cPanel Account Login

[ManagedCloud-Hosting]

Hello,

Today we have received a request from a client since last 11 years.

They have multiple cPanel account and access from WHMCS client area which we provided since we started using.   He has a .com domain (18 years), their primary company domain which he wants to setup within his client area (WHMCS), he has migrated the domain to our domain control panel but the hosting is renewed for 3 years with another provider so we have to wait for that to expire before we transfer hosting to our end.

He wants us to setup that domain in a way so that he can access the cPanel from his client area (offered by our WHMCS), he has also provide API token. cPanel username , password and IP for use.

As he is a loyal client and also recommends our hosting to his know business circle we don't want to say NO.

Can this be done ?

 

 

 

 

[bear]

The hosting account is live on another provider, but he wants to be able to access his hosting account on *your* server via WHMCS, or to the remote server?

[ManagedCloud-Hosting]

41 minutes ago, bear said:

The hosting account is live on another provider, but he wants to be able to access his hosting account on *your* server via WHMCS, or to the remote server?

This cPanel account is with with another provider. 

For his cPanel accounts with us he was impressed by the idea of WHMCS client area where he gets the option of clicking and logging in to his cPanel accounts directly without the input of any cPanel username or password. So he has provided all details as API token. cPanel username , password and IP for us to use and set this cPanel account within our WHMCS for him so that he can access from his client area (that we have provided him by only a click)

What needs to be done in such cases ?

 

 

 

[bear]

3 hours ago, VirtualWorldGlobal said:

What needs to be done in such cases ?

Get him to move to your server. 😉

[ManagedCloud-Hosting]

12 hours ago, bear said:

Get him to move to your server. 😉

Not possible due to the below mentioned reason.

17 hours ago, VirtualWorldGlobal said:

he has migrated the domain to our domain control panel but the hosting is renewed for 3 years with another provider so we have to wait for that to expire before we transfer hosting to our end.

We are looking for a solution where he can have a BUTTON in Client Area -> Products & Services Section -> When he clicks on the button that will take him to his cPanel without prompting for username and password (API token. cPanel username , password and IP for us to use)

If some kind of Hook or Code can work here would be great...

Edited January 29, 2020 by VirtualWorldGlobal

[zomex]

10 hours ago, VirtualWorldGlobal said:

Not possible due to the below mentioned reason.

We are looking for a solution where he can have a BUTTON in Client Area -> Products & Services Section -> When he clicks on the button that will take him to his cPanel without prompting for username and password (API token. cPanel username , password and IP for us to use)

If some kind of Hook or Code can work here would be great...

I think this may be a stretch to achieve but I'm interested to follow this thread and see if you find a solution.

[ManagedCloud-Hosting]

23 hours ago, zomex said:

think this may be a stretch to achieve but I'm interested to follow this thread and see if you find a solution.

Thanks @zomex   We do hope for the best :)

He is an old customer and we just want to enhance his expectations and ease of using WHMCS!

On 1/28/2020 at 10:58 PM, VirtualWorldGlobal said:

For his cPanel accounts with us he was impressed by the idea of WHMCS client area where he gets the option of clicking and logging in to his cPanel accounts directly without the input of any cPanel username or password.

 

[bear]

If it were me and I wanted to appease him, I'd offer to meet his current plan on the other host and host him without charge until the old account ends. Get him to show the plan length there, and make the offer. You keep him happy, you get more recommendations, and the only thing you lose is the fee you aren't getting anyway, and whatever your cost is to provide him service.

I think trying to get your WHMCS to remotely connect to his other provider is likely to cause problems. Moving him to you removes all doubt.

[ManagedCloud-Hosting]

Thank you for your response. Yes exactly we have already offered him the plan to migrate without any charge and it has a website and a few emails (cPanel -Shared Hosting plan). 

But he refused saying that he will not accept this and mentioned that as he has already paid the other company he will use their service and will migrate when it expires, As understood that we cannot migrate him so we  tried checking on how to achieve what he wanted but it seems we have failed...and left with no choice that saying NO to him.

[brian!]

it might be worth asking on the cPanel forums about this - perhaps not specifically about the WHMCS aspect (as adding a button is trivial), but just the generic idea of linking to a third party cPanel in this way.

[ManagedCloud-Hosting]

Thank you brian! 

Yes will try doing asking on the cPanel forums

Edited February 3, 2020 by VirtualWorldGlobal

[ManagedCloud-Hosting]

Hi,

I have posted the question on the cPanel forums...

Tried seraching for th solution and found the below url.

URL: https://forums.cpanel.net/threads/send-cpanel-login-credentials-via-post-instead-of-get.550291/#post-2229251

 

Quoted From cPanel forums:

****************************

Joel Winterton
Registered 
Jun 18, 2016
#3

Well for anyone else who has this issue here is how I hid the credentials when sending them to the server:
First I assigned the credentials in PHP:

Code:
<?php
$user="username";
$pass="password";
?>
Then I made a form with two hidden values which where the variables:
Code:
<form action="https://cpanel:2083/login" method="POST"
<input type="hidden" name="user" value="<?php echo($user); ?>">
<input type="hidden" name="pass" value="<?php echo($pass); ?>">
  <input type="submit" value="Go to cPanel">
  </form>
This then sends the variables via POST to the website in the correct format and the user cannot see the credentials as PHP is server side and cannot be read by the client.
The top variables can be altered to contain login details from a form.

****************************

Edited February 6, 2020 by VirtualWorldGlobal

[brian!]

6 hours ago, VirtualWorldGlobal said:

Tried searching for the solution and found the below url.

aaah I thought there might be a devious API method to do it - if you can just use a simple form like that for your purpose, I have previously posted how to include it in a sidebar...

now I suppose in your case, it would need to be modified to see if the current logged in client is x, and if so, add the sidebar to the appropriate page.

[ManagedCloud-Hosting]

Thank you @brian!

But how do I add this for individual client in WHMCS -> Product & Service Page -> Specific product Selection (The button may appear anywhere by when this user clicks on the button he gets logged in to his cPanel without entering his username or password. How to use the form ? (Yes the login should be secure  so that his security is not breached)

How to make this possible, I would like to try this with your help :)

Edited February 6, 2020 by VirtualWorldGlobal

[brian!]

32 minutes ago, VirtualWorldGlobal said:

How to make this possible, I would like to try this with your help 🙂

does he have an existing service with you where you would like to add this sidebar, or would it be preferable to have it on the generic My Products & Services page?

[ManagedCloud-Hosting]

Generic My Products & Services page (Nothing Fancy)

Yes he has a few domains hosted with us but this specific cPanel we have only username, password and API along with the URL.  (We don't have WHM access for this cpanel)

He just needs a button which he will click and login to this cPanel from his client area with us.  

 

 

 

[brian!]

<?php

# Primary Sidebar cPanel Login Form
# Written by brian!

use WHMCS\View\Menu\Item as MenuItem;

add_hook('ClientAreaPrimarySidebar', 1, function(MenuItem $primarySidebar) {
	
	$client = Menu::context('client');
	$clientid = 4;
	if ($client->id == $clientid) {
		$service = Menu::context('service');    
		$servertype = $service->product->servertype;
		if ($servertype != ""){
			return;
		}
		$username = 'username';
		$password = 'password';
		$cpanelhref = 'https://www.domain.com:2083/login/';
		$webmailhref = 'https://www.domain.com:2096/login/';
		$bodyhtml = '<form method="post" action="'.$cpanelhref.'" target="_blank">
<input type="hidden" name="user" value ="'.$username.'"/>
<input type="hidden" name="pass" value ="'.$password.'"/>
<input class="btn btn-success btn-sm btn-block" type="submit" value="'.Lang::trans('cpanellogin').'"/>
<input class="btn btn-primary btn-sm btn-block" type="submit" formaction="'.$webmailhref.'" value="'.Lang::trans('cpanelwebmaillogin').'"/>
</form>';  
   
	if (!is_null($primarySidebar->getChild('Service Details Actions'))) {
			$primarySidebar->getChild('Service Details Actions')
							->removeChild('Login to cPanel')
							->removeChild('Login to Webmail');
	}	
			$primarySidebar->addChild('cPanel Login', array(
							'label' => 'cPanel Logins',
							'icon' => 'fa-server',
							'order' => 20,
							'footerHtml' => $bodyhtml,
							));
	}
});

there are a handful of variables that you will have to update...

• $clientid -> this is the client's ID value - you can get it from their client summary in the admin area.
  
• username & password -> obviously change these to those given by your client.
• cpanelhref & webmailhref -> replace domain.com with the url of your client.

if you don't want to show the webmail link, then just remove the last <input> line from the hook.

for the given user, assuming you get the username, password and URL correct, it should log them directly into cPanel without asking for login details.

[bear]

Bear in mind that will store his remote user/pass in plain text within that file. I get why it's being handled that way, but it's not terrible good practice overall. 😉

[ManagedCloud-Hosting]

Thanks a ton @brian!

However is their anyway that the login buttons only appear under the Services Page or can appear under any specific service details page Under additional information ?

Also if we want to input his Two cpanel instead of webmail how to do this ?

 

 

 

[ManagedCloud-Hosting]

19 hours ago, bear said:

Bear in mind that will store his remote user/pass in plain text within that file. I get why it's being handled that way, but it's not terrible good practice overall. 😉

Sorry what do you mean by - it's not terrible good practice overall

I understand that the hook file will store his user/pass in plain text but that was the reason I wanted to use API but it seems not possible at the moment.

I was checking this out - 

https://stackoverflow.com/questions/44733708/can-i-login-to-cpanel-through-php

*******************************

Yes, there is a way, CPanel has an API that can be used by PHP. Example from the docs:

// Instantiate the CPANEL object.
require_once "/usr/local/cpanel/php/cpanel.php";

// Connect to cPanel - only do this once.
$cpanel = new CPANEL();

// Get domain user data.
$get_userdata = $cpanel->uapi(
    'DomainInfo', 'domains_data',
    array(
        'format'    => 'hash',
    )
);

// Perform the desired actions.

*******************************

Any idea what to do ?

Edited February 7, 2020 by VirtualWorldGlobal

[bear]

1 hour ago, VirtualWorldGlobal said:

Sorry what do you mean by - it's not terrible good practice overall

Storing plain text passwords anywhere on the server; that's the bad practice. Though I understand it for what's being done there, it's in a format that someone with server access (though leaked password, elevated access exploit, coding error, server misconfiguration and so on) could read and use to gain access there. It helps reduce security.

[brian!]

5 hours ago, VirtualWorldGlobal said:

However is their anyway that the login buttons only appear under the Services Page

if ($client->id == $clientid and $_GET['action'] == 'services') {

5 hours ago, VirtualWorldGlobal said:

or can appear under any specific service details page Under additional information ? 

which is why I asked originally where you wanted to show this! 🙄

you could specify the sidebar to appear with any specific service, but if you're wanting it on the additional information tab, then that won't be a sidebar hook... that tab just shows customfields by default, and while you could probably inject additional content using jQuery, it would probably be easier to edit the template.

alternatively, you could use another hook point and add the html to the template (in a fixed location)...

... obviously, you could change the styling to suit your design - i've just copied & pasted the html from the sidebar hook.

5 hours ago, VirtualWorldGlobal said:

Also if we want to input his Two cpanel instead of webmail how to do this ?

if he's got multiple cpanels that you need to link to, then it's just multiple copies of the form code.... if he had a cpanel product with you, then there would be a SSO cpanel login link in the sidebar of the product details page by default.

33 minutes ago, VirtualWorldGlobal said:

I understand that the hook file will store his user/pass in plain text but that was the reason I wanted to use API but it seems not possible at the moment.

the PHP port of LogMeIn might be an option (if it still works - I haven't tested it).

https://gist.github.com/kmark/4440574

[ManagedCloud-Hosting]

35 minutes ago, brian! said:

you could specify the sidebar to appear with any specific service

Hi @brian! Thank you.  We are much comfortable with the sidebar only.  If we create a demo hosting service then how to link this  service so that when client select (demo hosting service) the links will appear with the side bar. As we are new with WHMCS we don't want to complicate this situation for us and rather keep this simple.  

 I again would like to thank you your help and supporting our client's cause. I believe he will be very happy to use this with his client area.

43 minutes ago, brian! said:

the PHP port of LogMeIn might be an option (if it still works - I haven't tested it).

https://gist.github.com/kmark/4440574

I tried to understand more of this but not something I am good at. So maybe later I will try this with your help :) 

[brian!]

19 hours ago, VirtualWorldGlobal said:

If we create a demo hosting service then how to link this  service so that when client select (demo hosting service) the links will appear with the side bar. 

one way would be to specify the service ID in the hook - that way, when they view the product details of the demo service (i'm assuming it's using cPanel), there will be a default cPanel login link (and webmail too - which the hook is removing for now), and the external cPanel link will be separate.

another way might be to create three Client Custom Fields, make them admin-only so that the client doesn't see them, and use them to store the values of cPanel Domain URL, username and password - that way, none of those details will be stored in the hook and it will only have to check if the current user has values stored for those customfields before generating the sidebar... it's worth noting though that these details will still be unencrypted in the database, but assuming the checks in the hook are correct, only those clients with these fields will see the sidebar (i.e this customer).

but as you say, you want to keep things simple - so I don't know which way you would prefer to go.

[ManagedCloud-Hosting]

6 hours ago, brian! said:

another way might be to create three Client Custom Fields, make them admin-only so that the client doesn't see them, and use them to store the values of cPanel Domain URL, username and password - that way, none of those details will be stored in the hook and it will only have to check if the current user has values stored for those customfields before generating the sidebar... it's worth noting though that these details will still be unencrypted in the database, but assuming the checks in the hook are correct, only those clients with these fields will see the sidebar (i.e this customer).

Hi @brian!  if we create create three 'Client Custom Fields' and make them admin-only. What will be the changes in code for for the hook, this seems to be good option, please help us achieve this.

This will be a great solution for what the client was asking for.