Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP implementation of cPanel's Perl LogMeIn class.
<?php
namespace cPanel;
/**************************************************************************************
* Copyright (c) 2013, cPanel, Inc. *
* All rights reserved. *
* *
* Redistribution and use in source and binary forms, with or without modification, *
* are permitted provided that the following conditions are met: *
* *
* Redistributions of source code must retain the above copyright notice, this list *
* of conditions and the following disclaimer. Redistributions in binary form must *
* reproduce the above copyright notice, this list of conditions and the following *
* disclaimer in the documentation and/or other materials provided with the *
* distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS *
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE *
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR *
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES *
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS *
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN *
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
* *
* PHP implementation of cPanel's LogMeIn.pm by Kevin Mark *
**************************************************************************************/
class LogMeIn {
// The available services with their HTTPS ports
private static $servicePorts = array('cpanel' => 2083, 'whm' => 2087, 'webmail' => 2096);
public static function getLoggedInUrl($user, $pass, $hostname, $service, $goto = '/') {
// If no valid service has been given, default to cPanel
$port = isset(self::$servicePorts[$service]) ? self::$servicePorts[$service] : 2083;
$ch = curl_init();
$fields = array('user' => $user, 'pass' => $pass, 'goto_uri' => $goto);
// Sets the POST URL to something like: https://example.com:2083/login/
curl_setopt($ch, CURLOPT_URL, 'https://' . $hostname . ':' . $port . '/login/');
curl_setopt($ch, CURLOPT_POST, true);
// Turn our array of fields into a url encoded query string i.e.: ?user=foo&pass=bar
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
// RFC 2616 14.10 compliance
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection' => 'close'));
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute POST query returning both the response headers and content into $page
$page = curl_exec($ch);
curl_close($ch);
$session = $token = array();
// Find the session cookie in the page headers
if(!preg_match('/session=([^\;]+)/', $page, $session)) {
// This will also fail if the login authentication failed. No need to explicitly check for it.
return false;
}
// Find the cPanel session token in the page content
if(!preg_match('|<META HTTP-EQUIV="refresh"[^>]+URL=/(cpsess\d+)/|i', $page, $token)) {
return false;
}
// Append the goto_uri to the query string if it's been manually set
$extra = $goto == '/' ? '' : '&goto_uri=' . urlencode($goto);
return 'https://' . $hostname . ':' . $port . '/' . $token[1] . '/login/?session=' . $session[1] . $extra;
}
}
@dcbarans

This comment has been minimized.

Copy link

dcbarans commented Mar 7, 2013

Awesome!

@abdul-shajin

This comment has been minimized.

Copy link

abdul-shajin commented Mar 12, 2013

Yeah..It is worked..

@silveriosepulveda

This comment has been minimized.

Copy link

silveriosepulveda commented Feb 5, 2014

How do I use this class to validate a user? Thanks in advance.

@kmark

This comment has been minimized.

Copy link
Owner Author

kmark commented Feb 13, 2014

@silveriosepulveda function will return false on any error, including failed authentication.

@adibhanna

This comment has been minimized.

Copy link

adibhanna commented May 31, 2014

how can i change this to be used with the access hash?

@adibhanna

This comment has been minimized.

Copy link

adibhanna commented Jun 11, 2014

this is returning false all the time with me, even though all creds are correct

@isbrasil

This comment has been minimized.

Copy link

isbrasil commented Jun 15, 2015

great contribution, is of great use! It seems there was some updating of cPanel and this is not working, you have an update? thank you very much

@shykot

This comment has been minimized.

Copy link

shykot commented Jun 25, 2015

what parameter has to be pushed via form to this ?
I am a basic PHP fellow.
i see user, pass, server and ?

@Xaser83

This comment has been minimized.

Copy link

Xaser83 commented Sep 1, 2015

When it returns false all the time, try adding the following to the script:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

@IrfDev

This comment has been minimized.

Copy link

IrfDev commented Nov 4, 2019

Still works?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.