The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Remote login with hash, but not using api

Discussion in 'cPanel Developers' started by MACscr, Apr 24, 2012.

  1. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I am writing a whmcs plugin that will communicate with the csf firewall. As far as i know, there is no web api for csf, thus I am forced to post data to the cgi script located at https://hostname:2087/cgi/addon_csf.cgi. Anyway, I have everything written, but I cant seem to be able to use the WHM access key has to remotely login through curl. Here is a snippet of my code and I sincerely appreciate any help:

    Code:
    <?php 
    
    	$url = "https://$hostname:2087/cgi/addon_csf.cgi";
    	$username = 'root';
    	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash
    
    	$postfields["action"] = $action;
    	$postfields["ip"] = $ip;
    
    	$ch = curl_init();
    	$auth_header[0] = "Authorization: Basic ".$username.":".$hash;	# set up the Header Array
    	curl_setopt($curl, CURLOPT_HTTPHEADER, &$auth_header);	# tell curl to use the header array
    	curl_setopt($ch, CURLOPT_URL, $url);
    	curl_setopt($ch, CURLOPT_POST, 1);
    	curl_setopt($ch, CURLOPT_TIMEOUT, 100);
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
    	$data = curl_exec($ch);
    	curl_close($ch);
    
    	var_dump($data);
    
    ?>
    All i get back is the login screen for whm, so its definitely not logging in. Suggestions?
     
  2. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Actually that code is junk, i got it working now with new code, but only with a user/password. Cant seem to figure out how to do it with a hash (access key) yet.

    Code:
    <?php
    
    $url = "https://$hostname:2087/cgi/addon_csf.cgi";
    	$username = 'root';
    	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash
    	$args["action"] = $action;
    	$args["ip"] = $ip;
    	$password = "########";
    
    	if($args) {
    		$query_string = '?';
    		foreach ($args AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
    	}else{
    		$query_string = '';
    	}
    
    	$query_url = $url.$query_string;
    	
    	$curl = curl_init();		
    	# Create Curl Object
    	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);	
    	# Allow self-signed certs
    	curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); 	
    	# Allow certs that do not match the hostname
    	curl_setopt($curl, CURLOPT_HEADER,0);			
    	# Do not include header in output
    	curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);	
    	# Return contents of transfer on curl_exec
    	$header[0] = "Authorization: Basic " . base64_encode($username.":".$password) . "\n\r";
    	curl_setopt($curl, CURLOPT_HTTPHEADER, $header);  
    	# set the username and password
    	curl_setopt($curl, CURLOPT_URL, $query_url);			
    	# execute the query
    	$result = curl_exec($curl);
    	if ($result == false) {
    		error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query_url");	
    	# log error if curl exec fails
    	}
    	curl_close($curl);
    
    	var_dump($result);
    
    ?>
     
  3. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I think i just need to go to bed, was an easy fix for hash access:

    Code:
    $header[0] = "Authorization: WHM $username:" . preg_replace("'(\r|\n)'","",$hash);
     
Loading...

Share This Page