The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP: Automating email account creation with new host who requires session tokens

Discussion in 'cPanel Developers' started by JAB Creations, Nov 11, 2013.

  1. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I've switched hosts and the new host is much faster. The problem is that for some genius reason they've required the use of session tokens in the URL!

    It is still possible to use PHP's file_get_contents() function to call a page but their version of cPanel doesn't understand the link format unless a session already exists.

    This works...but only if a session already exists...
    Is there a way for me (I'm using a reseller account) to disable the use of session tokens in the URL?

    If not how can I have PHP request the page, log in and then note the session token so I can then make the request?
     
  2. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    PHP file_get_contents URL email account creation no longer works with new host

    My new host is fast which is great but for some dumb reason they require session tokens in the URL!

    First off is there any way (with a reseller account) to disable the session tokens from being used in the URL?

    On the new host when I use file_get_contents in PHP it always returns an empty string. Going to the correct URL does not work at all (with all the settings being correct) if a session has not been initiated. This negates my ability to have the server create the email account for clients. I do not want to have to manually log in, create an email account and know everyone's password every single time someone sets up an account.

    This format works but only the session/it's token have already been established...

    Do I need to use something like cURL to detect the page, submit the form and then return the session token or is there a less retarded way to achieve this? I'm not interested in third party stuff. I have seen some weird XML-like code elsewhere though not sure if/how it's even applicable. I've spent some time in the documentation and most of it is for people who are lucky they even got in to cPanel to begin with.

    I also posted a thread earlier on the forums and it seems to have been deleted! Not sure what that is about.
     
  3. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Re: PHP file_get_contents URL email account creation no longer works with new host

    It was not deleted. It was moderated for manual approval, since it was one of your first posts and it contained a URL. Please do not make multiple posts on the same subject. I have approved both posts and merged them into a single thread in the cPanel Developers section.

    Session tokens have been required since cPanel 11.38, with no way to disable them. Even the root user cannot disable them, so a reseller is not going to be able to. This is not a result of your hosting provider's policy (if they are running cPanel 11.38 or 11.40), but of a change that was made in cPanel in order to enhance security.
     
  4. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    ...and so how do I resolved the problem incurred by this unnecessary "security feature"?
     
  5. JAB Creations

    JAB Creations Member

    Joined:
    Nov 21, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    The documentation here is wrong...
    Authentication Function Call Methods

    ...and the fact that such a major change would be implemented in such a minor version number (11.27-->11.28?) leaves me baffled; that completely negates the point of having documentation!

    Another attempt that I'm making with PHP/cURL that is not working...

    PHP:
    <?php
    $cp_user 
    'user';
    $cp_pwd 'pass';

    $query 'https://wwwssr3.supercp.com:2083/';

    $curl curl_init();
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);
    curl_setopt($curlCURLOPT_RETURNTRANSFER,1);//# Return contents of transfer on curl_exec
    //$header[0] = "Authorization: WHM $whmusername:" . preg_replace("'(\r|\n)'","",$whmhash);//# Remove newlines from the hash
    curl_setopt($curl,CURLOPT_HTTPHEADER,$header);//# Set curl header
    curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$cp_user&pass=$cp_pwd");
    curl_setopt($curlCURLOPT_URL$query);//# Set your URL
    $result curl_exec($curl);
    # Execute Query, assign to $result

    if ($result == false) {
        
    error_log("curl_exec threw error \"" curl_error($curl) . "\" for $query");
    }
    curl_close($curl);

    echo 
    $result;
    ?>
    So I'm stuck without knowing if cURL is making a $_POST request (or dumbing out and making a $_GET request) and what echos back looks like a $_GET request. So I'm stuck without any way to detect the [bi]cpsess[/b] security token. Oh, and this is only destroying all the productivity of my day.
     
  6. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I would not recommend POSTing to cPanel pages directly. If cPanel decides to change the page, your script will break. Instead, use their PHP library (https://github.com/CpanelInc/xmlapi-php) and their JSON API for API2 (Email Module Documentation) to create the email account:

    Code:
    <?php
    
    include '../xmlapi.php';
    
    $ip = getenv('REMOTE_HOST'); //IP of cPanel/WHM server
    $root_pass = getenv('REMOTE_PASSWORD'); //you can use root pass or another example below with cPanel user pass
    
    $account = $cpanel_user; //cpanel username
    
    $xmlapi = new xmlapi($ip);
    $xmlapi->password_auth("root",$root_pass);
    $xmlapi->set_output("json");
    
    $xmlapi->set_debug(1);
    print $xmlapi->api2_query($account, "Email", "addpop", array( 'domain' => $domain, 'email' => $email, 'password' => $pass, 'quota' => $quota );
    
    ?php>
    
    or if you want to authenticate with the cPanel user's password:

    Code:
    <?php
    
    include '../xmlapi.php';
    
    $ip = getenv('REMOTE_HOST'); //IP of cPanel/WHM server
    $user_pass = getenv('REMOTE_PASSWORD'); //cPanel user pass
    
    $account = $cpanel_user; //cpanel username
    
    $xmlapi = new xmlapi($ip);
    $xmlapi->set_debug(1);
    $xmlapi->set_port('2083'); //Changes to cPanel (must do for authing with user account)
    
    $xmlapi->password_auth($account,$user_pass);
    $xmlapi->set_output("json");
    
    print $xmlapi->api2_query($account, "Email", "addpop", array( 'domain' => $domain, 'email' => $email, 'password' => $pass, 'quota' => $quota );
    
    ?php>
    
     
Loading...

Share This Page