The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Where has failurl moved to?

Discussion in 'User Experience' started by MaraBlue, Jun 6, 2012.

  1. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    I'm looking to customize/change the
    Code:
    failurl
    for (failed) logins. As recently as WHM 11.28 the failurls file was located in /var/cpanel/failurls, but it's not there now in 11.32.3. I understand there was a security issue, from cPanel HTTP Response Splitting Vulnerability - cPanel Inc.

    But I can't find anywhere to whitelist failurl.
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You have to create /var/cpanel/failurls. It is not created by cPanel & WHM.
     
  3. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    Ahhhhh, I can do that. :) What syntax should it use? In all the docs, I haven't found an example, etc.

    TIA!

    OK, I take that back. I found this http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/FailUrl which lists:

    But my question on syntax still remains. There's an example of the URL, but not how it should be matched up to which login failurl, etc. I'm hesitant to just guess what cPanel is looking for here.
     
    #3 MaraBlue, Jun 7, 2012
    Last edited: Jun 7, 2012
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The entry in the file must match exactly the URL you want the user redirected to.

    For example if I want to redirect users to the cpanel website, I would place this in the file:

    Code:
    http://www.cpanel.net
    
    The document you point to could certainly use some help. The example URL is an example of what not to do.

    Update:

    Fixed phpBB's attempt to help me format urls.
     
  5. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    Ahhhhh, OK, then it's easier than I first thought. :) I was thinking there would be a way to specify different failurls for different login types (webmail, cpanel, whm). But this works, I can deal with an all-in-one solution.

    Thanks!
     
  6. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    Yeah....it's not working. I created the file "failurls" in /var/cpanel, owned by root (like the other files in that directory). Added a single url on the first line, saved file. Restarted cPanel with /usr/local/cpanel/startup

    Now I get the Windows authentication login box, and then it directs to the old cPanel failed login page. Not what I wanted.
     
  7. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The failurl feature only works with custom login forms. The form must supply the failurl parameter and value as part of the form submission. Something like:

    Code:
    <input type="hidden" name="failurl" value="http://example.com" />
    
    Like I said in my earlier post, the failurls document could use some help :)
     
  8. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    Yeah, it could.
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Just to be clear, I notified documentation that document needs improvement.

    If there are other questions related to this functionality, please feel free to ask. I'll answer them to the best of my ability.
     
  10. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    Thanks, I appreciate that!
     
  11. zegaroid

    zegaroid Registered

    Joined:
    Jun 15, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    First of all Thanks for the info above! i just have an additional question to this thread. Im just new to this so please bear with me...

    Upon failure logging in, what i want is to show the error message only in my website not in cpanel like ex: www.domain.com:2082/xxxxx?failed=1. could that be possible?

    It only works for me if you type username only, but if you add password, it starts redirecting to cpanel error login.

    Please help. Thanks:)
     
  12. zegaroid

    zegaroid Registered

    Joined:
    Jun 15, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Ok, so im using this code, but it takes me to cpanel error page. what i want is to show the error in my website itself. Please help. Thanks!

    Code:
    <?php
    if($_POST['username'] && $_POST['pass'] && !($_GET['failed'] == "1")) {
        $port = $_POST['port']; // sets the port number to login to
        switch($port) {
          case '2082': // cPanel
          case '2086': // WHM
          case '2095': // Webmail
            $protocol = 'http://mydomain.com:';
            break;
          case '2083': // Secure cPanel
          case '2087': // Secure WHM
          case '2096': // Secure Webmail
            $protocol = 'https://mydomain.com:';
            break;
        }
      $redirectlocation = $protocol.$port.'/login/?user='.$_POST['username'].'&pass='.$_POST['pass'].'&failurl='.$_POST['failurl'];
      header ("Location: ".$redirectlocation);
    } else {
      $error = 1;
      header ("Location: ".$_POST['failurl']);
    }
    ?>
    and this for my form:

    Code:
    <?php
    echo '<input type="hidden" name="failurl" value="http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?failed=1">';
    ?>
    <?php
    
     
  13. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    zegaroid, it seems like you are wanting to write a wrapper around our authentication system. I suggest you post to our developers forum ( cPanel Developers ) and read our developer documentation: cPanel & WHM's SDK.
     
Loading...

Share This Page