cPanel Auto Login Problem

[olliedog]

Ive use the code below to create session to use the auto login function for users, but im having trouble sending the complete url from a form, it seems to cut off everything after login/?

https://example.com:2083/cpsessxxx/login/?

If I just use a link in the page, it works fine, any ideas what im missing?

  // This can also be the reseller who owns the cPanel user.
  $whmusername = "name";
  $whmpassword = "password";
  $hostname = "example.com";

  // The user on whose behalf the API call runs.
  $cpanel_user = "username"; //under reseller

  $query = "https://$hostname:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";

  $curl = curl_init();                                     // Create Curl Object.
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);       // Allow self-signed certificates...
  curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);       // and certificates that don't match the hostname.
  curl_setopt($curl, CURLOPT_HEADER, false);               // Do not include header in output
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);        // Return contents of transfer on curl_exec.
  $header[0] = "Authorization: Basic " . base64_encode($whmusername . ":" . $whmpassword) . "\n\r";
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header);         // Set the username and password.
  curl_setopt($curl, CURLOPT_URL, $query);                 // Execute the query.
  $result = curl_exec($curl);

  if ($result == false) {
      error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
      return response()->json(['error' => 'There is a problem, Please try again.']);
  }

  $decoded_response = json_decode( $result, true );

  //Access denied
  if (isset($decoded_response['cpanelresult'])){
      if($decoded_response['cpanelresult']['data']['result'] == 0)
          return response()->json(['error' => 'Action Failed Unable to auto-login. Please contact support']);
  //}

  //Invalid username
  if ($decoded_response['metadata']['result'] == 0) return response()->json(['error' => 'Unable to login']);
}
curl_close($curl);

$resultw = $decoded_response['data']['url'];
//echo "Echo Result: " . $resultw;

//removes extra characters after create_user_account
$resulty = substr($resultw, 0, strpos($resultw, 'create_user_session') + 19);
//echo "RESULTY: " . $resulty;

  // form not working
  echo '<form action=' . $resulty . 'method="post">';
  echo   '<p class= exchange_text> Login to cPanel</p>';
  echo    '<input type="submit" value="Login to cpanel" >';
  echo '</form>';

  echo "</br>";

  // link works
  echo '<a href=' . $resulty . '>cPanel Login</a> ';
  echo "</br>";
  echo "</br>";

 

[cPRex]

Hey there! I personally don't have a clue, although it sounds like an issue with PHP itself. I'll leave this thread marked as new for better visibility so other users can see this and give their thoughts.

 

[ankeshanand]

I tried your Code and It seems its working Perfectly. May I know what you are trying to achieve?
My Guesses...
1. Do You want Auto-Redirection after script Runs?
2. Do You want Auto-Login based on PHP Session?
3. Do You want user to enter his Username and then Click on Login to Auto-Login?

Also, You missed <?php ?> in start and ending. and if you want to redirect the User, User header instead of Form!

 

[olliedog]

I tried your Code and It seems its working Perfectly. May I know what you are trying to achieve?
My Guesses...
1. Do You want Auto-Redirection after script Runs?
2. Do You want Auto-Login based on PHP Session?
3. Do You want user to enter his Username and then Click on Login to Auto-Login?

Also, You missed <?php ?> in start and ending. and if you want to redirect the User, User header instead of Form!

Hi
I didn't copy in the <?php ?> for the question, but it does exist

The code above does work as you have mentioned, but im confused as to why the link works when clicked and the complete URL is loaded

echo '<a href=' . $resulty . '>cPanel Login</a> ';

Yet when the button is clicked with the same url, only half of the url is loaded?

echo '<form action=' . $resulty . 'method="post">';
echo   '<p class= exchange_text> Login to cPanel</p>';
echo    '<input type="submit" value="Login to cpanel" >';
echo '</form>';

The goal is to have the button open a window and auto login to the users cPanel account.

 

[ankeshanand]

I Still don't get where's the Problem in That?

The Half URL is loaded because after Login Token, Its lodges the User IP with Session and takes him to Homepage!

For HTML part, use HTML instead of Echoing everywhere though this one also works fine but Instead, You could have just created a Button Instead of a Form!

 

[olliedog]

The Half URL is loaded because after Login Token, Its lodges the User IP with Session and takes him to Homepage!

Im learning and muddling my way through, are you able to advise how I fix this to give the whole url on the bottom press, as when page loads it always says invalid login due to the missing part?

 

[ankeshanand]

I didn't see any Errors! The HTML with URL was correct and I was able to Login...

 

[olliedog]

I didn't see any Errors! The HTML with URL was correct and I was able to Login...

ok, you could auto login with the button?

Any idea why I can't? what I should be looking for?

 

[ankeshanand]

Try This:

<?PHP
  // This can also be the reseller who owns the cPanel user.
  $whmusername = "root";
  $whmpassword = "XXXX";
  $hostname = "hostname.example.com";
 
  // The user on whose behalf the API call runs.
  $cpanel_user = "username"; //under reseller

  $query = "https://$hostname:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";

  $curl = curl_init();                                     // Create Curl Object.
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);       // Allow self-signed certificates...
  curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);       // and certificates that don't match the hostname.
  curl_setopt($curl, CURLOPT_HEADER, false);               // Do not include header in output
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);        // Return contents of transfer on curl_exec.
  $header[0] = "Authorization: Basic " . base64_encode($whmusername . ":" . $whmpassword) . "\n\r";
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header);         // Set the username and password.
  curl_setopt($curl, CURLOPT_URL, $query);                 // Execute the query.
  $result = curl_exec($curl);

  if ($result == false) {
      error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
      return response()->json(['error' => 'There is a problem, Please try again.']);
  }

  $decoded_response = json_decode( $result, true );

  //Access denied
  if (isset($decoded_response['cpanelresult'])){
      if($decoded_response['cpanelresult']['data']['result'] == 0)
          return response()->json(['error' => 'Action Failed Unable to auto-login. Please contact support']);
  //}

  //Invalid username
  if ($decoded_response['metadata']['result'] == 0) return response()->json(['error' => 'Unable to login']);
}
curl_close($curl);

$resultw = $decoded_response['data']['url'];
//echo "Echo Result: " . $resultw;

//removes extra characters after create_user_account
$resulty = substr($resultw, 0, strpos($resultw, 'create_user_session') + 19);
//echo "RESULTY: " . $resulty;
?>
<html>
<form action="<? echo $resultw ?>" method="post">
<p>User:</p><input type="text" value="<? echo $cpanel_user ?>" readonly>
<input type="submit" value="Login to cpanel" >
</form>
</html>

 

[ankeshanand]

ok, you could auto login with the button?

Any idea why I can't? what I should be looking for?

Your Formatting was wrong in PHP. If any Variables of PHP are used, it should always be in Double Quotes "" else the PHP takes it as a Normal Text! I've given somewhat modified version of the same thing which would work for you!

 

[olliedog]

Your Formatting was wrong in PHP. If any Variables of PHP are used, it should always be in Double Quotes "" else the PHP takes it as a Normal Text! I've given somewhat modified version of the same thing which would work for you!

Thanks for the info and help, learning all the time, code works in php page.

 

[cPRex]

Thanks @ankeshanand !!!