The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Working doaddpop Script.

Discussion in 'General Discussion' started by blue44, Aug 9, 2004.

  1. blue44

    blue44 Registered

    Joined:
    Nov 22, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    I have been looking on the net for a few days now for a working 'doaddpop' script so i can automate the setup of accounts on my server!
    After trying them all i found one!

    Here it is!

    PHP:

    $u 
    "cpanelUsername"//your cpanel username
    $p "cpanelPassword"//your cpanel password
    $domain "domain.com"// Your Domain without the http or www.

    // Variables from signup form.
    $username $_POST['username'];
    $password $_POST['password'];

    // QUOTA IS SET TO 100 IN THIS SCRIPT, change it to whatever you like.

    // Register POP Account on cPanel.
    $file fopen("http://$u:$p@$domain:2082/frontend/x/mail/doaddpop.html?email=$username&domain=$domain&password=$password&quota=100""r");
    if (!
    $file
    {
        echo 
    "<p>Unable to open remote file.\n";
        exit;
    // Unable to connect.
            
    while (!feof ($file))
    {
        
    $line fgets ($file1024);
        if(
    eregi("already exists!"$line$out)) 
        {
            echo 
    "That name is in use. Please Try Another name.";
            exit;
        } 
    // If name exists.
    // While.

    fclose($file);

    echo 
    "Email account created!";


    I hope this helps anyone who wants it.
    I thought it would be bad not to post it up for people.

    Jamie.
     
  2. SeanHogan

    SeanHogan Member

    Joined:
    Jan 16, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Security risks?

    Is there any way that a user could find the values of $u:$p@ in any logs? Like a router keeping track of all the urls it sent info to?

    I was using $sAuth = base64_encode("Cpanelusername:Cpanelpassword"); and GET for the fputs with the doaddpop.html url but for some reason it stopped working.
     
  3. blue44

    blue44 Registered

    Joined:
    Nov 22, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    The above code still works for me.
    because the script is processed in PHP on the server and the output is only sent to the webbrowser, im sure the passwords cannot be hacked.
    although if there does happen to be a major flaw in your code, then its possible.

    jamie
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It is a risk you take for the convenience, especially if you d not enable phpsuexec or php_openbasedir protection. If you don't, then it would be trivial for someone who successfully exploits any PHP script on your server to read the account and password details - just something to be aware of.
     
Loading...

Share This Page