使用PHP进行安全cPanel登录的脚本 [英] Script for secure cPanel login with PHP

问题描述

自最近以来，cPanel已改变登入方式。

登入前，网址是： https：// accessurl：2083 / / strong>

登录后： https：// accessurl：2083 / cpsessXXXX / frontend / x3 / index.html？post_login = 89711792346495 / p>

您会注意到嵌入在网址中的 cpsessXXXX 。

访问AWSTATS是： https：// accessurl：2083 / cpsessXXXX / awstats.pl？config = domain_name& ssl =& lang = en

我试过下面的PHP代码

  $ username ='xxx'; 
 $ password ='xxx'; 
 $ loginUrl ='https：//< accessurl>'; 
 $ ch = curl_init（）; 
 curl_setopt（$ ch，CURLOPT_URL，$ loginUrl）; 
 curl_setopt（$ ch，CURLOPT_POST，1）; 
 curl_setopt（$ ch，CURLOPT_POSTFIELDS，'user ='。$ username。'& pass ='。$ password）; 
 curl_setopt（$ ch，CURLOPT_COOKIEJAR，'cookie.txt'）; 
 curl_setopt（$ ch，CURLOPT_RETURNTRANSFER，1）; 
 curl_setopt（$ ch，CURLOPT_PORT，2083）; 
 $ store = curl_exec（$ ch）; 
 curl_close（$ ch）; 
  

当我遍历代码时， $ store 的值为FALSE ，这意味着登录过程失败。

我在网上找到类似问题的唯一参考是
at http://blog.mcfang.com/ 。

我希望cookies.txt能够

解决方案

< >

您需要将安全令牌引用回cPanel，以便接受您的脚本。根据 cPanel文档中的文档

采取以下示例：

  function createSession（）{//示例详细信息
 $ ip =127.0.0.1; 
 $ cp_user =username; 
 $ cp_pwd =password; 
 $ url =http：// $ ip：2082 / login; 
 $ cookie =/path/to/storage/for/cookies.txt; 
 
 //创建新的curl句柄
 $ ch = curl_init（）; 
 curl_setopt（$ ch，CURLOPT_SSL_VERIFYHOST，0）; 
 curl_setopt（$ ch，CURLOPT_SSL_VERIFYPEER，0）; 
 curl_setopt（$ ch，CURLOPT_HEADER，0）; 
 curl_setopt（$ ch，CURLOPT_URL，$ url）; 
 curl_setopt（$ ch，CURLOPT_FOLLOWLOCATION，1）; 
 curl_setopt（$ ch，CURLOPT_COOKIEFILE，$ cookies）; //将Cookie保存到
 curl_setopt（$ ch，CURLOPT_POSTFIELDS，user = $ cp_user& pass = $ cp_pwd）; 
 curl_setopt（$ ch，CURLOPT_TIMEOUT，100020）; 
 
 //执行curl句柄并获取信息，然后关闭流。 
 $ f = curl_exec（$ ch）; 
 $ h = curl_getinfo（$ ch）; 
 curl_close（$ ch）; 
 
 //如果我们没有问题，那么尝试获取cpsess 
 if（$ f == true和strpos（$ h ['url']，cpsess））
 {
 //获取url的cpsess部分
 $ pattern =/.*？（\ / cpsess。*？）\ /.*?/ is; 
 $ preg_res = preg_match（$ pattern，$ h ['url']，$ cpsess）; 
} 
 
 //如果我们有一个会话然后返回否则返回空字符串
 return（isset（$ cpsess [1]））？ $ cpsess [1]：; 
} 
  

cpsess用于向URL追加cPanel期望返回的正确标记。 / p>

Since recently, cPanel has changed the way that it logs in.

Before login, the url is : https://accessurl:2083/

After login : https://accessurl:2083/cpsessXXXX/frontend/x3/index.html?post_login=89711792346495

You will note the cpsessXXXX embedded in the url.

And the page to access AWSTATS is :https://accessurl:2083/cpsessXXXX/awstats.pl?config=domain_name&ssl=&lang=en

I have tried the following PHP code

$username = 'xxx';
$password = 'xxx';
$loginUrl = 'https://<accessurl>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PORT,2083);
$store = curl_exec($ch);
curl_close($ch);

When I step through the code, the value of $store is FALSE, meaning that the login process failed.

The only reference that I found on the web to a similar problem is at http://blog.mcfang.com/ in the March 28 entry.

I was hoping that cookies.txt would have the cpsessXXXX info, but no file is created.

Thanks for any help

解决方案

You need to reference the security token back to cPanel in order for your script to be accepted. As per the documentation over at cPanel documentation for Security tokens

Take the following example:

function createSession() { // Example details
$ip = "127.0.0.1";
$cp_user = "username";
$cp_pwd = "password";
$url = "http://$ip:2082/login";
$cookies = "/path/to/storage/for/cookies.txt";

// Create new curl handle
$ch=curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies); // Save cookies to
curl_setopt($ch, CURLOPT_POSTFIELDS, "user=$cp_user&pass=$cp_pwd");
curl_setopt($ch, CURLOPT_TIMEOUT, 100020);

// Execute the curl handle and fetch info then close streams.
$f = curl_exec($ch);
$h = curl_getinfo($ch);
curl_close($ch);

// If we had no issues then try to fetch the cpsess
if ($f == true and strpos($h['url'],"cpsess"))
{
    // Get the cpsess part of the url
    $pattern="/.*?(\/cpsess.*?)\/.*?/is";
    $preg_res=preg_match($pattern,$h['url'],$cpsess);
}

// If we have a session then return it otherwise return empty string
return (isset($cpsess[1])) ? $cpsess[1] : "";
} 

cpsess is used to append the URLs the correct token that cPanel expects back.

这篇关于使用PHP进行安全cPanel登录的脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！