• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

login script

not exactly i seen a simler script that didnt have to scan but it displayed the username and password in the soruce code
 
no because it doesnt use WHM access it just logins it has no access to cpanel nor WHM when the login they go to the members area not WHM or cpanel
 
Mole said:
no because it doesnt use WHM access it just logins it has no access to cpanel nor WHM when the login they go to the members area not WHM or cpanel
Click to expand...
Then that's exactly what I said in my deleted post. It will connect to port :2082 using sockets, check if the username and password is invalid or not, and return the value. And it doesn't need your WHM Accesshash, because it's not going to use cPanel accounting module.
 
all it does is when you login with the username and password (Not the same as there cpanel login details.) it will go the the member's area.
 
so I made a protected page that uses cpanel to autheticate the user, so you don't need to create users for it, they are created when thier account is, will that do ?
 
Mole said:
all it does is when you login with the username and password (Not the same as there cpanel login details.) it will go the the member's area.
Click to expand...
Oh sorry, I misunderstood.
But that's what krak_joe is making you right now, a script that will check if their cPanel login details are correct and return the values...
 
ok, so ......

login.php

PHP: 
<?php session_start();
      
    // FUNCTION TO AUTHORIZE A USER WITH CPANEL LOGIN DETAILS
    function auth() 
    {
      if (empty($_POST['user']) || empty($_POST['pass'])) 
      {
        header("location: login.php");
        exit;
      }
      if ( strlen($_POST['user']) > 8 )
      {
        header("location: login.php");
        exit;
      }
    $url = "http://".$_POST['user'].":".$_POST['pass']."@localhost:2082/";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_URL, $url );    
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($ch);
    if (!preg_match("/cPanel Login/i", $result)) 
    { // if
     $_SESSION['user'] = $_POST['user'];
     $_SESSION['authed'] = true;
      return true;
      } 
      else // else
      {
      return false;
     }
    } // end if
    // END FUNCTION TO AUTHORIZE A USER WITH CPANEL LOGIN DETAILS
    
    if (!$_POST) 
    { // THIS CAN BE REPLACED WITH YOUR OWN HTML
      // ENSURE YOU GIVE THE FORM OBJECTS THE SAME NAMES
      echo "<form action=\"\" method=\"post\">\n";
      echo "Username :&nbsp;<input type=\"text\" name=\"user\"><br>\n";
      echo "Password :&nbsp;<input type=\"password\" name=\"pass\"><br>\n";
      echo "<input type=\"submit\" value=\"login\"><br>\n";
      echo "</form>";
      exit;
    }
    elseif (auth()) { 
                      header("location: members.php");
                      exit;
                    } 
                      else 
                          {
                            header("location members.php");
                            exit;
                          } // end if
?>

and members.php, the page that is protected ....

PHP: 
<?php session_start();
// Make sure the user has permissions to view the page
if (!$_SESSION['authed']) { header("location: login.php"); exit; }

// Logout
if ($_GET['action'] == "logout") 
{
  session_destroy();
  header("location: login.php");
}
?>
<!-- PROTECTED PAGE -->
<a href="?action=logout">Logout</a>

You don't need to do anything at all, the persons username is stored in $_SESSION['user'] passwords are not, as that's insecure, but you can greet by name.

or you want it to use sql ?
 
You must log in or register to reply here.
Back
Top