Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

how to create user, site and DB from WHM plugin without access hash?

Discussion in 'cPanel Developers' started by rustyhex2, Jul 11, 2014.

  1. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello. I need to create user, domain and DB from WHM plugin.
    I know, that's possible only with XML-api, but it requires login/pass or access hash.
    It seems strange, because i already logged into WHM as root and have session in url. This session is not valid for requests, sent from local script (php/curl xml api request).

    I wish i could call API without any access creds.
    Is this possible in the current version of cPanel? If so, how can it be accomplished?
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    834
    Likes Received:
    29
    Trophy Points:
    178
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    You cannot call the API without either the access hash or the password. Being able to do so would be considered a huge security vulnerability, considering what the API can do. You may want to consider using a cPanel API2 call instead, which can authenticate using the cPanel user's credentials.

    https://github.com/CpanelInc/xmlapi-php
    https://documentation.cpanel.net/display/SDK/Using+API+2+Functions#UsingAPI2Functions-CallAPI2
    https://documentation.cpanel.net/display/SDK/cPanel+API+2+-+MysqlFE
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    If you're already logged in as root, you'll have read access to /root/.accesshash. Just load it out of the file and use it to make the API call

    Be warned that you should use an appconfig file to make sure your WHM plugin executes as the logged in user so that other users cannot act as root via your plugin.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,409
    Likes Received:
    1,954
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    I just wanted to note the documentation on AppConfig is found here:

    cPanel - AppConfig

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice