Remote login with hash, but not using api

M

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
I am writing a whmcs plugin that will communicate with the csf firewall. As far as i know, there is no web api for csf, thus I am forced to post data to the cgi script located at https://hostname:2087/cgi/addon_csf.cgi. Anyway, I have everything written, but I cant seem to be able to use the WHM access key has to remotely login through curl. Here is a snippet of my code and I sincerely appreciate any help:

Code: 
<?php 

	$url = "https://$hostname:2087/cgi/addon_csf.cgi";
	$username = 'root';
	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash

	$postfields["action"] = $action;
	$postfields["ip"] = $ip;

	$ch = curl_init();
	$auth_header[0] = "Authorization: Basic ".$username.":".$hash;	# set up the Header Array
	curl_setopt($curl, CURLOPT_HTTPHEADER, &$auth_header);	# tell curl to use the header array
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 100);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
	$data = curl_exec($ch);
	curl_close($ch);

	var_dump($data);

?>
All i get back is the login screen for whm, so its definitely not logging in. Suggestions?
 
M

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
Actually that code is junk, i got it working now with new code, but only with a user/password. Cant seem to figure out how to do it with a hash (access key) yet.

Code: 
<?php

$url = "https://$hostname:2087/cgi/addon_csf.cgi";
	$username = 'root';
	$hash = str_replace("\r\n",'',$hash); # Strip newlines from the hash
	$args["action"] = $action;
	$args["ip"] = $ip;
	$password = "########";

	if($args) {
		$query_string = '?';
		foreach ($args AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
	}else{
		$query_string = '';
	}

	$query_url = $url.$query_string;
	
	$curl = curl_init();		
	# Create Curl Object
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);	
	# Allow self-signed certs
	curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); 	
	# Allow certs that do not match the hostname
	curl_setopt($curl, CURLOPT_HEADER,0);			
	# Do not include header in output
	curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);	
	# Return contents of transfer on curl_exec
	$header[0] = "Authorization: Basic " . base64_encode($username.":".$password) . "\n\r";
	curl_setopt($curl, CURLOPT_HTTPHEADER, $header);  
	# set the username and password
	curl_setopt($curl, CURLOPT_URL, $query_url);			
	# execute the query
	$result = curl_exec($curl);
	if ($result == false) {
		error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query_url");	
	# log error if curl exec fails
	}
	curl_close($curl);

	var_dump($result);

?>
 
M

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
I think i just need to go to bed, was an easy fix for hash access:

Code: 
$header[0] = "Authorization: WHM $username:" . preg_replace("'(\r|\n)'","",$hash);
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Cpanel UAPI remote login stoped working Developer Experience 1
L Login WHM via Remote Access Key Developer Experience 1
J cpsess of cPanel Secure Remote Login Developer Experience 1
E Remote login for cpanel accounts Developer Experience 3
P remote login,storing username and password Developer Experience 3
Similar threads
Cpanel UAPI remote login stoped working
Login WHM via Remote Access Key
cpsess of cPanel Secure Remote Login
Remote login for cpanel accounts
remote login,storing username and password
Top Bottom