The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best way to store cPanel Password

Discussion in 'cPanel Developers' started by iSofia, Jun 13, 2014.

  1. iSofia

    iSofia Member

    Joined:
    Jun 3, 2014
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hello Everyone,
    In order to enable users to change their own email passwords, the cPanel password is first required for the XMLAPI authentication stage:

    Code:
    $xmlapi->password_auth($cpUsername, $cpPassword)
    I was wondering, since this is not entered by the user, and has to be stored somewhere accessible by the script, what would be the best and safest way to store it?

    Any suggestions would be welcome.

    Thank you. :)
     
  2. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Could you give more details about how email users will be changing their passwords?

    If you are connecting to your cPanel server as root or as the reseller who owns the account, you can use WHM API1's create_user_session, which will provide you with a temporary password and security token you can use to make calls (including password changes) as the cPanel user.

    David Nielson
    Integration Developer, cPanel
     
  3. iSofia

    iSofia Member

    Joined:
    Jun 3, 2014
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi David; thank you for your reply. This is in reference to the following code for changing email account passwords:
    Code:
    //host domain:     xyz.com
    //cpanel username: xyzusa
    //cpanel password: locknkey
    //email account:   john@abc.com
    //new password:    js123456
    
    include("xmlapi.php"); 
    
    $ip = '50.90.180.220';
    $cPanel_ID = 'xyzusa';
    $cPanel_pass = 'locknkey'; 
    
    $email_account = 'john'; 
    $email_domain = 'abc.com'; 
    $email_newPW = 'js123456';
    
    $xmlapi = new xmlapi($ip); 
    $xmlapi->set_port (2082);
    $xmlapi->password_auth($cPanel_ID, $cPanel_pass); 
    
    $args = array('domain'=>$email_domain, 'email'=>$email_account, 'password'=>$email_newPW)); 
    
    $xmlapi->api2_query($account, "Email", "passwdpop", $args);
    The user would provide the new password through a form. But how should we store the cPanel password without it being visible or accessible?

    The WHM API1 create_user_session seems promising; could you kindly assist me with some pointers please?

    Thank you. :)
     
  4. iSofia

    iSofia Member

    Joined:
    Jun 3, 2014
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hello again,
    So, is it safe to assume that cPanel passwords should be hard coded into the scripts themselves? No way around it?

    Thank you.
     
  5. simonas

    simonas Well-Known Member

    Joined:
    Apr 21, 2013
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    cPanel Access Level:
    Root Administrator
    Hello,

    You could try using Hash method, only works for root , i believe:

    Authentication Function Call Methods

    Other than that there's no way. It's up to you to keep file with passwords safe..
     
  6. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Hello again,

    Sorry I've been so slow to reply; I've been away at a conference, and just got back yesterday afternoon.

    If your plugin runs as root or a reseller, you can use that authentication to generate a user session, and use the security token from that session to execute API calls on the user's behalf. Documentation for the call is here:

    http://documentation.cpanel.net/display/SDK/WHM+API+1+-+create_user_session

    Please let me know if you will need anything else.

    David Nielson
    Integration Developer, cPanel
     
Loading...

Share This Page