The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can anyone tell me why this doesn't work?

Discussion in 'cPanel Developers' started by MrLeN, Jan 27, 2012.

  1. MrLeN

    MrLeN Active Member

    Joined:
    Dec 12, 2010
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    I used to use this script a year ago, but it no longer works:

    Code:
    <?php
    
    ###############################################################
    # cPanel WHM Account Creator 1.1
    ###############################################################
    # Visit http://www.zubrag.com/scripts/ for updates
    ###############################################################
    # Required parameters:
    # - domain - new account domain
    # - user - new account username
    # - password - new account password
    # - package - new account hosting package (plan)
    # - email - contact email
    #
    # Sample run: create-whm-account.php?domain=reseller.com&user=hosting&password=manager&package=unix_500
    #
    # If no parameters passed then input form will be shown to enter data.
    #
    # This script can also be run from another PHP script. This may
    # be helpful if you have some user interface already in place and 
    # want to automatically create WHM accounts from there.
    # In this case you have to setup following variables instead of
    # passing them as parameters:
    # - $user_domain - new account domain
    # - $user_name - new account username
    # - $user_pass - new account password
    # - $user_plan - new account hosting package (plan)
    # - $user_email - contact email
    #
    ###############################################################
    
    ///////  YOUR WHM LOGIN DATA
    $whm_user   = "root";      // reseller username
    $whm_pass   = "password";  // the password you use to login to WHM
    
    #####################################################################################
    ##############          END OF SETTINGS. DO NOT EDIT BELOW    #######################
    #####################################################################################
    
    $whm_host   = $_SERVER['HTTP_HOST'];
    
    function getVar($name, $def = '') {
      if (isset($_REQUEST[$name]))
        return $_REQUEST[$name];
      else
        return $def;
    }
    
    // Domain name of new hosting account
    // To create subdomain just pass full subdomain name
    // Example: newuser.zubrag.com
    if (!isset($user_domain)) {
      $user_domain = getVar('domain');
    }
    
    // Username of the new hosting account
    if (!isset($user_name)) {
      $user_name = getVar('user');
    }
    
    // Password for the new hosting account
    if (!isset($user_pass)) {
      $user_pass = getVar('password');
    }
    
    // New hosting account Package
    if (!isset($user_plan)) {
      $user_plan = getVar('package');
    }
    
    // Contact email
    if (!isset($user_email)) {
      $user_email = getVar('email');
    }
    
    // if parameters passed then create account
    if (!empty($user_name)) {
    
      // create account on the cPanel server
      $script = "http://{$whm_user}:{$whm_pass}@{$whm_host}:2086/scripts/wwwacct";
      $params = "?plan={$user_plan}&domain={$user_domain}&username={$user_name}&password={$user_pass}&contactemail={$user_email}";
      $result = file_get_contents($script.$params);
    
      // output result
      echo "RESULT: " . $result;
    }
    // otherwise show input form
    else {
    $frm = <<<EOD
    <html>
    <head>
      <title>cPanel/WHM Account Creator</title>
      <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
      <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
    </head>
    <body>
      <style>
        input { border: 1px solid black; }
      </style>
    <form method="post">
    <h3>cPanel/WHM Account Creator</h3>
    <table border="0">
    <tr><td>Domain:</td><td><input name="domain" size="30"></td><td>Subdomain or domain, without www</td></tr>
    <tr><td>Username:</td><td><input name="user" size="30"></td><td>Username to be created</td></tr>
    <tr><td>Password:</td><td><input name="password" size="30"></td><td></td></tr>
    <tr><td>Package:</td><td><input name="package" size="30"></td><td>Package (hosting plan) name. Make sure you cpecify existing package</td></tr>
    <tr><td>Contact Email:</td><td><input name="email" size="30"></td><td></td></tr>
    <tr><td colspan="3"><br /><input type="submit" value="Create Account"></td></tr>
    </table>
    </form>
    </body>
    </html>
    EOD;
    echo $frm;
    }
    
    
    Can anyone tell me why?

    Here is the error I get:

    Warning: file_get_contents() [function.file-get-contents]: Couldn't resolve host name in /home/banana/public_html/acc.php on line 82

    Warning: file_get_contents(http://...@@www.fwp.cc:2086/scripts...ssword=password&contactemail=myname@gmail.com) [function.file-get-contents]: failed to open stream: operation failed in /home/banana/public_html/acc.php on line 82
    RESULT:
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Looking at the output provided, it seems like you have to @ symbols in the URL that is ultimately generated. If you have an @ symbol in your root or reseller password, that could be causing the issue here as PHP doesn't know what to do with http:// something@something@something@hostname.

    Just a warning though, this script does not use the APIs, therefore any number of factors can cause this to malfunction even after you get that resolved. For example, the deployment of security functionality such as CSRF protection and Cookie-based authentication (instead of HTTP-based authentication) could trigger this script to never work.

    Be mindful that many write scripts for cPanel&WHM without being very much aware of our best practices, let alone common security protections contemporary servers have. As a result, I advise against trusting any script that does not use the APIs. For example, this particular script makes it very easy for people to steal your root or reseller password since you are broadcasting it over the internet in plain text :(.

    I see you have another thread where you're looking to create an account as part of a specific hosting package (plan), let me see what I can do to help make things easier on you in that thread.
     
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    You should really upgrade to using a SSL connection for that script as you're passing the root password in plain text over the net. Here's a good document about API Authentication: ApiAuthentication < SoftwareDevelopmentKit < TWiki

    As David mentioned, creating the URL from a string means that if your password contains an @ or other chars that need to be parsed :)), the call will fail. By using Curl instead, the password will be encoded and will not break authentication.

    Also as mentioned about, you should be using https://hostname:2087/xml-api/createacct or https://hostname:2087/json-api/createacct as the API methods will remain the same while the inputs to the script may change over time. CreateAccount < SoftwareDevelopmentKit < TWiki

    Hope that helps.
     

Share This Page