This is the script for the automated signup

valhalla

Member
Sep 1, 2001
8
0
301
I have write an script that creates an account using the WebHost Manager. Please, see it and answer here your comments.


I will put the script here when my reseller webmaster confirm me the correct running.

[Edited on 9/27/01 by valhalla]
 

valhalla

Member
Sep 1, 2001
8
0
301
This is the script, please, read it before use it and let your opinions here.

#!/usr/local/bin/perl

# WARNING! The correct running of this script is not on my responsibility.
# YOU HAVE TO ADVICE YOUR WEBMASTER THAT YOU ARE GOING TO USE THIS SCRIPT
# THIS SCRIPT DOESN´T WORKS. Yes, it´s true, you have to modify it and set it up to your personal configuration for the correct working

# ---------------------------------------------------------
# adduser.pl Copyrigth 2.001 Jose Luis Peran Fernandez
# All rights reserved.
# This program is free software. You may modify and/or
# distribute it under the same terms as Perl itself.
# This copyright notice must remain attached to the file.
# ---------------------------------------------------------
# This script only works on systems using WebHost Manager from Cpanel. I tested it on Cpanel 3.6.0 and it works.
# The way it works is simple, just insert into your database a table (I named it adduser)
# This table has 3 fields: domain, plan and email.
# When a customer orders an account, insert the data into adduser with a perl script.
# You have to add cron jobs who calls this script each certain time (I set 15 minutes).
# Be sure to set the correct permisions to the script.
# To set correctly the file, you must see the source code of wwwacctform.
# You can see it on explorer calling it on WebHost Manager and click on See->Source Code.


use LWP::UserAgent;
use CGI;
use DBI;

$ua = new LWP::UserAgent;
$ua->agent(\"AgentName/0.1 \" . $ua->agent);


#connect to the database.
$dbh = DBI->connect(\'Here goes the database connection string\');
$sth = $dbh->prepare(\"SELECT * FROM adduser\");
$sth->execute;

if (($domain, $plan, $email) = $sth->fetchrow) {

#This fields may change in your configuration.
$sign = \"\";
$username = $domain;
$username =~ s/\\.//;
$username = substr($username, 0, 8);
$password = $username;
$quota = \"0\";
$ip = \"1\";
$cgi = \"1\";
$frontpage = \"1\";
$maxftp = \"unlimited\";
$maxpop = \"unlimited\";
$maxlst = \"unlimited\";
$maxsql = \"unlimited\";
$maxsub = \"unlimited\";

#The msel string contains the type of your account. You can extract it from the source code of wwwacctform.
#For example, it can be: $msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\"
if ($plan eq \"PLAN1\") {
$msel = \"y,y,50,n,iconic,1,1,10,1,0,2000,y,PLAN1\";
}
if ($plan eq \"PLAN2\") {
$msel = ... #Set the correct string for this strings.
}
if ($plan eq \"PLAN3\") {
$msel = ...
}


# This is the call of the script who creates the account, The path may change on your config.
# You have to set your username and password.
# I think it´s safest to use HTTPS instead of HTTP, but I have not tried it.

$req = new HTTP::Request POST => \"http://username:password\\@www.yourdomain.com:2086/scripts/wwwacct\";

$req->content_type(\'application/x-www-form-urlencoded\');

$req->content(\"sign=$sign&domain=$domain&username=$username&password=$password\"a=$quota&ip=$ip&cgi=$cgi&frontpage=$frontpage&maxftp=$maxftp&maxpop=$maxpop&maxlst=$maxlst&maxsql=$maxsql&maxsub=$maxsub&msel=$msel\");

$res = $ua->request($req);

if ($res->is_error) { die \"\\n$progname: Error connecting to $server: \".$res->status_line.\"\\n\" }

else {
$resultado = $res->content;


@datos = split(/Ip: /, $resultado);
@ipfinal = split(/ /, $datos[1]);

# You have the IP of the account at $ipfinal[0]


# This sends an email to the customer to say him that his account has been created
$req3 = HTTP::Request->new(POST => \"mailto:$email\");
$req3->header(Subject => \"Tyoe Here the subject of the e-mail\", From => \"type here your email address\");
$req3->content(\"Type Here the content of the message. \");
my $res3 = $ua->request($req3);

#Delete the customer from the database
$sth2 = $dbh->prepare(\"DELETE FROM adduser WHERE domain = \'$domain\'\");
$sth2->execute;

# $dbh->disconnect;
}
}

I have test it and it works, but at this moment I don´t use it until i check is enough safe.

[i:b80faebb02][I added code tags to make it look better but it made it look worse so I removed them again --nbrown][/i:b80faebb02]


[Edited on 9/29/01 by nbrown]
 

Brownie

Well-Known Member
Aug 10, 2001
145
0
316
There is a fully functioning script at http://page.nixt.org:88 that I have used myself in the past which is very good. If your scared to try your own, maybe use that one :)
 

valhalla

Member
Sep 1, 2001
8
0
301
The README file of the script from nixt.org says:

\"If their payment
method is PayPal, their account will be automatically created. Otherwise, you will
be sent a notice that there is a new account to be created.\"

If you doesnt use paypal, the account will not be created.

In my server I only create the account, I do not use payment systems.
 

Domenico

Well-Known Member
Aug 14, 2001
375
11
318
[quote:dc0d91733d]There is a fully functioning script at http://page.nixt.org:88 that I have used myself in the past which is very good. If your scared to try your own, maybe use that one :) [/quote:dc0d91733d]

When I create a package in this script everything works but I can\'t delete the package anymore.
Do you have the same problem?

Thank you.
 

Brownie

Well-Known Member
Aug 10, 2001
145
0
316
[quote:98f5571501]When I create a package in this script everything works but I can\'t delete the package anymore.
Do you have the same problem?

Thank you. [/quote:98f5571501]

I havent used it for a few months. I\'ll install it and test it for you :)
 

myce

Well-Known Member
Oct 24, 2001
46
0
306
I am testing the script from http://page.nixt.org:88/, and I see a vulnerability related to server security. The author
recommends removing install.php to prevent hacking, but then seems to be saying that in order for the PayPal
auto-create to work, the password for admin.php must be stored locally, which opens up all kinds of opportunities for
unauthorized access (i.e. config.php contains un-encrypted password data). Does anyone know how he recommends
securing this info since password protecting the directory is impractical?

Thanks,
Margie Cash