The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using hash instead of pwd (David's code)

Discussion in 'cPanel Developers' started by mstuebner, Jul 22, 2007.

  1. mstuebner

    mstuebner Well-Known Member

    Joined:
    May 13, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Hello again,

    motivated by another thread in this forum I tried again to use the hash instead of the password and used the code David gave:

    Code:
    $fp = fsockopen("ssl://" . $Server, 2087, $errno, $errstr, 30);
    
    # Die on error initializing socket
    if ($errno == 0 && $fp == FALSE) { die("Socket Error: Could not initialize socket.");
    } elseif ($fp == FALSE) { die("Socket Error #" . $errno . ": " . $errstr); }
    
    # Assemble the header to send
    $header = "";
    $header .= "GET " . $apiPath . " HTTP/1.0\r\n";
    $header .= "Host: " . $Server . "\r\n";
    $header .= "Authorization: WHM " . $hash . "\r\n";
    $header .= "Connection: close\r\n";
    $header .= "\r\n";
    
    # Send the Header
    fputs($fp, $header);
    
    # Get the raw output from the server
    $rawResult = "";
    while (!feof($fp)) {
    $rawResult .= @fgets($fp, 128); // Suppress errors with @
    }
    		
    # Close the socket
    fclose($fp);
    I tried both options:

    1. the hash in the format it is given in WHM
    2. the hash in ONE LONG line

    Both returns me a login page instead of executing the requested API function. So meanwhile I stepped back to use usr/pwd, but I think in that way it is not really usable for the public.

    Any other idea, or did someone used the hash-way successfully?

    br Matthias
     
  2. dom974

    dom974 Active Member

    Joined:
    Jun 24, 2007
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Same result here, I get the login page. Does anyone have an idea ?

    Dominique
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Okay, so it wasn't just my test server being all weird on me.

    I tried dumping the key to a file (to save time editing) and reading from that. However, WHM seems to only detect the first line of the hash if you leave newline characters in (judging by brute force information).

    I just took Nick's code and translated it to PHP. Unless Perl does something bizarre under the hood with headers, I don't understand why the code wouldn't work. The key issue is the Authorization: WHM as you can replace that with Authorization: Basic with a user/pass and it'll work just fine.
     
  4. rapidot

    rapidot Active Member

    Joined:
    Nov 15, 2004
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    I can't get mine to work for the life of me either. I've outputed the $hash, and it looks fine doesn't look like php does anything terrible to it.

    Perhaps cPanel developers can create a working sample PHP login script w/ $hash for us to use?
     
  5. mstuebner

    mstuebner Well-Known Member

    Joined:
    May 13, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Even that I'm not one of them, here comes the code that finally works with hash:

    REMARK: The below is NOT my style of programming, but I had to copy all in one function to make it "stand-alone".

    PHP:
        function sendRequestCurl() {

            
    $accesshash '2ef4c87d56b85a666dd10612b10065a8
    9a3ef8ce4c95e488e4d111ed9710ce97
    901ec100595dee38e71bb616e66ba649
    05a9ad371df0f8c69aa42c8c2a1b9737
    ----    some parts cut out ------------
    d0afb3baee2e9a7a22cf96b5c8cac90d
    bc60a6089de5f49bbf31aac3f32ae9b6
    3a8c55146a64a5762e0cc1ae4036ce7a'
    ;

            
    $admin "root";
            
    $request "/xml-api/listaccts?searchtype=user&search=";

            
    $cleanaccesshash preg_replace("'(\r|\n)'","",$accesshash);
            
    $authstr $admin ":" $cleanaccesshash;

            
    $rurl "https://ns.domain.net:2087" $request;
            
    $ch curl_init();
            
    curl_setopt($chCURLOPT_SSL_VERIFYPEER,0);
            
    curl_setopt($chCURLOPT_SSL_VERIFYHOST,0);
            
    curl_setopt($chCURLOPT_URL$rurl);
            
    curl_setopt($chCURLOPT_HEADER0);
            
    curl_setopt($chCURLOPT_RETURNTRANSFER,1);
            
            
    $curlheaders[0] = "Authorization: WHM $authstr";
            
    curl_setopt($ch,CURLOPT_HTTPHEADER,$curlheaders);
            
            
    $data=curl_exec ($ch);

            
    curl_close ($ch);
            if(!empty(
    $data)) return(simplexml_load_string($data)); else return;
        }
    I hope it helps, I like to return something for the help I got.
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Thanks, such a silly mistake on my part. Here's a revised version of my code:

    PHP:
    // $hash = your hash (not needed if using password authentication)
    // $user = username for the reseller accompanying that hash
    // $pass = password for that reseller (not needed if using hash authentication)
    // $theServer = your server's hostname or IP

    # What is the path to the API function you wish to use?
    $apiPath "/xml-api/gethostname";

    // NOTE:
    //    THIS CODE WILL ONLY WORK IF YOU HAVE ENABLED
    //    OPENSSL IN PHP.  YOU CAN DO THIS BY GOING TO WHM
    //    AND IN THE SOFTWARE SECTION, CLICK ON APACHE UPDATE
    //    THEN LOAD PREVIOUS CONFIG AND THEN CHECK THE BOX
    //    NEXT TO OPENSSL TO ENABLE SSL SUPPORT
    //
    // Of course, you could always go with http:// and 2086, but why?

    # Make hash into one long string, in case it isn't already
    $hash str_replace("\n","",$hash); // Note \r is not part of the newline indicator on *nix systems.

    # Open a socket for HTTPS
    $fp fsockopen("ssl://" $theServer2087$errno$errstr30);

    # Uncomment to use unsecure HTTP instead
    //$fp = fsockopen($theServer, 2086, $errno, $errstr, 30);

    # Die on error initializing socket
    if ($errno == && $fp == FALSE) {
     die(
    "Socket Error: Could not initialize socket.");
    } elseif (
    $fp == FALSE) {
     die(
    "Socket Error #" $errno ": " $errstr);
    }

    # Assemble the header to send
    $header "";
    $header .= "GET " $apiPath " HTTP/1.0\r\n";
    $header .= "Host: " $theServer "\r\n";
    $header .= "Connection: Close\r\n";
    $header .= "Authorization: WHM " $user ":" $hash "\r\n";
    # Comment above line and uncomment below line to use password authentication in place of hash authentication
    //$header .= "Authorization: Basic " . base64_encode($user . ":" . $pass) . "\r\n";
    $header .= "\r\n";

    # Send the Header
    fputs($fp$header);

    # Get the raw output from the server
    $rawResult "";
    while (!
    feof($fp)) {
     
    $rawResult .= @fgets($fp128); // Suppress errors with @
    }

    # Close the socket
    fclose($fp);

    # Ignore headers
    $rawResultParts explode("\r\n\r\n",$rawResult);
    $result $rawResultParts[1];

    # Output XML
    echo $result;
    Keep in mind this code is merely an example to assist you in learning how to use the API.
     
  7. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I was just reading this thread out of curiosity and can suggest a slight improvement to David's last code posting.

    The line:

    Code:
    $hash = str_replace("\n","",$hash);
    could be changed to

    Code:
    $hash = str_replace(array("\r", "\n"),"",$hash);
    This will get rid of any carriage return as well as new line characters - you can never tell how or when a user will sneak a carriage return in where it's otherwise not expected!
     
  8. dom974

    dom974 Active Member

    Joined:
    Jun 24, 2007
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Hi David,

    Could you tell me if it's possible to have a time out set when accessing xml data via php's function FILE_GET_CONTENTS() ?

    It seems sometimes, the functions get timed out trying to read the xml stream (especially when other people are connected at WHM/CPANEL at the same time). This could be useful !

    Thank you,

    Dominique
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I believe the default timeout for PHP is 300 seconds (5 minutes). IIRC, this can be changed in php.ini - the php.ini file for cpsrvd (cPanel/WHM itself) is located at:

    Code:
    /usr/local/cpanel/3rdparty/etc/php.ini
    The timeout should govern file_get_contents() but that's not a guarantee :).
     
  10. dom974

    dom974 Active Member

    Joined:
    Jun 24, 2007
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Well, I don't think changing php.ini setting is a good thing, 5 minutes is ok for most of the php scripts.
    But in this special case, we want to decrease it at a very low number. I tought one of you could have the answer :)

    I'm surprised nobody else raised this question, or maybe the xml-api has not been heavily used yet ...

    dominique
     
Loading...

Share This Page