WHM Remote Login, Please Help

[JohnJ]

I want a way to go from index.php to /WHM via a button, without displaying the password whatsoever. I don't want it to show when doing 'right click > view source' or by pass=blahblah via $_GET... Just a 99.9% safe way to do the above.

[stoo2000]

Send it via $_POST then, you might want to make sure that page uses SSL though..

[JohnJ]

Is there any way that I can do this without using an SSL? I basically want my customers to be able to click a button and access their WHM without their password showing whatsoever.

[SNN]

You could have the user/pass in a database, then the button redirects the page to the WHM, and the page that redirects to WHM creates a $_POST in the background of the user's session and logs in for them.
Or it could just redirect to http://1.2.3.4:2086/ and it'll prompt them for their user/pass.

[daveformerlyof]

We have a new module for this:

http://httpupdate.cpanel.net/cpanels...nel/LogMeIn.pm

This will allow you to query a server for a URL that allows the client to log directly into cPanel. The URL is good for a single use and the session is destroyed once the URL is clicked on. There's a sample script after __END__ in the module which shows a simple way to redirect them, by printing the URL directly as the location to their browser.

This module is currently only available in EDGE builds but will make its way to other builds soon.

[host911]

How can we use this modual do I need to have a logmein account?
I upgraded my cPanel 11.24.4-R32603 but can't find this modual anywhere.

Thank you,

[daveformerlyof]

How can we use this modual do I need to have a logmein account?
I upgraded my cPanel 11.24.4-R32603 but can't find this modual anywhere.

Thank you,

You'll need to download the module from the link above to /usr/local/cpanel/Cpanel/LogmeIn.pm

Then you can interact through the module with your login script. Something like this:

Code:

#!/usr/bin/perl

use lib '/usr/local/cpanel';
use Cpanel::LogMeIn ();

my $user = '__USERNAME__'; #or lookup from your records
my $pass = '__PASSWORD__'; #or lookup from your records
my $host = '__HOSTNAME__'; #or lookup from your records
my $service = 'cpanel'; #or whm or webmail to access those interfaces

my($login_ok,$login_message,$login_url) = Cpanel::LogMeIn::get_loggedin_url('user'=>$user,'pass'=>$pass,'hostname'=>$host,'service'=>$service,'goto_uri'=>'/');

if ($login_ok) {
    print "Location: $login_url\r\n\r\n";
} else {
    print "Content-type: text/plain\r\n\r\n";
    print "LOGIN FAILED: $login_message\n";
}

exit (0);

This script above will output a secure URL that can be used only once to login. If you're looking for a login form instead, you can use this example: http://www.cpanel.net/cpanel-login.phps

[fanfavorite]

Any idea when this is going to be a feature in an official release?

[daveformerlyof]

Any idea when this is going to be a feature in an official release?

This feature was added to the RELEASE tree on:

Release 32486
2008-12-19 15:50:30

You can get updates about when it is included into STABLE by subscribing to the RSS feed at http://changelog.cpanel.net

[bkeep]

this may work also may not be very secure as it uses GET to pass to the server

Code:

https://$domain:2082/login/?user=$username&pass=$password"

[cynux]

This feature was added to the RELEASE tree on:

Release 32486
2008-12-19 15:50:30

You can get updates about when it is included into STABLE by subscribing to the RSS feed at cPanel - The Leading Control Panel - Change Log

I was wondering if it is possible to log a user in.. without knowing the password. following is the possible scenario:
1. User visits our website and logs in (using his email/account id and password, it's not same as the cpanel login)
2. now, user has more then one account on our server and I want to log them in.. without the the password prompt for cpanel..


PS: I don't want to end up creating a password database.. since that'll be useless if user changed the password from cpanel..

[MattDees]

Well, of the top of my head - it's not going to be possible to log a user in without knowing the password (at this time).

You will have to keep a password database, however we do have hooks so this database can be kept up to date.

WritingFunctionHooks < DevHooks < TWiki

That being said, I am never an advocate of keeping a password database


Also, are you wanting this for JUST WHM or for cPanel and webmail as well?

If it's just WHM.. you could use accesshashes to log the user in.

[cynux]

Well, of the top of my head - it's not going to be possible to log a user in without knowing the password (at this time).

You will have to keep a password database, however we do have hooks so this database can be kept up to date.

WritingFunctionHooks < DevHooks < TWiki

That being said, I am never an advocate of keeping a password database


Also, are you wanting this for JUST WHM or for cPanel and webmail as well?

If it's just WHM.. you could use accesshashes to log the user in.

I'm only trying to use this for Cpanel, not for WHM or Webmail.

[grindlay]

The wiki sample branded login
SampleBrandedLogin < AllDocumentation < TWiki

shows a good way of taking a username/email address/pass from within a client-accessed area of your site and passing that to a cPanel service. I found this a bit simpler than using the Perl module.

[cynux]

Well, of the top of my head - it's not going to be possible to log a user in without knowing the password (at this time).

You will have to keep a password database, however we do have hooks so this database can be kept up to date.

WritingFunctionHooks < DevHooks < TWiki

That being said, I am never an advocate of keeping a password database


Also, are you wanting this for JUST WHM or for cPanel and webmail as well?

If it's just WHM.. you could use accesshashes to log the user in.

The reason behind asking for this function is that we sell domain names as well as web hosting and we want to be able to allow users to login to cpanel by just one click? i.e. a url that can be use once to login to cpanel. User will be already logged into our website, before we give them this url, hence there is no need to authenticate the user twice.