olliedog

Member
Feb 27, 2014
6
0
51
cPanel Access Level
Root Administrator
Ive use the code below to create session to use the auto login function for users, but im having trouble sending the complete url from a form, it seems to cut off everything after login/?

If I just use a link in the page, it works fine, any ideas what im missing?

PHP:
  // This can also be the reseller who owns the cPanel user.
  $whmusername = "name";
  $whmpassword = "password";
  $hostname = "example.com";

  // The user on whose behalf the API call runs.
  $cpanel_user = "username"; //under reseller

  $query = "https://$hostname:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";

  $curl = curl_init();                                     // Create Curl Object.
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);       // Allow self-signed certificates...
  curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);       // and certificates that don't match the hostname.
  curl_setopt($curl, CURLOPT_HEADER, false);               // Do not include header in output
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);        // Return contents of transfer on curl_exec.
  $header[0] = "Authorization: Basic " . base64_encode($whmusername . ":" . $whmpassword) . "\n\r";
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header);         // Set the username and password.
  curl_setopt($curl, CURLOPT_URL, $query);                 // Execute the query.
  $result = curl_exec($curl);

  if ($result == false) {
      error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
      return response()->json(['error' => 'There is a problem, Please try again.']);
  }

  $decoded_response = json_decode( $result, true );

  //Access denied
  if (isset($decoded_response['cpanelresult'])){
      if($decoded_response['cpanelresult']['data']['result'] == 0)
          return response()->json(['error' => 'Action Failed Unable to auto-login. Please contact support']);
  //}

  //Invalid username
  if ($decoded_response['metadata']['result'] == 0) return response()->json(['error' => 'Unable to login']);
}
curl_close($curl);

$resultw = $decoded_response['data']['url'];
//echo "Echo Result: " . $resultw;

//removes extra characters after create_user_account
$resulty = substr($resultw, 0, strpos($resultw, 'create_user_session') + 19);
//echo "RESULTY: " . $resulty;

  // form not working
  echo '<form action=' . $resulty . 'method="post">';
  echo   '<p class= exchange_text> Login to cPanel</p>';
  echo    '<input type="submit" value="Login to cpanel" >';
  echo '</form>';

  echo "</br>";

  // link works
  echo '<a href=' . $resulty . '>cPanel Login</a> ';
  echo "</br>";
  echo "</br>";
 
Last edited by a moderator:

ankeshanand

Well-Known Member
Mar 29, 2021
193
58
103
India
cPanel Access Level
Root Administrator
I tried your Code and It seems its working Perfectly. May I know what you are trying to achieve?
My Guesses...
1. Do You want Auto-Redirection after script Runs?
2. Do You want Auto-Login based on PHP Session?
3. Do You want user to enter his Username and then Click on Login to Auto-Login?

Also, You missed <?php ?> in start and ending. and if you want to redirect the User, User header instead of Form!
 

olliedog

Member
Feb 27, 2014
6
0
51
cPanel Access Level
Root Administrator
I tried your Code and It seems its working Perfectly. May I know what you are trying to achieve?
My Guesses...
1. Do You want Auto-Redirection after script Runs?
2. Do You want Auto-Login based on PHP Session?
3. Do You want user to enter his Username and then Click on Login to Auto-Login?

Also, You missed <?php ?> in start and ending. and if you want to redirect the User, User header instead of Form!
Hi
I didn't copy in the <?php ?> for the question, but it does exist :)

The code above does work as you have mentioned, but im confused as to why the link works when clicked and the complete URL is loaded
Code:
echo '<a href=' . $resulty . '>cPanel Login</a> ';
Yet when the button is clicked with the same url, only half of the url is loaded?
Code:
echo '<form action=' . $resulty . 'method="post">';
echo   '<p class= exchange_text> Login to cPanel</p>';
echo    '<input type="submit" value="Login to cpanel" >';
echo '</form>';
The goal is to have the button open a window and auto login to the users cPanel account.
 

ankeshanand

Well-Known Member
Mar 29, 2021
193
58
103
India
cPanel Access Level
Root Administrator
I Still don't get where's the Problem in That?

The Half URL is loaded because after Login Token, Its lodges the User IP with Session and takes him to Homepage!

For HTML part, use HTML instead of Echoing everywhere though this one also works fine but Instead, You could have just created a Button Instead of a Form!
 

olliedog

Member
Feb 27, 2014
6
0
51
cPanel Access Level
Root Administrator
The Half URL is loaded because after Login Token, Its lodges the User IP with Session and takes him to Homepage!
Im learning and muddling my way through, are you able to advise how I fix this to give the whole url on the bottom press, as when page loads it always says invalid login due to the missing part?
 

ankeshanand

Well-Known Member
Mar 29, 2021
193
58
103
India
cPanel Access Level
Root Administrator
Try This:
Code:
<?PHP
  // This can also be the reseller who owns the cPanel user.
  $whmusername = "root";
  $whmpassword = "XXXX";
  $hostname = "hostname.example.com";
 
  // The user on whose behalf the API call runs.
  $cpanel_user = "username"; //under reseller

  $query = "https://$hostname:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";

  $curl = curl_init();                                     // Create Curl Object.
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);       // Allow self-signed certificates...
  curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);       // and certificates that don't match the hostname.
  curl_setopt($curl, CURLOPT_HEADER, false);               // Do not include header in output
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);        // Return contents of transfer on curl_exec.
  $header[0] = "Authorization: Basic " . base64_encode($whmusername . ":" . $whmpassword) . "\n\r";
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header);         // Set the username and password.
  curl_setopt($curl, CURLOPT_URL, $query);                 // Execute the query.
  $result = curl_exec($curl);

  if ($result == false) {
      error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
      return response()->json(['error' => 'There is a problem, Please try again.']);
  }

  $decoded_response = json_decode( $result, true );

  //Access denied
  if (isset($decoded_response['cpanelresult'])){
      if($decoded_response['cpanelresult']['data']['result'] == 0)
          return response()->json(['error' => 'Action Failed Unable to auto-login. Please contact support']);
  //}

  //Invalid username
  if ($decoded_response['metadata']['result'] == 0) return response()->json(['error' => 'Unable to login']);
}
curl_close($curl);

$resultw = $decoded_response['data']['url'];
//echo "Echo Result: " . $resultw;

//removes extra characters after create_user_account
$resulty = substr($resultw, 0, strpos($resultw, 'create_user_session') + 19);
//echo "RESULTY: " . $resulty;
?>
<html>
<form action="<? echo $resultw ?>" method="post">
<p>User:</p><input type="text" value="<? echo $cpanel_user ?>" readonly>
<input type="submit" value="Login to cpanel" >
</form>
</html>
 
  • Like
Reactions: olliedog

ankeshanand

Well-Known Member
Mar 29, 2021
193
58
103
India
cPanel Access Level
Root Administrator
ok, you could auto login with the button?

Any idea why I can't? what I should be looking for?
Your Formatting was wrong in PHP. If any Variables of PHP are used, it should always be in Double Quotes "" else the PHP takes it as a Normal Text! I've given somewhat modified version of the same thing which would work for you!
 
  • Like
Reactions: olliedog

olliedog

Member
Feb 27, 2014
6
0
51
cPanel Access Level
Root Administrator
Your Formatting was wrong in PHP. If any Variables of PHP are used, it should always be in Double Quotes "" else the PHP takes it as a Normal Text! I've given somewhat modified version of the same thing which would work for you!

Thanks for the info and help, learning all the time, code works in php page.