Since recently, cPanel has changed the way that it logs in.
Before login, the url is : https://accessurl:2083/
After login : https://accessurl:2083/cpsessXXXX/frontend/x3/index.html?post_login=89711792346495
You will note the cpsessXXXX embedded in the url.
And the page to access AWSTATS is :https://accessurl:2083/cpsessXXXX/awstats.pl?config=domain_name&ssl=&lang=en
I have tried the following PHP code
$username = 'xxx';
$password = 'xxx';
$loginUrl = 'https://<accessurl>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PORT,2083);
$store = curl_exec($ch);
curl_close($ch);
When I step through the code, the value of $store is FALSE, meaning that the login process failed.
The only reference that I found on the web to a similar problem is
at http://blog.mcfang.com/ in the March 28 entry.
I was hoping that cookies.txt would have the cpsessXXXX info, but no file is created.
Thanks for any help
You need to reference the security token back to cPanel in order for your script to be accepted. As per the documentation over at cPanel documentation for Security tokens
Take the following example:
function createSession() { // Example details
$ip = "127.0.0.1";
$cp_user = "username";
$cp_pwd = "password";
$url = "http://$ip:2082/login";
$cookies = "/path/to/storage/for/cookies.txt";
// Create new curl handle
$ch=curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies); // Save cookies to
curl_setopt($ch, CURLOPT_POSTFIELDS, "user=$cp_user&pass=$cp_pwd");
curl_setopt($ch, CURLOPT_TIMEOUT, 100020);
// Execute the curl handle and fetch info then close streams.
$f = curl_exec($ch);
$h = curl_getinfo($ch);
curl_close($ch);
// If we had no issues then try to fetch the cpsess
if ($f == true and strpos($h['url'],"cpsess"))
{
// Get the cpsess part of the url
$pattern="/.*?(\/cpsess.*?)\/.*?/is";
$preg_res=preg_match($pattern,$h['url'],$cpsess);
}
// If we have a session then return it otherwise return empty string
return (isset($cpsess[1])) ? $cpsess[1] : "";
}
cpsess is used to append the URLs the correct token that cPanel expects back.
You can send the "Authorization" row by Headers adding this simple row:
$header[0] = "Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd) . "\n\r";
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
So you can send a request directly to the resource $myResource, without cookies and anything else.
Simply:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $myResource);
$header[0] = "Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd) . "\n\r";
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PORT,2083);
$store = curl_exec($ch);
curl_close($ch);
You should consider to use the XML API of CPanel. On Github you can find the xmlapi-php class, it works great and help me to keep the code simple and easy to update!
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贼婆χ 的文章《Script for secure cPanel login with PHP》','https://www.manongdao.com/article-385100.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}