Some help need with php and cpanel.

Stingray

I am currently attempting to write 2 scripts all though one works it is extremly easy to hack a 2 year old could do it i need some help i am currently using this

To create subdomains for visitors to a site and a simlar function to create POP3 email accounts but i want to change this i want it so its more secure the password & user name are stored out of the script.

My ideas are as follows:

Have $user & $pass stored in a configiration php file and make it required? would this stop people from viewing the file and seenig user name and password ?

But it still doesnt stop the following which is a HUGH problem.

1) When it meta refreshes it displays the user name and password as part of the meta refresh which is problem 1 as its a security risk

2) they remani logged in to Cpanel which is dangerous so i need to make it so they never enter Cpanel and the subdomain is created outside so they dont see it it displays a message then hay presto subdomain created they know it and all is done.

I would be graetfull for any suggestion on how to do this, to view other peoples answeres to these problems etc.

Many Many thanks in advance

dalecosp

Requiring or including a php file on a server that parses PHP is an easy way to grab a variable ... if it's just a bunch of assignment statements, nothing will be output to the browser.

You could also perhaps put it outside the DOCROOT.

As to the HUGH (I guess you meant HUGE 😉 ) problem, why not use sessions?

Stingray

I dont know enough php to do that i know a little im learning as i can any one help me to finnish the script?? or at lease show me in relation to another script what to do as i am still a newbie.

Thanks for your comments

Help apprciated.

dalecosp

Well, sessions really aren't too hard. By way of example:

//script one
<?php

session_start(); // must call this before any
// browser output

$_SESSION['myname']="dalecosp";

?>

// script two
<?php

session_start();

echo $_SESSION['myname'];
// will print "dalecosp" to browser

?>

So, you could use sessions to pass the data from script to script, hidden from view, instead of sticking the info in the query string. PHP will handle each client individually, there's no need to worry about it confusing "who's whom", and your username/pw info isn't even transmitted via the web ... it stays on the server where the bad guyz aren't supposed to be able to get at it.

Stingray

So i'm guessing here,

I place the details of the user name and password For CPanel? with in sessions then use the print them fuction?

I have attached the subdomains, script as it is if you upload it to a domain, or locally you will see what it does and how it prints during meta-refresh the user name & Password

All help is of cause apprciated, i cant get the discription currently for sessions etc but i would like to use them if it made the script secure the problem i currently have is a) how easy it is to get the user name and password from this script buy opening it b) it shows the password @ user name like this username:password@www.domain.com etc etc, c) Once the subDomain is created the creator remains loged in to Cpanel which is a security risk.

The files work in general they do there purpose craeting the subdomain etc but i am struggling to secure the script and generate a successfull page

All help apprciated.

Many Thanks

Stingray