Jump to content

Create a parked domain for new clients to upload their sites


Recommended Posts

I own a hosting company and I have been wanting to automate some tasks for a while. One of the automation features I wanted was automatic parked domain creation so that users would have a temp/developer URL to use before taking their site live instead of using the unsecure mod_usedir method (i.e. http://ipadddress/~accountname.

 

We used the WHMCS action hook for this.

 

What we automated:

1. new account name = harryp, new account domain = willworklater.com

(this will resolve after the client changes their DNS once their happy with the new site)

 

2. a live domain that resolves properly = workingdomain.com

(belongs to another account we own, but is a working URL)

 

Use the XMLAPI "Park A Domain" function and parked "harryp.workingdomain.com" on top of "willworklater.com" so the user can develop their site by using "harryp.workingdomain.com".

 

You will need the xmlapi.php file from Github.

Download it here: https://github.com/CpanelInc/xmlapi-php

Copy it to your WHMCS install directory and put it in the /admin directory and the script should load it OK

 

cPanel XMLAPI functions: http://docs.cpanel.net/twiki/bin/view/ApiDocs/Api2/WebHome

 

Create a new parkdomain.php in your /includes/hooks directory

 

Paste this code in the blank parkdomain.php file you just create:

<?php 
//****************************************************************************
// Create a development/upload URL for new account setups so that you don't 
// have to use mod_userdir which can have security risks.
// Created by Eric Caldwell, Web-JIVE LLC, Little Rock Arkansas - http://www.web-jive.com
// Distributed under the GPL 2.0 license
// Special thankns to John Kata, Technical Analyst II, cPanel for helping
//
// Extra notes: You need to set cPanel to allow parking across domains
// WHM -> Tweak Settings -> Domains -> Allow domain parking across accounts
//*****************************************************************************

function createparkeddomain($vars) {
		//print_r($vars); //uncomment to dump the WHMCS $vars array
		$cpanel_user = $vars['params']['username']; //pulls the username from WHMCS
		$cpanel_password = $vars['params']['password']; //pulls the user password from WHMCS
		$cpanel_ip = $vars['params']['serverip']; //pulls the sever IP for the server being used in products. You can substitute an IP if you wish.
		$pdomain = $cpanel_user.".web-jive.com"; //change the last part of this script to a working domain you want to use

		//echo "pars ".$cpanel_ip." user ".$cpanel_user." pass ".$cpanel_password." domain ".$pdomain." ".$cpanel_domain;  //uncomment to see vars printed
		//echo getcwd(); //Ucomment to show where your xmlapi.php file is located. Should be in /

		include_once('xmlapi.php');
		$xmlapi = new xmlapi($cpanel_ip);
		$xmlapi->set_port(2082);
		$xmlapi->password_auth($cpanel_user,$cpanel_password);
		$xmlapi->return_xml(1);
		$xmlapi->set_debug(1);
		print $xmlapi->api2_query($cpanel_user, 'Park', 'park', array('domain' => $pdomain));
}

add_hook("AfterModuleCreate",1,"createparkeddomain");
?>

 

Good luck. P.S. I don't have time to answer support questions so, try it at your own risk and post questions here. If I can't answer them, someone else can help.

parkdomain.php.zip

Link to comment
Share on other sites

  • 1 month later...

It'sjust for reference.

 

It should work out of the box. Simply copy the code provided and save as /includes/hooks/parkdomain.php

 

The single line edit is here:

 

$pdomain = $cpanel_user.".web-jive.com"; (replace with the domain you want to park).

 

The result, in this example, will be:

-> new cpanel account "johndoe.com" (username will be johndoe)

-> parked domain will be johndoe.web-jive.com

 

-edit-

 

You will need the xmlapi.php available at Github, too. Download it and save in /admin folder.

Link to comment
Share on other sites

  • 3 months later...

Nice contribution, thanks. However.... surely allowing users to park subdomains of domains they do not own is far more insecure than using mod_userdir? This could be used to do some very nasty things indeed.

 

EDIT: To make this secure, you'd need to park the domain as either the reseller who owns the user account or as root. This should prevent you from having to globally allow users to park subdomains that belong to other user domains.

Edited by JulesR
Link to comment
Share on other sites

@JulesR, your now allowing others to park domains on top of domains they don't own with this addon. This is a hook which handles that at the time of account creation. If a user tries to park domain via cPanel on another users domain, it's rejected.

I don't think you're understanding what I've said.

 

This is insecure because in order for it to work you have to enable the option that allows users to park domains they do not own on top of their own domain. This is because the hook you've written runs as the user account instead of the root or main reseller account.

 

So, because you have to enable this option for this hook to work, users can then essentially hi-jack subdomains of other domains by parking them on top of their own domain.

 

This is very, very bad.

Link to comment
Share on other sites

I don't think you're understanding what I've said.

 

This is insecure because in order for it to work you have to enable the option that allows users to park domains they do not own on top of their own domain. This is because the hook you've written runs as the user account instead of the root or main reseller account.

 

So, because you have to enable this option for this hook to work, users can then essentially hi-jack subdomains of other domains by parking them on top of their own domain.

 

This is very, very bad.

 

 

Simple solution, make it use the root or main reseller account details from the WHMCS database rather than the cpanel user.

Link to comment
Share on other sites

Simple solution, make it use the root or main reseller account details from the WHMCS database rather than the cpanel user.

Not really a simple solution for those using the script is it? My purpose was to point out the flaw and insecurity to the original developer, which I have done. We've already developed a far more robust and secure solution to this using the main reseller account details.

Link to comment
Share on other sites

Not really a simple solution for those using the script is it? My purpose was to point out the flaw and insecurity to the original developer, which I have done. We've already developed a far more robust and secure solution to this using the main reseller account details.

 

And my point was to point out how to correct the issue to the OP, not to teach people how to use PHP.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated