This is the script, please, read it before use it and let your opinions here.
#!/usr/local/bin/perl
# WARNING! The correct running of this script is not on my responsibility.
# YOU HAVE TO ADVICE YOUR WEBMASTER THAT YOU ARE GOING TO USE THIS SCRIPT
# THIS SCRIPT DOESN´T WORKS. Yes, it´s true, you have to modify it and set it up to your personal configuration for the correct working
# ---------------------------------------------------------
# adduser.pl Copyrigth 2.001 Jose Luis Peran Fernandez
# All rights reserved.
# This program is free software. You may modify and/or
# distribute it under the same terms as Perl itself.
# This copyright notice must remain attached to the file.
# ---------------------------------------------------------
# This script only works on systems using WebHost Manager from Cpanel. I tested it on Cpanel 3.6.0 and it works.
# The way it works is simple, just insert into your database a table (I named it adduser)
# This table has 3 fields: domain, plan and email.
# When a customer orders an account, insert the data into adduser with a perl script.
# You have to add cron jobs who calls this script each certain time (I set 15 minutes).
# Be sure to set the correct permisions to the script.
# To set correctly the file, you must see the source code of wwwacctform.
# You can see it on explorer calling it on WebHost Manager and click on See->Source Code.
use LWP::UserAgent;
use CGI;
use DBI;
$ua = new LWP::UserAgent;
$ua->agent(\"AgentName/0.1 \" . $ua->agent);
#connect to the database.
$dbh = DBI->connect(\'Here goes the database connection string\');
$sth = $dbh->prepare(\"SELECT * FROM adduser\");
$sth->execute;
if (($domain, $plan, $email) = $sth->fetchrow) {
#This fields may change in your configuration.
$sign = \"\";
$username = $domain;
$username =~ s/\\.//;
$username = substr($username, 0, 8);
$password = $username;
$quota = \"0\";
$ip = \"1\";
$cgi = \"1\";
$frontpage = \"1\";
$maxftp = \"unlimited\";
$maxpop = \"unlimited\";
$maxlst = \"unlimited\";
$maxsql = \"unlimited\";
$maxsub = \"unlimited\";
#The msel string contains the type of your account. You can extract it from the source code of wwwacctform.
#For example, it can be: $msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\"
if ($plan eq \"PLAN1\") {
$msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\";
}
if ($plan eq \"PLAN2\") {
$msel = ... #Set the correct string for this strings.
}
if ($plan eq \"PLAN3\") {
$msel = ...
}
# This is the call of the script who creates the account, The path may change on your config.
# You have to set your username and password.
# I think it´s safest to use HTTPS instead of HTTP, but I have not tried it.
$req = new HTTP::Request POST => \"http://username:password\\@www.yourdomain.com:2086/scripts/wwwacct\";
$req->content_type(\'application/x-www-form-urlencoded\');
$req->content(\"sign=$sign&domain=$domain&username=$username&password=$password\"a=$quota&ip=$ip&cgi=$cgi&frontpage=$frontpage&maxftp=$maxftp&maxpop=$maxpop&maxlst=$maxlst&maxsql=$maxsql&maxsub=$maxsub&msel=$msel\");
$res = $ua->request($req);
if ($res->is_error) { die \"\\n$progname: Error connecting to $server: \".$res->status_line.\"\\n\" }
else {
$resultado = $res->content;
@datos = split(/Ip: /, $resultado);
@ipfinal = split(/ /, $datos[1]);
# You have the IP of the account at $ipfinal[0]
# This sends an email to the customer to say him that his account has been created
$req3 = HTTP::Request->new(POST => \"mailto:$email\");
$req3->header(Subject => \"Tyoe Here the subject of the e-mail\", From => \"type here your email address\");
$req3->content(\"Type Here the content of the message. \");
my $res3 = $ua->request($req3);
#Delete the customer from the database
$sth2 = $dbh->prepare(\"DELETE FROM adduser WHERE domain = \'$domain\'\");
$sth2->execute;
# $dbh->disconnect;
}
}
I have test it and it works, but at this moment I don´t use it until i check is enough safe.
[i:b80faebb02][I added code tags to make it look better but it made it look worse so I removed them again --nbrown][/i:b80faebb02]
[Edited on 9/29/01 by nbrown]
#!/usr/local/bin/perl
# WARNING! The correct running of this script is not on my responsibility.
# YOU HAVE TO ADVICE YOUR WEBMASTER THAT YOU ARE GOING TO USE THIS SCRIPT
# THIS SCRIPT DOESN´T WORKS. Yes, it´s true, you have to modify it and set it up to your personal configuration for the correct working
# ---------------------------------------------------------
# adduser.pl Copyrigth 2.001 Jose Luis Peran Fernandez
# All rights reserved.
# This program is free software. You may modify and/or
# distribute it under the same terms as Perl itself.
# This copyright notice must remain attached to the file.
# ---------------------------------------------------------
# This script only works on systems using WebHost Manager from Cpanel. I tested it on Cpanel 3.6.0 and it works.
# The way it works is simple, just insert into your database a table (I named it adduser)
# This table has 3 fields: domain, plan and email.
# When a customer orders an account, insert the data into adduser with a perl script.
# You have to add cron jobs who calls this script each certain time (I set 15 minutes).
# Be sure to set the correct permisions to the script.
# To set correctly the file, you must see the source code of wwwacctform.
# You can see it on explorer calling it on WebHost Manager and click on See->Source Code.
use LWP::UserAgent;
use CGI;
use DBI;
$ua = new LWP::UserAgent;
$ua->agent(\"AgentName/0.1 \" . $ua->agent);
#connect to the database.
$dbh = DBI->connect(\'Here goes the database connection string\');
$sth = $dbh->prepare(\"SELECT * FROM adduser\");
$sth->execute;
if (($domain, $plan, $email) = $sth->fetchrow) {
#This fields may change in your configuration.
$sign = \"\";
$username = $domain;
$username =~ s/\\.//;
$username = substr($username, 0, 8);
$password = $username;
$quota = \"0\";
$ip = \"1\";
$cgi = \"1\";
$frontpage = \"1\";
$maxftp = \"unlimited\";
$maxpop = \"unlimited\";
$maxlst = \"unlimited\";
$maxsql = \"unlimited\";
$maxsub = \"unlimited\";
#The msel string contains the type of your account. You can extract it from the source code of wwwacctform.
#For example, it can be: $msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\"
if ($plan eq \"PLAN1\") {
$msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\";
}
if ($plan eq \"PLAN2\") {
$msel = ... #Set the correct string for this strings.
}
if ($plan eq \"PLAN3\") {
$msel = ...
}
# This is the call of the script who creates the account, The path may change on your config.
# You have to set your username and password.
# I think it´s safest to use HTTPS instead of HTTP, but I have not tried it.
$req = new HTTP::Request POST => \"http://username:password\\@www.yourdomain.com:2086/scripts/wwwacct\";
$req->content_type(\'application/x-www-form-urlencoded\');
$req->content(\"sign=$sign&domain=$domain&username=$username&password=$password\"a=$quota&ip=$ip&cgi=$cgi&frontpage=$frontpage&maxftp=$maxftp&maxpop=$maxpop&maxlst=$maxlst&maxsql=$maxsql&maxsub=$maxsub&msel=$msel\");
$res = $ua->request($req);
if ($res->is_error) { die \"\\n$progname: Error connecting to $server: \".$res->status_line.\"\\n\" }
else {
$resultado = $res->content;
@datos = split(/Ip: /, $resultado);
@ipfinal = split(/ /, $datos[1]);
# You have the IP of the account at $ipfinal[0]
# This sends an email to the customer to say him that his account has been created
$req3 = HTTP::Request->new(POST => \"mailto:$email\");
$req3->header(Subject => \"Tyoe Here the subject of the e-mail\", From => \"type here your email address\");
$req3->content(\"Type Here the content of the message. \");
my $res3 = $ua->request($req3);
#Delete the customer from the database
$sth2 = $dbh->prepare(\"DELETE FROM adduser WHERE domain = \'$domain\'\");
$sth2->execute;
# $dbh->disconnect;
}
}
I have test it and it works, but at this moment I don´t use it until i check is enough safe.
[i:b80faebb02][I added code tags to make it look better but it made it look worse so I removed them again --nbrown][/i:b80faebb02]
[Edited on 9/29/01 by nbrown]
The README file of the script from nixt.org says:
\"If their payment
method is PayPal, their account will be automatically created. Otherwise, you will
be sent a notice that there is a new account to be created.\"
If you doesnt use paypal, the account will not be created.
In my server I only create the account, I do not use payment systems.
\"If their payment
method is PayPal, their account will be automatically created. Otherwise, you will
be sent a notice that there is a new account to be created.\"
If you doesnt use paypal, the account will not be created.
In my server I only create the account, I do not use payment systems.
[quote:dc0d91733d]There is a fully functioning script at http://page.nixt.org:88 that I have used myself in the past which is very good. If your scared to try your own, maybe use that one 
[/quote:dc0d91733d]
When I create a package in this script everything works but I can\'t delete the package anymore.
Do you have the same problem?
Thank you.
[/quote:dc0d91733d]When I create a package in this script everything works but I can\'t delete the package anymore.
Do you have the same problem?
Thank you.
[quote:98f5571501]When I create a package in this script everything works but I can\'t delete the package anymore.
Do you have the same problem?
Thank you. [/quote:98f5571501]
I havent used it for a few months. I\'ll install it and test it for you
Do you have the same problem?
Thank you. [/quote:98f5571501]
I havent used it for a few months. I\'ll install it and test it for you
I am testing the script from http://page.nixt.org:88/, and I see a vulnerability related to server security. The author
recommends removing install.php to prevent hacking, but then seems to be saying that in order for the PayPal
auto-create to work, the password for admin.php must be stored locally, which opens up all kinds of opportunities for
unauthorized access (i.e. config.php contains un-encrypted password data). Does anyone know how he recommends
securing this info since password protecting the directory is impractical?
Thanks,
Margie Cash
recommends removing install.php to prevent hacking, but then seems to be saying that in order for the PayPal
auto-create to work, the password for admin.php must be stored locally, which opens up all kinds of opportunities for
unauthorized access (i.e. config.php contains un-encrypted password data). Does anyone know how he recommends
securing this info since password protecting the directory is impractical?
Thanks,
Margie Cash
