Working doaddpop Script.

[blue44]

Hi,
I have been looking on the net for a few days now for a working 'doaddpop' script so i can automate the setup of accounts on my server!
After trying them all i found one!

Here it is!

PHP Code:


$u = "cpanelUsername"; //your cpanel username
$p = "cpanelPassword"; //your cpanel password
$domain = "domain.com"; // Your Domain without the http or www.

// Variables from signup form.
$username = $_POST['username'];
$password = $_POST['password'];

// QUOTA IS SET TO 100 IN THIS SCRIPT, change it to whatever you like.

// Register POP Account on cPanel.
$file = fopen("http://$u:$p@$domain:2082/frontend/x/mail/doaddpop.html?email=$username&domain=$domain&password=$password&quota=100", "r");
if (!$file) 
{
    echo "<p>Unable to open remote file.\n";
    exit;
} // Unable to connect.
        
while (!feof ($file))
{
    $line = fgets ($file, 1024);
    if(eregi("already exists!", $line, $out)) 
    {
        echo "That name is in use. Please Try Another name.";
        exit;
    } // If name exists.
} // While.

fclose($file);

echo "Email account created!"; 


I hope this helps anyone who wants it.
I thought it would be bad not to post it up for people.

Jamie.

[SeanHogan]

Is there any way that a user could find the values of $u:$p@ in any logs? Like a router keeping track of all the urls it sent info to?

I was using $sAuth = base64_encode("Cpanelusername:Cpanelpassword"); and GET for the fputs with the doaddpop.html url but for some reason it stopped working.

[blue44]

Hi,
The above code still works for me.
because the script is processed in PHP on the server and the output is only sent to the webbrowser, im sure the passwords cannot be hacked.
although if there does happen to be a major flaw in your code, then its possible.

jamie

[chirpy]

It is a risk you take for the convenience, especially if you d not enable phpsuexec or php_openbasedir protection. If you don't, then it would be trivial for someone who successfully exploits any PHP script on your server to read the account and password details - just something to be aware of.