Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

XML API verify user's password?

Discussion in 'cPanel Developers' started by danneh3826, Aug 27, 2008.

  1. danneh3826

    danneh3826 Member

    Apr 5, 2008
    Likes Received:
    Trophy Points:
    Hi there, just a quick one.
    Is there any API call I can use in which I pass an account's username and password and find out if it's valid or not? I'm writing a secondary "portal" for my customers, and to save them having 2 separate username & passwords, if I can use their cPanel user/password to let them login to both. This way also, if they change their password, they don't have to change their portal password as a second task, but it's already done for them.
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Nov 29, 2006
    Likes Received:
    Trophy Points:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I am not aware of an API call that is specifically designed to verify a user's password. I can think of some work-arounds that involve creative uses of Passwd::change_password (as it requires the correct current password or it fails) or POP3 authentication against the default mail account. The latter is not a particularly good solution because in the event of too many failed logins, cphulkd may silently stop accepting logins and that wouldn't be a good thing.

    Another (more robust) solution you may wish to consider is password synchronization. In /usr/cpanel/hooks there's a README file that describes how to hook onto the event when a cPanel password is changed. You can use this to update the password stored with your portal. If your portal has a similar hook, you can use Passwd::change_password to update the cPanel password accordingly as well.
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Mar 9, 2015
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    You can just verify them against the shadow file on the server.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice