Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Help with WHM Login script (PHP)

Discussion in 'cPanel Developers' started by FrankLaszlo, Jul 27, 2010.

  1. FrankLaszlo

    FrankLaszlo Active Member

    Joined:
    Dec 19, 2008
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    56
    I'm creating a login script for WHM that would allow techs to login without having to enter a root password everytime they access it. I am having a bit of trouble on how I should perform the authentication. I am using the curl method in another script for executing queries against the cPanel API (using the access hash) but that just doesnt seem right for this since its the users computer I want to authenticate, not the script itself.

    Is there a better method for doing this that I am overlooking?

    Heres the code I have so far:

    Code:
    <?php
    
    include('config.php');
    
    if (!isset($_REQUEST['server'])) {
        print "You didn't specify a server.";
        exit(1);
    } else {
        $server = $_REQUEST['server'];
    }
    
    $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
    mysql_select_db("$dbName", $db) or die ("Couldn't select the database.");
    $sql = "SELECT * FROM servers WHERE srv_name = '$server'";
    $data = mysql_query($sql);
    if (!mysql_num_rows($data)) {
        print "Invalid server name.";
        exit(1);
    } else {
        $r = mysql_fetch_array($data);
        $serverip = $r['srv_ip'];
        $serverhash = $r['srv_hash'];
        // Do Auth stuff here
        $head = "Location: https://$serverip:2087";
        header($head);
    }
    
    ?>
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 FrankLaszlo, Jul 27, 2010
    Last edited: Jul 27, 2010
  2. FrankLaszlo

    FrankLaszlo Active Member

    Joined:
    Dec 19, 2008
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    56
    Update:

    I was able to get logged in using the root credentials by passing the information in the headers, but I would like to use the access key if possible.

    Code:
    $username="root";
    $password="password";
    $uphash = base64_encode($username.":".$password);
    header('Authorization: Basic " . $uphash . "\n\r");
    header('Location: https://$servername:2087');
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi Frank,

    You should be able to just use 'WHM' instead of 'Basic' in your Authorization header

    This is a snippet from the xml-api PHP Client Class (which I HIGHLY recommend you take a look at):

    Code:
    // $this->auth may contain a remote access hash OR a password,
    //  depending on $this->auth_type;
    // $this->user should contain 'root' for 'hash', or any valid user for 'pass'
    // 'hash' will use 'WHM' auth and 'pass' will use 'Basic' auth in headers
    
    if ( $this->auth_type == 'hash' ) {
        $authstr = 'Authorization: WHM ' . $this->user . ':' . $this->auth . "\r\n";
    } elseif ($this->auth_type == 'pass' ) {
        $authstr = 'Authorization: Basic ' . base64_encode($this->user .':'. $this->auth) . "\r\n";
    } else {
        throw new Exception('invalid auth_type set');
    }
    
    Best Regards,
    -DavidN
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelDavidN, Jul 28, 2010
    Last edited: Jul 28, 2010
  4. FrankLaszlo

    FrankLaszlo Active Member

    Joined:
    Dec 19, 2008
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    56
    Thanks David, I got it working. I was forgetting to pass the username along with the access hash in the header.

    Cheers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice