The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security tokens and curl login

Discussion in 'cPanel Developers' started by madbob, Nov 19, 2012.

  1. madbob

    madbob Registered

    Joined:
    Nov 19, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    i written a php script that logins to cpanel, than i extract the cpsess from the rdirected url but when i add it to the backup download url istill cant access it.
    anyone please help.

    here is my code

    PHP:
     here i get the cpsess
    $out 
    fopen($newfilename.$databaseArchiveName'wb');
    $cookie="cookie.txt";
            
    $headers  =  array("Host:$ip:2086",
                    
    "User-Agent:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)",
                        
    "Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
                        
    "Accept-Language:en-us,en;q=0.5",
                        
    "Accept-Encoding:gzip,deflate",
                        
    "Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.7",
                        
    "Keep-Alive:300",
                        
    "Connection:keep-alive",
                        
    "Referer:Referer=http://$ip:2082/frontend/x3/backup/index.html",
                        
    //"Authorization:Basic bGVvZml4ZXI6MjEwODc3YnI="    );
                        
    "Authorization: Basic " base64_encode($cp_user.":".$cp_pwd),);
                        
                        
    $ch=curl_init();
                        
    //curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
                        
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);
                        
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);
                        
    curl_setopt($chCURLOPT_HEADER0);
                        
    curl_setopt($chCURLOPT_URL$file);
                        
    curl_setopt($chCURLOPT_FILE$out);
                        
    curl_setopt($chCURLOPT_FOLLOWLOCATION,1);
                        
    //            curl_setopt($ch, CURLOPT_POST, 1);
                        //            curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
                        
    curl_setopt($chCURLOPT_COOKIEJAR,$cookie); //loadcookiesfrom
                        
    curl_setopt($chCURLOPT_COOKIEFILE,$cookie); //savecookiesfrom
                        
    curl_setopt($chCURLOPT_TIMEOUT100020);
                        
    //curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                        
    $f curl_exec($ch);
                        
    $h=curl_getinfo($ch);
                        
    //curl_exec($ch);
                        //echo "<br>Error is : ".curl_error ( $ch);
                        
    curl_close($ch);
                        
    fclose($out);
                        if (
    $f===false and strpos($h['url'],"cpsess")) {
                            
    //get cpsess;
                            
    $pattern="/.*?(\/cpsess.*?)\/.*?/is";
                            
    $preg_res=preg_match($pattern,$h['url'],$cpsess);
                            
                            
                        }
                        if (isset(
    $cpsess[1])) {
                            return 
    $cpsess[1];
                        }else return 
    "";




    PHP:
     and here i am trying to access and download the backup
        $out 
    fopen($newfilename.$databaseArchiveName'wb');

      
    $cookie="cookie.txt"
            
    $headers  =  array("Host:$ip:2082",
                        
    "User-Agent:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)",
                        
    "Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
                        
    "Accept-Language:en-us,en;q=0.5"
                        
    "Accept-Encoding:gzip,deflate",
                        
    "Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.7",
                        
    "Keep-Alive:300"
                        
    "Connection:keep-alive",
                        
    "Referer:http://$ip:2082".$cphome."/frontend/x3/backup/index.html",
                        
    //"Authorization:Basic bGVvZml4ZXI6MjEwODc3YnI="    );
                        //"Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd),
                    
    );
                
                
    $ch=curl_init();  
                
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);
                
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);
                
    //curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
                
    curl_setopt($chCURLOPT_HEADER0); 
                
    curl_setopt($chCURLOPT_URL$file);
                
    curl_setopt($chCURLOPT_FILE$out); 
                
    curl_setopt($chCURLOPT_FOLLOWLOCATION,1); 
    //            curl_setopt($ch, CURLOPT_POST, 1); 
    //            curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); 
                
    curl_setopt($chCURLOPT_COOKIEJAR,$cookie); //loadcookiesfrom
                
    curl_setopt($chCURLOPT_COOKIEFILE,$cookie); //savecookiesfrom
                
    curl_setopt($chCURLOPT_TIMEOUT100020); 
                
    //curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
                
    $f curl_exec($ch);
                    
    $h=curl_getinfo($ch);
                   
    //curl_exec($ch);
        //echo "<br>Error is : ".curl_error ( $ch); 
                
    curl_close($ch);
                
    fclose($out); 


    so my dl url is looking like this:
    http://domain.com:2082/cpsess8262805767/getsqlbackup/accname_dbname.sql.gz

    and i still get the curl result as false
     
    #1 madbob, Nov 19, 2012
    Last edited: Nov 19, 2012
  2. charsleysa

    charsleysa Active Member

    Joined:
    Jul 18, 2011
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Palmerston North, New Zealand
    cPanel Access Level:
    Root Administrator
    I see that your code has a multitude of unused/undefined variables, it is riddled with errors.
    I would suggest reading up on how cURL works and tidying up your code.

    In the meantime here's some example code with some comments that should get you on the right track:
    PHP:
    <?php

    function createSession()
    {
        
    // Example details
        
    $ip "127.0.0.1";
        
    $cp_user "username";
        
    $cp_pwd "password";
        
    $url "http://$ip:2082/login";
        
    $cookies "/path/to/storage/for/cookies.txt";

        
    // Create new curl handle
        
    $ch=curl_init();
        
    curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
        
    curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
        
    curl_setopt($chCURLOPT_HEADER0);
        
    curl_setopt($chCURLOPT_URL$url);
        
    curl_setopt($chCURLOPT_FOLLOWLOCATION1);
        
    curl_setopt($chCURLOPT_COOKIEFILE$cookies); // Save cookies to
        
    curl_setopt($chCURLOPT_POSTFIELDS"user=$cp_user&pass=$cp_pwd");
        
    curl_setopt($chCURLOPT_TIMEOUT100020);

        
    // Execute the curl handle and fetch info then close streams.
        
    $f curl_exec($ch);
        
    $h curl_getinfo($ch);
        
    curl_close($ch);
        
        
    // If we had no issues then try to fetch the cpsess
        
    if ($f == true and strpos($h['url'],"cpsess"))
        {
            
    // Get the cpsess part of the url
            
    $pattern="/.*?(\/cpsess.*?)\/.*?/is";
            
    $preg_res=preg_match($pattern,$h['url'],$cpsess);
        }
        
        
    // If we have a session then return it otherwise return empty string
        
    return (isset($cpsess[1])) ? $cpsess[1] : "";
    }

    function 
    downloadBackup($cpsess)
    {
        
    // Example details
        
    $ip "127.0.0.1";
        
    $cp_user "username";
        
    $cp_pwd "password";
        
    $url "http://$ip:2082/$cpsess/download";
        
    $cookies "/path/to/storage/for/cookies.txt";
        
    $output fopen("/path/of/database/file.db"'wb');
        
    $file "file.to.download.db";

        
    // Create new curl handle
        
    $ch=curl_init();
        
    curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
        
    curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
        
    curl_setopt($chCURLOPT_HEADER0);
        
    curl_setopt($chCURLOPT_URL$url);
        
    curl_setopt($chCURLOPT_FOLLOWLOCATION1);
        
    curl_setopt($chCURLOPT_FILE$output);
        
    curl_setopt($chCURLOPT_COOKIEJAR$cookies); // Load cookies from
        
    curl_setopt($chCURLOPT_POSTFIELDS"file=$file");
        
    curl_setopt($chCURLOPT_TIMEOUT100020);

        
    // Execute the curl handle and fetch info then close streams.
        
    $f curl_exec($ch);
        
    curl_close($ch);
        
    fclose($output);
    }
     
  3. madbob

    madbob Registered

    Joined:
    Nov 19, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    the code is just a snippet its inside a function and it gets the variables passed to it.
    i have looked at your code, and i dont understand why you send a filename as post and how do you know its assigned to "file".
    also i dont think that $url will exist on a server. if going that way than the url will be "http://doamin.com:2082/cpsess8716269403/getsqlbackup"
    thirdly whats wrong with "Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd);

    i have tried to use this with the correct path and relevant data but still cant download.
    i get 200 http_code, the file is created but nothing gets downloaded.
     
    #3 madbob, Nov 20, 2012
    Last edited: Nov 20, 2012
  4. madbob

    madbob Registered

    Joined:
    Nov 19, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    solved, it was due to a disk full.
     
Loading...

Share This Page