XML API verify user's password?
Hi there, just a quick one.
Is there any API call I can use in which I pass an account's username and password and find out if it's valid or not? I'm writing a secondary "portal" for my customers, and to save them having 2 separate username & passwords, if I can use their cPanel user/password to let them login to both. This way also, if they change their password, they don't have to change their portal password as a second task, but it's already done for them.
I am not aware of an API call that is specifically designed to verify a user's password. I can think of some work-arounds that involve creative uses of Passwd::change_password (as it requires the correct current password or it fails) or POP3 authentication against the default mail account. The latter is not a particularly good solution because in the event of too many failed logins, cphulkd may silently stop accepting logins and that wouldn't be a good thing.Originally Posted by danneh3826
Another (more robust) solution you may wish to consider is password synchronization. In /usr/cpanel/hooks there's a README file that describes how to hook onto the event when a cPanel password is changed. You can use this to update the password stored with your portal. If your portal has a similar hook, you can use Passwd::change_password to update the cPanel password accordingly as well.
You can just verify them against the shadow file on the server.
-Nick
cPanel Inc.
Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
Need a complimentary support account? Create one here.
LinkBack URL
About LinkBacks
Reply With Quote