cPanel cURL Authentication without WHM

Operating System & Version
macOS Catalina 10.15.3
cPanel & WHM Version
86.0.17

xsuve

Registered
Apr 4, 2020
3
0
1
Romania
cPanel Access Level
Website Owner
Hello everyone,

I was working on a part of my web application, which logins the user with a single click on a button in the cPanel of their website, based on the IP Address, Port, cPanel Username & Password provided before.
On what I got on browsing the web about this problem, I found that a way of doing this is a cURL post request to the specific URL (http://domain.com:2082/login) with the 'user' and 'pass' post variables containing the cPanel login creditentials.
I'm quite new to this cURL, HTTP Authentication stuff, so I don't exactly know how to achieve what I want in the end.

I also want to mention, I don't have access to WHM.

This is my code for now:

PHP:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://' . $account->ip_address . ':' . $account->cpanel_port . '/login');
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($curl, CURLOPT_POSTFIELDS, 'user=' . $account->cpanel_username . '&pass=' . $account->cpanel_password);
curl_setopt($curl, CURLOPT_HEADER, TRUE);
curl_setopt($curl, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
$h = curl_exec($curl);
$redir = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);

//$redirect = '<script>location.href = "' . $redir . '";</script>';

return $h;
And for that return of the headers, I can get this results:
I see that it kinda logs me in and I get the '/cpsessXXXXXX/frontend/paper_lantern/index.html?login=1&post_login=XXXXXX' URL, but when trying to redirect to 'http://domain.com:2082/cpsessXXXXXX/frontend/paper_lantern/index.html?login=1&post_login=XXXXXX' it prompts me to the cPanel login page.
(I'm thinking is some kind of cookies problem?)

Here is the return value:
Code:
HTTP/1.1 307 Moved
Connection: close
Content-length: 173
Location: /cpsessXXXXXX/frontend/paper_lantern/index.html?login=1&post_login=XXXXXX
Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: cpsession=username%3ag2IzlnuoM0p6nSTY%2c54d4e0f7b512cee7c9fa6a9af8b63dc5; HttpOnly; path=/; port=2083; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=IP_ADDRESS; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Content-type: text/html; charset="utf-8"
Cache-Control: no-cache, no-store, must-revalidate, private

HTTP/1.1 200 OK
Content-Type: text/html; charset="utf-8"
Date: Sat, 04 Apr 2020 10:47:07 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Content-Length: 249191
Along the headers, I can see that I'm logged in, but in the same web app URL (see attachments).

In a summary, I have a button on the user page, which needs to redirect (login) inside the cPanel, based on the IP, Port, cPanel username & password.
If someone is familiar, I know hosting providers do this in their panel. They provide the same button in the panel of the domain and by clicking it, you will be redirected inside the cPanel of that domain, and be able to access stuff like File Manager, etc.

Hopefully someone can help me with this.

Thanks you!
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
I beleive the following might be what you're looking for:

Guide to API Authentication - Secure Remote Logins - Developer Documentation - cPanel Documentation - this is the preferred method

Guide to API Authentication - Username and Password Authentication - Developer Documentation - cPanel Documentation - this is what appears to be the method you're using

The entire guide to authentication can be found here: Guide to API Authentication - Developer Documentation - cPanel Documentation which works for both cPanel and WHM functions.
 

xsuve

Registered
Apr 4, 2020
3
0
1
Romania
cPanel Access Level
Website Owner
Thanks for your reply, Lauren!

I tried everything from the Guides and Documentation, but without any success.
On further research, I can see that with the CURLOPT_FOLLOWLOCATION option from cURL set on FALSE, it will redirect me, but with the relative path, instead of the absoulte one (http://localhost/cpsessXXXXX/frontend/paper_lantern/index.html?login=1&post_login=XXXXX). When the option is set on TRUE, it won't redirect me and will display the cPanel (I think, without the CSS and other things) in the same page. I've attached a screenshot in the first post.

To make things clear, I have the cPanel host, port, username and password available, and by clicking a button I need to log in the cPanel in a new tab.

Can you take a further look into this and help me achieve it, please?
Thank you!