I am trying out GetClient Password on External API
<?php
$url = "http://localhost:81/whmcs/includes/api.php"; # URL to WHMCS API file goes here
$username = "admin"; # Admin username goes here
$password = "pass"; # Admin password goes here
$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "GetClientPassword";
$postfields["userid"] = "1";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);
$data = explode(";",$data);
foreach ($data AS $temp) {
$temp = explode("=",$temp);
$results[$temp[0]] = $temp[1];
}
if ($results["result"]=="success") {
echo "Success<br />
<br />
";
# Result was OK!
} else {
# An error occured
echo "The following error occured: ".$results["message"];
}
?>
Getting an error
result=error;message=Invalid IP ...
I already added the IP in General Setting -> Security Tab.
Note: I am trying this on localhost (xampp)
What am I missing here?
This error means the API Access Key has not been added successfully to the configuration.php file. Please refer to step 7 above. The $api_access_key line should go before the closing ?> tag.
Source
You can also whitelist your IP by following
Setup>General>Security>API IP Access Restriction
if you have a account on whmcs, you will have to white-list the IP Address from where you want to access the api. it's a kind of security measure used by the whmcs team so as not to allow an unauthorized user use one's api. i hope this is helpful. Thanks
Alternatively an access key can be configured to allow IP restrictions to be bypassed.
It works by defining a secret key/passphrase in the WHMCS configuration.php file which is then passed into all API calls. To configure it, add a line as follows to your configuration.php file in the root WHMCS directory.
$api_access_key = 'secret_key_passphrase_goes_here';
Following the introduction of an API Access Key, you can then include it in your API requests as follows:
?action=xxxx&username=xxx&password=xxx&accesskey=secret_key_passphrase_goes_here
More Infos:
https://developers.whmcs.com/api/access-control/
Related
I'm setting two virtual hosts on my local pc, the first domain is http://dev.local and the other one handles the api request http://api.server.local/. The idea is simple, but not sure how to implement this kind of setup. So here's the actual process. The dev.local will send some important parameters and values which the API server read it first and validate the data sent from dev.local.
For example I have the API key provided from API server and being stored in the database together with the domain that can only use that API. So the most important thing is that I want to make sure that only dev.local can do the request. Here is some illustration.
[illustration] https://i.imgur.com/OKu34TM.png
I already tried cURL functions but for some reasons, the data can be access by anyone if they have a copy of the api key. So I want to make sure where the request come from or the origin of the request.
This is the script I have for my dev.local in order to get access to my api.server.local
<?php
$__apiServer = 'http://api.server.local';
$__apiVersion = '1.0';
$__apikey = '7c4a8d09ca3762af61e59520943dc26494f8941b'; // API Key
$__apiEmail = 'johnsmith99#gmail.com'; // Registered Email Address
$__apiUser = 'johnsmith'; // Username
$__curlURL = "";
$__curlURL = "{$__curlURL}{$__apiServer}/v{$__apiVersion}";
$__curlURL = "{$__curlURL}/bin.php?user={$__apiUser}";
$__curlURL = "{$__curlURL}&email={$__apiEmail}";
$__curlURL = "{$__curlURL}&key=$__apikey";
$__curlURL = "{$__curlURL}&domain=$_SERVER[SERVER_NAME]";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $__curlURL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
if(curl_exec($ch) === FALSE) {
echo "Failed to load resource files from the API Server: $__apiServer";
} else {
$__curlURL = curl_exec($ch);
if($err != 1){
eval(' ?>' . $__curlURL);
}
}
curl_close($ch);
I expect that the value can only be return if the required data are valid. For now the ouput can be read as expected but can be accessible by anyone if they have the copy of api key and other credentials.
I figure it out. I used cURL POST method and it is more secure than using GET. And parse array variables to validate the main parameters.
$username = "info#example.com";
$hash = "*******************************************";
$test = "0";
$sender = "php sender";
$numbers = "7575757577";
$message = "verification code";
$message = urlencode($message);
$data = "username=".$username."&hash=".$hash."&message=".$message."&sender=".$sender."&numbers=".$numbers."&test=".$test;
$ch = curl_init('http://api.textlocal.in/send/?');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
echo"<pre>";
print_r($result);exit;
I am implementing free SMS API with CodeIgniter. Now, problem is that when I click on submit button it throws an error as mention below
{"errors":[{"code":3,"message":"Invalid login details"}],"status":"failure"}
I have no idea why it throwing this error. How can I implement this with CodeIgniter? I have also load curl library in autoload file. Please help me.
Thank You
I found a php class on the textlocal.in api documentation. Download that file and upload it to your site. Here is the download link; click.
Then just use this simple code to send a sms;
require 'textlocal.class.php';
$textlocal=new textlocal('me#textlocal.in','e215398a8820abd2c7a11a6cd5b1009d'); // email and hash
$textlocal->sendSms(['917788990011'],'Your car - KA01 HG 9999 - is due for service on July 24th, please text SERVICE to 92205 92205 for a callback','FORDIN'); // First target phone number, then the message, and then where the sms comes from
(Got the code from here; click)
If you have anymore questions, just ask :)
I want to login at cPanel through Php script and need to modified some file from the file manager.
I have cPanel username and password also but file modification I want through PHP script no by graphically.
I will use file_put_content for modified the file from the file manager.
See below code:
Yes, there is a way, CPanel has an API that can be used by PHP. Example from the docs:
// Instantiate the CPANEL object.
require_once "/usr/local/cpanel/php/cpanel.php";
// Connect to cPanel - only do this once.
$cpanel = new CPANEL();
// Get domain user data.
$get_userdata = $cpanel->uapi(
'DomainInfo', 'domains_data',
array(
'format' => 'hash',
)
);
// Perform the desired actions.
Elements required to make this functionality are –
Server/WHM Username
Cpanel account Username
Server login URL
Server accesshash key
And for Accesshash key , New or already generated Access key can get from here:-
WHM > Remote Access Key area and the Access Key located there.
or it should be at this path “/usr/local/cpanel/bin/realmkaccesshash
Once you get all these details , you can follow the code steps as:-
$query = "https://$server_login_link:2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: WHM $whmusername:" . preg_replace("'(\r|\n)'","",$hash);
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $query);
$result = curl_exec($curl);
if ($result == false) {
// your error log
}
if($result){
$decoded_response = json_decode( $result, true );
if(isset($decoded_response['data']) && !empty($decoded_response['data'])){
$url = $decoded_response['data']['url'];
return $url;
}
}
once you get this URL, you can directly open this in a new tab or same tab and you must get logged in.
It generates the similar session as cpanel login and provides you all that specific cpanel privileges.
Remeber that it only logs you in with given specific account, not for all cpanel accounts access within a server.
<?php error_reporting(0);
$currency_code = $_GET['currency_code'];
$currency_opt = strtoupper($currency_code)."INR";
$jsn_response = file_get_contents('http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20yahoo.finance.xchange%20where%20pair%20in%20%28%22' .$currency_opt. '%22%29&format=json&env=store://datatables.org/alltableswithkeys&callback=');
$currencyrate_arr = json_decode($jsn_response, true);
$currency_rate = $currencyrate_arr['query']['results']['rate']['Rate'];
//var_dump($currency_rate);
if($currency_rate > 0){
echo $currency_text = $currency_rate;
}
else{
echo $currency_text = "SORRY! ERROR..";
}
?>
It was working fine but now I am getting error while using this piece of code for currency conversion.
The script is working for me, and produces correct results.
If you are receiving an error, it's either because of a server configuration, or an API limit.
You can check https://developer.yahoo.com/yql/faq/
Rate limits in YQL are based on your authentication. If you use IP-based authentication, then you are limited to 2,000 calls/hour/IP to the public YQL Web service URL (/v1/public/*)
If you need to exceed the 2000 calls per hour limit, read the above link for more information.
PS: If you want to debug, set:
error_reporting(E_ALL);
ini_set('display_errors', 1);
Edit: Since allow_url_fopen is disabled, you can't use file_get_contents on outside URLs, but you can still use CURL.
So just replace the file_get_contents with:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20yahoo.finance.xchange%20where%20pair%20in%20%28%22' .$currency_opt. '%22%29&format=json&env=store://datatables.org/alltableswithkeys&callback=');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$jsn_response = curl_exec($ch);
curl_close($ch);
I am trying to create a mysql user and assign it to the created database.
I have tried setting $db_host as IP address, FQD, localhost (since I am running from the same server) etc. All of these has no success.
Any advice on what I'm doing wrong? (xmlapi.php is being incuded fine)
include("xmlapi.php");
$db_host = "usingfullyqualifieddomain";
$cpuser = "myuser";
$cppass = "mypass";
$xmlapi = new xmlapi($db_host);
$xmlapi->set_port(2083);
$xmlapi->password_auth($cpuser,$cppass);
$xmlapi->set_debug(1);
//create database
print $xmlapi->api1_query($cpuser, "Mysql", "adddb", 'myDatabaseName');
//create user
print $xmlapi->api1_query($cpuser, "Mysql", "adduser", array('user' => 'myDBUser','pass'=>'myDBPwd'));
The error is probably related to the way you're making your first service call, to create the database. Here is how I do it, on CPanel 11:
$auth_user = 'XXXXXX';
$auth_pass = 'XXXXX';
$server = 'XXXXXXXX.com';
$json_client = new \xmlapi($server);
$json_client->set_output('json');
$json_client->set_port(2083);
$json_client->password_auth($auth_user, $auth_pass);
$json_client->set_debug(1);
# Create Database
$result = $json_client->api1_query( $auth_user, 'Mysql', 'adddb', array($shop->alias));
var_dump($result);
Note that the fourth parameter should be an array with the parameters, and not a string as you are doing it.
Also notice that the print on the api call result is not very useful for debugging. Try var_dump'ing it, as it will show you some more interesting information to work on.
currently, cpanel support the cpanel json api..
here you can use this code ..
this worked for me well
<?php
$cpanelusername = "cpanelusername";
$cpanelpassword = "cpanelpassword";
$domain = 'mydomain.com';
$query = "https://$domain:2083/json-api/cpanel?cpanel_jsonapi_module=Mysql&cpanel_jsonapi_func=adddb&cpanel_jsonapi_apiversion=1&arg-0=DBNAME";
$curl = curl_init(); // Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0); // Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); // Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER,0); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); // Return contents of transfer on curl_exec
$header[0] = "Authorization: Basic " . base64_encode($cpanelusername.":".$cpanelpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // set the username and password
curl_setopt($curl, CURLOPT_URL, $query); // execute the query
$result = curl_exec($curl);
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// log error if curl exec fails
}
curl_close($curl);
print $result;
?>