Making your script work with security tokens in cPanel & WHM

What is a security token?
“Security token” URLs were added in cPanel & WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF).

So, what does a “security token” look like? Take, for example, this URL:
https://example.com:2087/i/love/cpanel

With security tokens enabled, this would become:
https://example.com:2087/cpsessYYYYYYY/i/love/cpanel

In that example, cpsessYYYYYYY is the token unique to that logged-in user on that browser. (You can learn more about security tokens in cPanel & WHM by reading our Security Tokens white paper.) In order for your custom script to work with cPanel & WHM, every URL involved needs to be compatible with the security token.

Creating security token-compatible URLs

Fortunately, it is very easy to do!

The token is available in the environment variable ‘cp_security_token’.

If security tokens are not in use, ‘cp_security_token’ will be an empty string.

If security tokens are in use, ‘cp_security_token’ will be, in terms of the above example: /cpsessYYYYYYY

Note the preceding slash! Since the variable has that slash, the examples will work whether cPanel & WHM has security tokens enabled or disabled.

  • Here’s how you’d use it in Perl code that calls one of our API URLS.
    Simply change this:

    my $APIurl = "http://127.0.0.1:2087/xml-api/$url";

    to this:

    my $APIurl = "http://127.0.0.1:2087$ENV{'cp_security_token'}/xml-api/$url";

  • Here’s how you might use it in JavaScript for, say, an AJAX call.
    First, make it available to your JavaScript. For example:

    print <<"END_SECURITY_TOKEN_JAVASCRIPT";

    if ( !("CPANEL" in window) ) CPANEL = {};
    CPANEL.security_token = "$ENV{'cp_security_token'}";

    END_SECURITY_TOKEN_JAVASCRIPT

    Next, make your URLs compatible by changing this:

    var ajaxURL = '/3rdparty/ZZZ/zzz.cgi';

    to this:

    var ajaxURL = CPANEL.security_token + '/3rdparty/ZZZ/zzz.cgi';

Category: Product Development | 5 Comments

Preview of the new Logaholic website analytics feature.

Logaholic is a new feature that is now available in the the 11.31.1 EDGE build. Logaholic is a web site statistics program that provides you with a visual representation of your web site visitors.

Logaholic is a powerful web analytics (log file processor) solution that delivers reliable, objective visibility reports about the performance of your web site traffic, content, keywords and marketing.

cPanel & WHM EDGE tier releases are development preview releases which allow users to test changes prior to production release. They are not intended for mission critical production environments.

Category: Partners & Customers | 10 Comments

LivePHP

Currently, if you want to write a Plugin for cPanel, you can write it in either LivePHP or cPPHP. Last year, we put some major effort into refactoring LivePHP. We added better debugging information, optimized the socket communication protocol, and added a few other tweaks. After a year of vetting by external developers, I can say with confidence: there is no longer any reason to use cPPHP when developing your application. Continue reading

Category: Product Development | Comments Off

Why you should use RPMs to distribute your application

As a developer, it is important to understand who you are developing for. When developing an application for cPanel & WHM servers, there are 5 potential customer profiles to be aware of:

  • Data centers
  • Developers
  • Website owners
  • System administrators
  • Hosting providers

Understanding these profiles will help you scope and define a project.

In this article, we will focus on Data centers and the various problems you might encounter when working with them. Continue reading

, , , , , , | Category: Product Development | Comments Off

Spotlight On: Creating DNS Modules

In cPanel & WHM 11.30, we added the ability to add 3rd party systems to your DNS cluster. With this ability, we added functionality that allows you to create dnsadmin plugins. You can use these plugins to control and configure remote nodes of your DNS cluster.  The plugins themselves consist of a few Perl modules. Creating a dnsadmin plugin will require some familiarity with Perl.

To begin building a dnsadmin plugin, please read the documentation.

, , , , | Category: Product Development | Comments Off

Installing mod_rails and Rails 3.0.9 on a cPanel machine

While Rails 3 and mod_rails (aka Phusion Passenger) are not yet supported with cPanel, it is possible in 30 minutes or less to install Rails 3.0.9, install mod_rails and get a working application using mod_rails in place of mongrel. Continue reading

, | Category: Product Development | 3 Comments

BETA Release of PublicAPI PHP, the cPanel PHP Library, and cPanel PEAR

We are pleased to announce that our PublicAPI PHP client is ready! This API query client is the sibling to Cpanel::PublicAPI that was announced last month.

You can download the PublicAPI PHP client at our github repository as well as the new cPanel PEAR channel.

One of the key distinctions of the PublicAPI PHP client class is that it’s distributed as part of the cPanel PHP Library. The cPanel PHP library is a collection of PHP classes for interfacing with cPanel systems. Continue reading

Category: Product Development | Comments Off

Introduction to cPanel & WHM APIs

Application Programming Interfaces (APIs) are fundamental to the cPanel & WHM product. APIs allow developers to perform actions (functions) that source and manipulate data related to cPanel accounts and system utilities. Our APIs are used by the cPanel developers when designing new features and interfaces but are also available to 3rd-party developers. In this post, we’ll review the various APIs associated with cPanel and WHM and how you can use them in your own development. Continue reading

Category: Product Development | 10 Comments

cPanel::PublicAPI

Today I posted cPanel::PublicAPI to github. This is a set of perl modules that allows for easy access into cPanel’s APIs from a simple object interface. This module offers several great features:

  • Auto-detection of credentials (when available)
  • Support for cPanel’s DNS Clustering API
  • Support for: cPanel, WHM, webmail and non-cPanel services.
  • Minimal dependencies
  • BSD Licensed

To get started, you can install cPanel::PublicAPI via CPAN the source is also available on our github repository if you wish to submit patches/changes. I strongly suggest reading the documentation on CPAN to get started. Continue reading

, , , , , | Category: Product Development | Comments Off

cPanel 11.30

The release of cPanel & WHM version 11.30 in EDGE is right around the corner. With this release we have made numerous changes, added a few features and fixed some bugs. Predominantly, these changes can be encompassed in a few bullet points:

  • Complete rewrite of update system
  • Addition of Cpanel::PublicAPI
  • Removal of Legacy Themes
  • Several new API calls

Though each of these changes may seem small when listed as bullet points, there are a few details that you, as someone who customizes or integrates with cPanel & WHM should be aware of. Continue reading

Category: Product Development | Comments Off
Page 10 of 13« First...89101112...Last »