Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP: Automating email account creation with new host who requires session tokens

Discussion in 'cPanel Developers' started by JAB Creations, Nov 11, 2013.

  1. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    51
    I've switched hosts and the new host is much faster. The problem is that for some genius reason they've required the use of session tokens in the URL!

    It is still possible to use PHP's file_get_contents() function to call a page but their version of cPanel doesn't understand the link format unless a session already exists.

    This works...but only if a session already exists...
    Is there a way for me (I'm using a reseller account) to disable the use of session tokens in the URL?

    If not how can I have PHP request the page, log in and then note the session token so I can then make the request?
     
    #1 JAB Creations, Nov 11, 2013
  2. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    51
    PHP file_get_contents URL email account creation no longer works with new host

    My new host is fast which is great but for some dumb reason they require session tokens in the URL!

    First off is there any way (with a reseller account) to disable the session tokens from being used in the URL?

    On the new host when I use file_get_contents in PHP it always returns an empty string. Going to the correct URL does not work at all (with all the settings being correct) if a session has not been initiated. This negates my ability to have the server create the email account for clients. I do not want to have to manually log in, create an email account and know everyone's password every single time someone sets up an account.

    This format works but only the session/it's token have already been established...

    Do I need to use something like cURL to detect the page, submit the form and then return the session token or is there a less retarded way to achieve this? I'm not interested in third party stuff. I have seen some weird XML-like code elsewhere though not sure if/how it's even applicable. I've spent some time in the documentation and most of it is for people who are lucky they even got in to cPanel to begin with.

    I also posted a thread earlier on the forums and it seems to have been deleted! Not sure what that is about.
     
    #2 JAB Creations, Nov 11, 2013
  3. cPanelJared

    cPanelJared Technical Analyst

    Joined:
    Feb 25, 2010
    Messages:
    1,835
    Likes Received:
    21
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Re: PHP file_get_contents URL email account creation no longer works with new host

    It was not deleted. It was moderated for manual approval, since it was one of your first posts and it contained a URL. Please do not make multiple posts on the same subject. I have approved both posts and merged them into a single thread in the cPanel Developers section.

    Session tokens have been required since cPanel 11.38, with no way to disable them. Even the root user cannot disable them, so a reseller is not going to be able to. This is not a result of your hosting provider's policy (if they are running cPanel 11.38 or 11.40), but of a change that was made in cPanel in order to enhance security.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelJared, Nov 11, 2013
  4. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    51
    ...and so how do I resolved the problem incurred by this unnecessary "security feature"?
     
    #4 JAB Creations, Nov 11, 2013
  5. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    51
    The documentation here is wrong...
    Authentication Function Call Methods

    ...and the fact that such a major change would be implemented in such a minor version number (11.27-->11.28?) leaves me baffled; that completely negates the point of having documentation!

    Another attempt that I'm making with PHP/cURL that is not working...

    PHP:
    <?php
    $cp_user     'user';
    $cp_pwd 'pass';

    $query 'https://wwwssr3.supercp.com:2083/';

    $curl curl_init();
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);
    curl_setopt($curlCURLOPT_RETURNTRANSFER,1);//# Return contents of transfer on curl_exec
    //$header[0] = "Authorization: WHM $whmusername:" . preg_replace("'(\r|\n)'","",$whmhash);//# Remove newlines from the hash
    curl_setopt($curl,CURLOPT_HTTPHEADER,$header);//# Set curl header
    curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$cp_user&pass=$cp_pwd");
    curl_setopt($curlCURLOPT_URL$query);//# Set your URL
    $result curl_exec($curl);
    # Execute Query, assign to $result

    if ($result == false) {
            error_log("curl_exec threw error \"" curl_error($curl) . "\" for $query");
    }
    curl_close($curl);

    echo     $result;
    ?>
    So I'm stuck without knowing if cURL is making a $_POST request (or dumbing out and making a $_GET request) and what echos back looks like a $_GET request. So I'm stuck without any way to detect the [bi]cpsess[/b] security token. Oh, and this is only destroying all the productivity of my day.
     
    #5 JAB Creations, Nov 11, 2013
  6. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I would not recommend POSTing to cPanel pages directly. If cPanel decides to change the page, your script will break. Instead, use their PHP library (https://github.com/CpanelInc/xmlapi-php) and their JSON API for API2 (Email Module Documentation) to create the email account:

    Code:
    <?php

include '../xmlapi.php';

$ip = getenv('REMOTE_HOST'); //IP of cPanel/WHM server
$root_pass = getenv('REMOTE_PASSWORD'); //you can use root pass or another example below with cPanel user pass

$account = $cpanel_user; //cpanel username

$xmlapi = new xmlapi($ip);
$xmlapi->password_auth("root",$root_pass);
$xmlapi->set_output("json");

$xmlapi->set_debug(1);
print $xmlapi->api2_query($account, "Email", "addpop", array( 'domain' => $domain, 'email' => $email, 'password' => $pass, 'quota' => $quota );

?php>
    or if you want to authenticate with the cPanel user's password:

    Code:
    <?php

include '../xmlapi.php';

$ip = getenv('REMOTE_HOST'); //IP of cPanel/WHM server
$user_pass = getenv('REMOTE_PASSWORD'); //cPanel user pass

$account = $cpanel_user; //cpanel username

$xmlapi = new xmlapi($ip);
$xmlapi->set_debug(1);
$xmlapi->set_port('2083'); //Changes to cPanel (must do for authing with user account)

$xmlapi->password_auth($account,$user_pass);
$xmlapi->set_output("json");

print $xmlapi->api2_query($account, "Email", "addpop", array( 'domain' => $domain, 'email' => $email, 'password' => $pass, 'quota' => $quota );

?php>
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 KostonConsulting, Nov 12, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Automating email account
  1. DennisMidjord

    Automating Maldet scan question

    DennisMidjord, Aug 16, 2018, in forum: Security
    Replies:
    3
    Views:
    262
    cPanelLauren
    Aug 17, 2018
  2. Indinfer

    Automating cPanel from a Desktop Program

    Indinfer, Mar 25, 2018, in forum: cPanel Developers
    Replies:
    10
    Views:
    438
    cPanelMichael
    Apr 11, 2018
  3. kepler

    Automating script installation

    kepler, Aug 20, 2017, in forum: cPanel Developers
    Replies:
    3
    Views:
    1,182
    cPanelMichael
    Aug 22, 2017
  4. professordave

    Automating Account Creation Question

    professordave, Jul 8, 2017, in forum: cPanel Developers
    Replies:
    2
    Views:
    889
    cPanelMichael
    Jul 10, 2017
  5. RetiredAF

    New Thread Notify User when outgoing email is considered spam

    RetiredAF, Dec 15, 2018 at 12:04 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    26
    RetiredAF
    Dec 15, 2018 at 12:04 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice