The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Automatically Logging Into cPanel

Discussion in 'cPanel Developers' started by cmichaelis, Sep 22, 2009.

  1. cmichaelis

    cmichaelis Member
    PartnerNOC

    Joined:
    Sep 22, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi there,

    As part of integrating cPanel with our offerings, I have a button that will log users into their cPanel control panel automatically. I found several forum postings here with people trying to do this, but most have been unsuccessful. I have it working for all but IE7 with a fairly simple approach.

    Like many, I've tried logging in via CURL or via an fsock in PHP and passing the login session to the client before redirecting them. This doesn't work - it seems not to accept the cookie, perhaps due to some new security restrictions in browsers preventing my app's domain from setting a cookie for the cpanel server's domain.

    This leads me to my second - simpler - approach, which works for all but IE7. The code simply sends a 302 redirect to the location "https://***:2083/login/?user=****&pass=***" in order to get them in. This works fine on all browsers except for IE7, which pops up a login window. It even works for IE8, strangely enough.

    Has anyone had a similar experience or built in similar functionality? Incidentally, I'm aware of the security risk of adding the login to the URL, but no comparable alternative exists that I'm aware of. I tried using http://user:pass@domain.com/resource, but apparently Microsoft has stripped support for this URI scheme from all of their products despite being in the RFC. If there's a better (more secure) way, I'd be happy to hear it. I rather liked the "log in with curl and pass the cookie", so if there's a way to make that work, I'd be happy to revisit that solution.

    I did a tcpdump of the conversation between my test box and the cPanel server; the anonymized conversation is summarized below. From it, I'm gathering that it seems to have logged in OK (as evidenced by the redirect to /frontend/... for the skin), but then something seems to go wrong when the browser then follows that redirect into the skin, and it gets a 401 and a login window. I also noticed here that the session cookie has changed between when it liked me and after I offended it.

    Any ideas? The tcpdump conversation follows below. I'd be eternally grateful for any tips, ideas, or a working solution. :)

    Thanks!
    --Chris

    Code:
    ME:
    GET /login/?user=****&pass=**** HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
    Accept-Language: en-us
    UA-CPU: x86
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: ****.net:2082
    
    SERVER:
    HTTP/1.1 301 Moved
    Server: cpsrvd/11.25
    Content-length: 135
    Location: /frontend/****/index.html?post_login=18673456655548
    Set-Cookie: cpsession=****TZzGaTpaCHHrx3DTX6_memwYDfDZhLbLYEnWheIwZXvifuRieomHsa6SQZusuoug; path=/; httponly; port=2082
    Set-Cookie: logintheme=; path=/; port=2082
    Set-Cookie: langedit=; path=/; port=2082
    Set-Cookie: lang=; path=/; port=2082
    Set-Cookie: cprelogin=no; path=/; port=2082
    Set-Cookie: roundcube_sessid=expired; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; port=2082
    Set-Cookie: Horde=expired; path=/horde; expires=Wednesday, 09-Nov-99 23:12:40 GMT; port=2082
    Set-Cookie: imp_key=expired; path=/horde; expires=Wednesday, 09-Nov-99 23:12:40 GMT; domain=****.net; port=2082
    Set-Cookie: key=expired; path=/3rdparty/squirrelmail/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; domain=****.net; port=2082
    Set-Cookie: SQMSESSID=expired; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; domain=****.net; port=2082
    Content-type: text/html
    
    <html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/frontend/****/index.html?post_login=18673456655548"></head><body></body></html>
    
    
    ME:
    GET /frontend/****/index.html?post_login=18673456655548 HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
    Accept-Language: en-us
    UA-CPU: x86
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: ****.net:2082
    
    SERVER:
    HTTP/1.1 401 Access Denied
    WWW-Authenticate: Basic realm="cPanel"
    Connection: close
    Set-Cookie: logintheme=cpanel; path=/; port=2082
    Set-Cookie: cprelogin=no; path=/; port=2082
    Set-Cookie: cpsession=qjd6rmV8Q6ULxHnITFVTkcjKAPQtDoQYhefDOrYe5dnWUl2VJawR__oCN2HMNaSQ; path=/; port=2082
    Server: cpsrvd/11.25
    Content-type: text/html
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <link rel="shortcut icon" href="/cPanel_magic_revision_1250892074/unprotected/cpanel/favicon.ico" type="image/x-icon" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>cPanel&reg; 11</title>
    <link rel="stylesheet" href="/cPanel_magic_revision_1250892074/unprotected/cpanel/style.css" type="text/css" />
    <!--[if IE]>
    <style type="text/css">
    #mid{
    	height:300px;
    }
    </style>
    <![endif]-->
    </head>
    <body>
    <div id="wrap">
    	<div id="top"></div>
    	<div id="mid">
    		<div id="content-wrap" align="center"> 
    
    <form action="/login/" method="post">
        <input type="hidden" name="login_theme" value="cpanel" />
        <table width="200" class="login" cellpadding="0" cellspacing="0">
            <tr>
                <td align="left"><b>Login</b></td>
                <td>&nbsp;</td>
            </tr>
            <tr>
                <td>Username</td>
                <td><input id="user" type="text" name="user" size="16" tabindex="1" /></td>
            </tr>
            <tr class="row2">
                <td>Password</td>
                <td><input id="pass" type="password" name="pass" size="16" tabindex="2" /></td>
            </tr>
            <tr>
                <td colspan="2" style="text-align: center"><input type="submit" value="Login" class="input-button" tabindex="3" /></td>
            </tr>
        </table>
        <input type="hidden" name="goto_uri" value="/frontend/****/index.html?post_login=18673456655548" />
    </form>
    
    <script type="text/javascript">
    /* Must not include external javascript -jnk 06.20.09 */
        var init = function() {
            document.getElementById("user").value = '';
            document.getElementById("pass").value = '';
            document.getElementById("user").focus();
        };
    if( window.addEventListener ) {
        window.addEventListener('load',init,false);
    } else if( document.addEventListener ) {
        document.addEventListener('load',init,false);
    }
    </script>
    </div>
    </div>
    <div id="bot">
    </div>
    &copy; cPanel, Inc. 2009
    </div>
    </body>
    </html>
     
  2. sanjaydagar123

    Joined:
    Aug 29, 2009
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    delhi, india
    you can use the following code to create button

    <input type="button" value="cPanel Login" onclick="window.location='/cpanelusername:cpanelpassword@yourdomainname.com:2082/frontend/x3/index.html'" />

    here is:
    cpanelusername - your cpanel username
    cpanelpassword - your cpanel password
    yourdomainname.com - your domain for which your created your account
    x3 - theme of your cpanel

    after click that button, you can login directly to cPanel without prompt username and password.
     
  3. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Auto Login into cPanel

    Thank you for the information.

    Thank you,
    Matthew curry
     
  4. dattas

    dattas Registered

    Joined:
    Sep 23, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    This does not work IE 7 and IE 8 no longer support the username:password@domain.com uri anymore. You get a "Windows cannot find [url here] please check your spelling and try again." In other browsers you get a prompt similar to this:
    which is also undesirable. I have been using google and these forms to try to find an automatic login but have been unsuccessful. Is there a setting in WHM I need to change? Basically I have my own control panel that my clients login to and when they click on the "login" button it shows an iframe that I want it to automatically login to, Like the user above my setup seems to work in everything except for IE 7.
     
  5. cmichaelis

    cmichaelis Member
    PartnerNOC

    Joined:
    Sep 22, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Not quite

    Hi sanjaydagar123 --

    I am afraid that approach will not work. IE doesn't support using the http://user:domain@domain.com[:port] URI scheme any longer - any attempt to use it pops up an error dialog immediately.

    Thanks,
    --Chris
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
  7. cmichaelis

    cmichaelis Member
    PartnerNOC

    Joined:
    Sep 22, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Good solution - but IE7 still doesn't like it

    Hi David,

    Thanks for the reply. I checked out the Perl module, and it does indeed use some of the same techniques I was using with my first attempt. I wrote a bit of code to make use of LogMeIn.pm, and it works great on all browsers - except IE7 again. So, back to square one there.

    Interesting, if I take the login URL that I end up getting directed to (.../login/?session=foo) from the IE7 address bar after hitting Cancel on the pop-up authentication window, and paste it into FireFox, it comes right up and logs in seamlessly. So, it must be something specific to IE7.

    What that is, I couldn't tell you... I'm getting close to putting up a custom login theme that says "If you got here, upgrade to IE8" or something to that effect. Anybody have any other ideas to look into, before I throw in the towel?

    Thanks,
    --Chris

     
  8. bvierra

    bvierra Well-Known Member

    Joined:
    Jul 28, 2006
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Southern California
    Not sure why everyone is taking you in such a round about way...

    https://host.name.com:2082/login/?login_theme=cpanel&goto_uri=/&login=1&user=$USER&pass=$PASS

    and make sure that:
    Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

    is checking in Tweak Settings
     
Loading...
Similar Threads - Automatically Logging cPanel
  1. NTar
    Replies:
    1
    Views:
    452

Share This Page