The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Upgrading security with xmlapi

Discussion in 'cPanel Developers' started by Loldawg, Sep 16, 2013.

  1. Loldawg

    Loldawg Registered

    Joined:
    Sep 16, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Heya,

    So I've added a feature to my site which allows for automatic creation of user@domain whenever a new employee is added. However, the current system I use is using plain text password to login to cPanel, and I was wondering, can I upgrade this? Since it's a commercial system, I'd have to store password in a table, in plain text, which is something I'd rather not do.

    I've attached the api file (too long to list here). Here's an example of code that uses it:

    Code:
    $ip = $_SERVER['SERVER_ADDR'];
    	$root_pass = $cpp;	 // Grabbed from database, stored in plain text
    	$account = $cpu;	        // Grabbed from database, stored in plain text
    	$email_user = $username;
    	$email_password = $rand ;
    	$email_domain = $domain;
    	$email_quota = 'Unlimited';	 
    	$xmlapi = new xmlapi($ip);
    	$xmlapi->set_port(2083);/* the ssl port for cpanel */
    	$xmlapi->password_auth($account,$root_pass);
    	$xmlapi->set_output('json');	 
    	$xmlapi->set_debug(1);
    	print $xmlapi->api1_query($account, "Email", "addpop", array($email_user, $email_password, $email_quota, $email_domain) );
    	$wm = $username . "@" . $domain;
    View attachment xmlapi.zip

    Thank you and have a nice day!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can write your script so that it includes an access hash, or "key," in the HTTP header that it sends to the server when it calls the API function. However, note that this is only available to WHM users. Documentation on this is available at:

    API Authentication

    Thank you.
     
  3. Loldawg

    Loldawg Registered

    Joined:
    Sep 16, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thank you!

    Just a quick one, if someone is using hosting package such as godaddy or similar, I suppose they don't have WHM access? I'm trying to make this work on widest range of hostings as possible, and from what I understand, goddady hosted sites have their own type of cpanel?

    Thanks again!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I presume hosting companies such as GoDaddy offer Web Host Manager if they have plans for resellers, virtual private servers, or dedicated servers with cPanel.

    Thank you.
     
Loading...

Share This Page