oboy

Registered
Jun 12, 2002
4
0
151
Ok, I see other companies who have modified their Cpanel to be able to have billing software, I'm writing my own, and I've pretty much figured out how to make it where ONLY the user logged into their cpanel account can see their information, and no one else, but then I found a HORRIFYING discovery,

There cannot be a rererring URL so that I can MAKE them use the link, which will not allow them to login to anyone elses.

The HTTP_REFERER is blank, therefore I need a different way to authenticate the user is who they say they are.

I COULD make the user have to login with there username and password, I know how to have CRYPT check the password, but I do not know where Cpanel stores the site password and username, can someone tell me either where that data is stored, OR a way to do authentication to make sure ONLY the owner of the domain can check their billing status.

Thank you!
 

awsol

cPanel Test Bitch
Feb 8, 2002
591
0
316
Boston MA
I'm pretty sure you can have your script just check the /etc/passwd file. This is where lots of personal stuff is stored. Username/password/shell and stuff.