Working doaddpop Script.

blue44

Registered
Nov 22, 2003
2
0
151
Hi,
I have been looking on the net for a few days now for a working 'doaddpop' script so i can automate the setup of accounts on my server!
After trying them all i found one!

Here it is!

PHP:
$u = "cpanelUsername"; //your cpanel username
$p = "cpanelPassword"; //your cpanel password
$domain = "domain.com"; // Your Domain without the http or www.

// Variables from signup form.
$username = $_POST['username'];
$password = $_POST['password'];

// QUOTA IS SET TO 100 IN THIS SCRIPT, change it to whatever you like.

// Register POP Account on cPanel.
$file = fopen("http://$u:$p@$domain:2082/frontend/x/mail/doaddpop.html?email=$username&domain=$domain&password=$password&quota=100", "r");
if (!$file) 
{
    echo "<p>Unable to open remote file.\n";
    exit;
} // Unable to connect.
		
while (!feof ($file))
{
    $line = fgets ($file, 1024);
    if(eregi("already exists!", $line, $out)) 
    {
        echo "That name is in use. Please Try Another name.";
        exit;
    } // If name exists.
} // While.

fclose($file);

echo "Email account created!";

I hope this helps anyone who wants it.
I thought it would be bad not to post it up for people.

Jamie.
 

SeanHogan

Member
Jan 16, 2003
11
0
226
West Coast USA
cPanel Access Level
DataCenter Provider
Twitter
Security risks?

Is there any way that a user could find the values of $u:$p@ in any logs? Like a router keeping track of all the urls it sent info to?

I was using $sAuth = base64_encode("Cpanelusername:Cpanelpassword"); and GET for the fputs with the doaddpop.html url but for some reason it stopped working.
 

blue44

Registered
Nov 22, 2003
2
0
151
Hi,
The above code still works for me.
because the script is processed in PHP on the server and the output is only sent to the webbrowser, im sure the passwords cannot be hacked.
although if there does happen to be a major flaw in your code, then its possible.

jamie
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
It is a risk you take for the convenience, especially if you d not enable phpsuexec or php_openbasedir protection. If you don't, then it would be trivial for someone who successfully exploits any PHP script on your server to read the account and password details - just something to be aware of.