;

	$ch = curl_init();
	$auth_header[0] = "Authorization: Basic ".$username.":".$hash;	# set up the Header Array
	curl_setopt($curl, CURLOPT_HTTPHEADER, &$auth_header);	# tell curl to use the header array
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 100);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
	$data = curl_exec($ch);
	curl_close($ch);

	var_dump($data);

?>

All i get back is the login screen for whm, so its definitely not logging in. Suggestions?

[MACscr]

Actually that code is junk, i got it working now with new code, but only with a user/password. Cant seem to figure out how to do it with a hash (access key) yet.

Code:

<?php

$url = "https://$hostname:2087/cgi/addon_csf.cgi";
	$username = 'root';
	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash
	$args["action"] = $action;
	$args["ip"] = $ip;
	$password = "########";

	if($args) {
		$query_string = '?';
		foreach ($args AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
	}else{
		$query_string = '';
	}

	$query_url = $url.$query_string;
	
	$curl = curl_init();		
	# Create Curl Object
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);	
	# Allow self-signed certs
	curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); 	
	# Allow certs that do not match the hostname
	curl_setopt($curl, CURLOPT_HEADER,0);			
	# Do not include header in output
	curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);	
	# Return contents of transfer on curl_exec
	$header[0] = "Authorization: Basic " . base64_encode($username.":".$password) . "\n\r";
	curl_setopt($curl, CURLOPT_HTTPHEADER, $header);  
	# set the username and password
	curl_setopt($curl, CURLOPT_URL, $query_url);			
	# execute the query
	$result = curl_exec($curl);
	if ($result == false) {
		error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query_url");	
	# log error if curl exec fails
	}
	curl_close($curl);

	var_dump($result);

?>

[MACscr]

I think i just need to go to bed, was an easy fix for hash access:

Code:

$header[0] = "Authorization: WHM $username:" . preg_replace("'(\r|\n)'","",$hash);