Skip to main content

PHP: Automating email account creation with new host who requires session tokens

Comments

5 comments

  • JAB Creations
    PHP file_get_contents URL email account creation no longer works with new host My new host is fast which is great but for some dumb reason they require session tokens in the URL! First off is there any way (with a reseller account) to disable the session tokens from being used in the URL? On the new host when I use file_get_contents in PHP it always returns an empty string. Going to the correct URL does not work at all (with all the settings being correct) if a session has not been initiated. This negates my ability to have the server create the email account for clients. I do not want to have to manually log in, create an email account and know everyone's password every single time someone sets up an account. This format works but only the session/it's token have already been established... [QUOTEhttps: //user:pass&@wwwssr3.supercp.com:2083/cpsess2821474840/frontend/x3/mail/doaddpop.html?email=thatguy&domain=example.com&password=fakepassword&quota=0
    Do I need to use something like cURL to detect the page, submit the form and then return the session token or is there a less retarded way to achieve this? I'm not interested in third party stuff. I have seen some weird XML-like code elsewhere though not sure if/how it's even applicable. I've spent some time in the documentation and most of it is for people who are lucky they even got in to cPanel to begin with. I also posted a thread earlier on the forums and it seems to have been deleted! Not sure what that is about.
    0
  • JaredR.
    Re: PHP file_get_contents URL email account creation no longer works with new host [QUOTE]I also posted a thread earlier on the forums and it seems to have been deleted! Not sure what that is about.
    It was not deleted. It was moderated for manual approval, since it was one of your first posts and it contained a URL. Please do not make multiple posts on the same subject. I have approved both posts and merged them into a single thread in the cPanel Developers section. Session tokens have been required since cPanel 11.38, with no way to disable them. Even the root user cannot disable them, so a reseller is not going to be able to. This is not a result of your hosting provider's policy (if they are running cPanel 11.38 or 11.40), but of a change that was made in cPanel in order to enhance security.
    0
  • JAB Creations
    ...and so how do I resolved the problem incurred by this unnecessary "security feature"?
    0
  • JAB Creations
    The documentation here is wrong... [url=http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/ApiAuthentication]Authentication Function Call Methods ...and the fact that such a major change would be implemented in such a minor version number (11.27-->11.28?) leaves me baffled; that completely negates the point of having documentation! Another attempt that I'm making with PHP/cURL that is not working... [PHP][/PHP] So I'm stuck without knowing if cURL is making a $_POST request (or dumbing out and making a $_GET request) and what echos back looks like a $_GET request. So I'm stuck without any way to detect the [bi]cpsess security token. Oh, and this is only destroying all the productivity of my day.
    0

Please sign in to leave a comment.