Really struggling with this one. I am trying to write a PHP script that authenticates a cPanel account and logs the user in.
If there is anyone that could take a look through the code below and let me know where I am going wrong I would be very grateful...
if(isset($_GET['account'])) {
$cpanel_user = $_GET['account'];
$query = "https://whm.brixly.uk:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";
$curl = curl_init(); // Create Curl Object.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // Allow self-signed certificates...
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); // and certificates that don't match the hostname.
curl_setopt($curl, CURLOPT_HEADER, false); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Return contents of transfer on curl_exec.
$header[0] = "Authorization: Basic " . base64_encode($reseller_username.":".$reseller_password) . "
";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // Set the username and password.
curl_setopt($curl, CURLOPT_URL, $query); // Execute the query.
$result = curl_exec($curl);
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// log error if curl exec fails
}
$decoded_response = json_decode( $result, true );
$session_url = $decoded_response['data']['url'];
$cookie_jar = 'cookie.txt';
curl_setopt($curl, CURLOPT_HTTPHEADER, null); // Unset the authentication header.
curl_setopt($curl, CURLOPT_COOKIESESSION, true); // Initiate a new cookie session.
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie_jar); // Set the cookie jar.
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie_jar); // Set the cookie file.
curl_setopt($curl, CURLOPT_URL, $session_url); // Set the query url to the session login url.
$result = curl_exec($curl); // Execute the session login call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// Log an error if curl_exec fails.
}
$session_url = preg_replace( '{/login(?:/)??.*}', '', $session_url ); // make $session_url = https://10.0.0.1/$session_key
$query = "$session_url/execute/Ftp/list_ftp";
curl_setopt($curl, CURLOPT_URL, $query); // Change the query url to use the UAPI call.
$result = curl_exec($curl); // Execute the UAPI call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query"); // log error if curl exec fails
}
curl_close($curl);
header("Location: $query");
print $result;
}
Rather than the above code logging in, it simply redirects to the cPanel login page.
All of the variables I am passing are correct as a URL is coming back. As far as I am aware, that URL needs to be then posted to in order to set the cookie thus to authenticate the session.
Many thanks,
Dennis