-
-
Save kmark/4440574 to your computer and use it in GitHub Desktop.
<?php | |
namespace cPanel; | |
/************************************************************************************** | |
* Copyright (c) 2013, cPanel, Inc. * | |
* All rights reserved. * | |
* * | |
* Redistribution and use in source and binary forms, with or without modification, * | |
* are permitted provided that the following conditions are met: * | |
* * | |
* Redistributions of source code must retain the above copyright notice, this list * | |
* of conditions and the following disclaimer. Redistributions in binary form must * | |
* reproduce the above copyright notice, this list of conditions and the following * | |
* disclaimer in the documentation and/or other materials provided with the * | |
* distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * | |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * | |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * | |
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * | |
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * | |
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * | |
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * | |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * | |
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * | |
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * | |
* * | |
* PHP implementation of cPanel's LogMeIn.pm by Kevin Mark * | |
**************************************************************************************/ | |
class LogMeIn { | |
// The available services with their HTTPS ports | |
private static $servicePorts = array('cpanel' => 2083, 'whm' => 2087, 'webmail' => 2096); | |
public static function getLoggedInUrl($user, $pass, $hostname, $service, $goto = '/') { | |
// If no valid service has been given, default to cPanel | |
$port = isset(self::$servicePorts[$service]) ? self::$servicePorts[$service] : 2083; | |
$ch = curl_init(); | |
$fields = array('user' => $user, 'pass' => $pass, 'goto_uri' => $goto); | |
// Sets the POST URL to something like: https://example.com:2083/login/ | |
curl_setopt($ch, CURLOPT_URL, 'https://' . $hostname . ':' . $port . '/login/'); | |
curl_setopt($ch, CURLOPT_POST, true); | |
// Turn our array of fields into a url encoded query string i.e.: ?user=foo&pass=bar | |
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); | |
// RFC 2616 14.10 compliance | |
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection' => 'close')); | |
curl_setopt($ch, CURLOPT_HEADER, true); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
// Execute POST query returning both the response headers and content into $page | |
$page = curl_exec($ch); | |
curl_close($ch); | |
$session = $token = array(); | |
// Find the session cookie in the page headers | |
if(!preg_match('/session=([^\;]+)/', $page, $session)) { | |
// This will also fail if the login authentication failed. No need to explicitly check for it. | |
return false; | |
} | |
// Find the cPanel session token in the page content | |
if(!preg_match('|<META HTTP-EQUIV="refresh"[^>]+URL=/(cpsess\d+)/|i', $page, $token)) { | |
return false; | |
} | |
// Append the goto_uri to the query string if it's been manually set | |
$extra = $goto == '/' ? '' : '&goto_uri=' . urlencode($goto); | |
return 'https://' . $hostname . ':' . $port . '/' . $token[1] . '/login/?session=' . $session[1] . $extra; | |
} | |
} |
Yeah..It is worked..
How do I use this class to validate a user? Thanks in advance.
@silveriosepulveda function will return false on any error, including failed authentication.
how can i change this to be used with the access hash?
this is returning false all the time with me, even though all creds are correct
great contribution, is of great use! It seems there was some updating of cPanel and this is not working, you have an update? thank you very much
what parameter has to be pushed via form to this ?
I am a basic PHP fellow.
i see user, pass, server and ?
When it returns false all the time, try adding the following to the script:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Still works?
I attempted to implement this, and had it work once, but then it wouldn't seem to want to work again after that. I was unsure whether there was an expiration issue with the session? I'm trying to use it in a CMS I built, where I have a customer's username/password and would like to create a secure link to easily jump into the associated cpanel account. I thought maybe there was a problem with there being multiple accounts?
Awesome!