PHP: Automating email account creation with new host who requires session tokens

I've switched hosts and the new host is much faster. The problem is that for some genius reason they've required the use of session tokens in the URL!

It is still possible to use PHP's file_get_contents() function to call a page but their version of cPanel doesn't understand the link format unless a session already exists.

This works...but only if a session already exists...

Is there a way for me (I'm using a reseller account) to disable the use of session tokens in the URL?

If not how can I have PHP request the page, log in and then note the session token so I can then make the request?

 

PHP file_get_contents URL email account creation no longer works with new host

My new host is fast which is great but for some dumb reason they require session tokens in the URL!

First off is there any way (with a reseller account) to disable the session tokens from being used in the URL?

On the new host when I use file_get_contents in PHP it always returns an empty string. Going to the correct URL does not work at all (with all the settings being correct) if a session has not been initiated. This negates my ability to have the server create the email account for clients. I do not want to have to manually log in, create an email account and know everyone's password every single time someone sets up an account.

This format works but only the session/it's token have already been established...

Do I need to use something like cURL to detect the page, submit the form and then return the session token or is there a less retarded way to achieve this? I'm not interested in third party stuff. I have seen some weird XML-like code elsewhere though not sure if/how it's even applicable. I've spent some time in the documentation and most of it is for people who are lucky they even got in to cPanel to begin with.

I also posted a thread earlier on the forums and it seems to have been deleted! Not sure what that is about.

 

...and so how do I resolved the problem incurred by this unnecessary "security feature"?

 

The documentation here is wrong...
Authentication Function Call Methods

...and the fact that such a major change would be implemented in such a minor version number (11.27-->11.28?) leaves me baffled; that completely negates the point of having documentation!

Another attempt that I'm making with PHP/cURL that is not working...

PHP:

<?php
$cp_user = 'user';
$cp_pwd = 'pass';

$query = 'https://wwwssr3.supercp.com:2083/';

$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);//# Return contents of transfer on curl_exec
//$header[0] = "Authorization: WHM $whmusername:" . preg_replace("'(\r|\n)'","",$whmhash);//# Remove newlines from the hash
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);//# Set curl header
curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$cp_user&pass=$cp_pwd");
curl_setopt($curl, CURLOPT_URL, $query);//# Set your URL
$result = curl_exec($curl);
# Execute Query, assign to $result

if ($result == false) {
    error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
}
curl_close($curl);

echo $result;
?>

So I'm stuck without knowing if cURL is making a $_POST request (or dumbing out and making a $_GET request) and what echos back looks like a $_GET request. So I'm stuck without any way to detect the [bi]cpsess[/b] security token. Oh, and this is only destroying all the productivity of my day.