The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenID-like Implementation

Discussion in 'cPanel Developers' started by angela zou, Jan 2, 2012.

  1. angela zou

    angela zou Member

    Joined:
    Dec 25, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm using Wordpress for front-end information and support center that include a ticket center for trouble tickets. But the ticket center itself needs the user to be logged in. I want the user to be able to sign in only once, but this leaves me 2 options to do so:
    1. Import all cPanel username into Wordpress periodically
    2. Have users log into cPanel and allow Wordpress to use the login information, which is what I plan to do.

    I'm not a PHP guru, but I love challenges. I'm still reading the documentations (and I might find my answers along the way), but my first questions are is there an API already made for this? If not, where can I obtain information for the current user login?

    Angela
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    All cPanel usernames and passwords correspond to standard Unix/system users with the same credentials. You may first want to investigate if there is a WordPress plugin that allows people to authenticate by means of a system user. This could save you time if someone has already built this.

    If I was doing this, I'd add a new page to the cPanel interface using the cPanel Plugins system (not nearly as complicated as it sounds - it's just dropping in a .html file and using the plugin generator on our website to add an icon for it) and have people press a button to access my system. Why? So I can pass any necessary credentials via POST rather than GET. Note, for the sake of security, please pass credentials via POST and over an encrypted channel such as HTTPS. Otherwise, it's a bit of a ticking timebomb situation with regards to accounts becoming compromised.

    As for getting the password, back when we used HTTP authentication one could just use an environmental variable to fetch the password. Nowadays, you may want to do something like build a script that makes use of the Universal Password Trap to capture and encrypt (rather than hash, unless you can utilize hashes directly) the password for future use.
     
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    You can use the universal password trap to capture password updates and a pre/post account creation hook to register the user in WordPress.


    1. Upon account creation, you'd call out to WordPress to create a user with a hook for Whostmgr, Accounts::Create as described here: Basic Usage | Standardized Hooks


    2. Using the universal password trap, you could then be aware of any password changes to update wordpress with:

    Universal Password Trap


    3. Using a hook for Whostmgr, Accounts::Remove, you could clean up WordPress when a user is no longer hosting with you.

    Hope that helps.
     

Share This Page