O.k PHP and SQL people I need help with this script.
I manage to figure how the script work by passing the password but to finished I need to know how to bypass the ID setup that is done by the script.

This is how the script works:
http://www.hostbet.com/setup.php?pass=******&id=11&action=create

with this the script will create the account the problem is that a ID is generate by the script and since I do will not know witch the the following ID I like to kill this process so I could get the script working to create the account automatic......

Any help please!

Wich script?

I think he is talking about the script at nixt.org

Yes is the script by nixt.org!
I like to take the option of the id or at least to let me go without puting the ID number.... I will by pass the setup.php process by just making the script to do all accounts at once or making that signup.php to send that info with out latting anybody know the password for the setup.php.

Any ideas? I know nothing of PHP!

Whay Dont You Contact The Maker Of The Script ?


:cool: :cool: :cool: :cool: :cool: :cool: :cool: :cool:

Use the POST method, not get, and then it won't show in the header.

Originally posted by hostbet.com
Any ideas? I know nothing of PHP!
Then it is probably not advisable to be hacking up a program that does root-level tasks on your server. ;)

I would assume that there is some sort of database (perhaps MySQL?) that holds the queued accounts. Theoretically, you should find the function in the script that sets up the account, and call that function on all of the current pending ID's (which you can retrieve from the databse).

Keep in mind that I have never looked at this script before... I'm simply making a vague generalization. :)

Best Regards,
Matt Lightner
mlightner@site5.com

Matt, your right i took a peek at it. the script claims to have encryption, but who knows what. It stores the ROOT password as well as all the mySQL table passwords. NOT good. If i didn't know better i would think this script was designed to secretly steal passwords... it looks suspect. who knows..

What do you guys think of this software at nixt.org? Is there some other software that'll automatically create an account once someone signs up?

I would Also Be Really Intrested In Something Like That.

I know WHN Billing Does That But It Is Quiet Expensive.

Is There Anything Cheaper ?
I Do Not Want Billing. Only Automatic Signups.



:cool: :cool: :cool: :cool: :cool: :cool: :cool: :cool:

talk to matt at site5, they have billadmin, not sure if anyone can use it or just site5 customers. I would ask though.

Originally posted by Skeptical
What do you guys think of this software at nixt.org? Is there some other software that'll automatically create an account once someone signs up?

I recently installed it for a colleague to test. It has potential. All it needs is some tweaking here and there.

Thanks for the replys!

It does store the roo information but not on a SQL account. the SQL is only use as catch mode to store the information temporary until you click on setup the account.... I could make the script to be on a secure site but the thing is by passing the ID input to setup the account since the ID is generate it by the script from a data file, also the admin info is crypted to the config.php file witch it will make it very dificult to crack.....

Any more ideas please... I though it was many PHP masters here....

here is the setup script file:

<?

/* */
/* Account Creation File */
/* */

include("config.php");

if (crypt($pass, $secure_pass) != $secure_pass) {
echo "<form method=post action=$PHP_SELF>Password: <input type=password name=pass><br><br><input type=submit value=Go></form>";
exit;
}

mysql_connect($my_server, $my_username, $my_password);

if ($action == "") {
$result = mysql_db_query($my_database, "SELECT * FROM $my_table;");

echo "<table width=100% border=1>";

echo "<tr>";
echo " <td width=10%>ID</td>";
echo " <td width=10%>name</td>";
echo " <td width=10%>email</td>";
echo " <td width=10%>messenger</td>";
echo " <td width=10%>domain</td>";
echo " <td width=10%>username</td>";
echo " <td width=10%>password</td>";
echo " <td width=10%>plan</td>";
echo " <td width=10%>payment</td>";
echo " <td width=10%>referer</td>";
echo "</tr>";

while ($entry = mysql_fetch_array($result)) {
echo "<tr>";
echo " <td width=10%>" . $entry["id"] . "</td>";
echo " <td width=10%>" . $entry["name"] . "</td>";
echo " <td width=10%>" . $entry["email"] . "</td>";
echo " <td width=10%>" . $entry["messenger"] . "</td>";
echo " <td width=10%>" . $entry["domain"] . "</td>";
echo " <td width=10%>" . $entry["username"] . "</td>";
echo " <td width=10%>" . $entry["password"] . "</td>";
echo " <td width=10%>" . $entry["plan"] . "</td>";
echo " <td width=10%>" . $entry["payment"] . "</td>";
echo " <td width=10%>" . $entry["referer"] . "</td>";
echo "</tr>";

$formlist .= "<option value=" . $entry["id"] . ">" . $entry["id"] . " - " . $entry["domain"] . "</option>";
}

echo "</table>";

echo "<form method=post action=$PHP_SELF>";
echo " <input type=hidden name=action value=create>";
echo " Create this entry (by ID): <select name=id>$formlist</select>";
echo " <input type=submit value=\"Create\">";
echo " <input type=hidden name=pass value=$pass>";
echo "</form>";

echo "<form method=post action=$PHP_SELF>";
echo " <input type=hidden name=action value=delete>";
echo " Delete this entry (by ID): <select name=id>$formlist</select>";
echo " <input type=submit value=\"Delete\">";
echo " <input type=hidden name=pass value=$pass>";
echo "</form>";

echo "<form method=post action=$PHP_SELF>";
echo " <input type=hidden name=action value=deleteall>";
echo " <input type=submit value=\"Delete All\">";
echo " <input type=hidden name=pass value=$pass>";
echo "</form>";
}

if ($action == "delete") {
if ($id == "") { echo "You left out the ID you wanted deleted."; exit; }

mysql_db_query($my_database, "DELETE FROM $my_table WHERE id = \"$id\";");
echo "The pending request $id has been deleted!";
}

if ($action == "create") {
if ($id == "") { echo "You left out the ID you wanted created."; exit; }

$resultX = mysql_db_query($my_database, "SELECT * FROM $my_table WHERE id = \"$id\";");

while ($result = mysql_fetch_array($resultX)) {
$creation = create_account($result["username"], $result["password"], $result["domain"], $result["plan"]);

$pos2 = strpos($creation, " (");
$pos1 = strpos($creation, "| Ip: ");

$ip_addr = substr($creation, $pos1 + 6, $pos2 - ($pos1 + 6));

$email = $result["plan"];

$email_file = file("template/$email");

for ($i = 0; $i < count($email_file); $i++) {
$line = $email_file[$i];
$line = str_replace("[NAME]", $result["name"], chop($line));
$line = str_replace("[USERNAME]", $result["username"], chop($line));
$line = str_replace("[PASSWORD]", $result["password"], chop($line));
$line = str_replace("[DOMAIN]", $result["domain"], chop($line));
$line = str_replace("[IP]", $ip_addr, chop($line));

$total .= $line . "\n";
}

echo $creation;

if (strpos($creation, "New Account Info") !== false) {
$string = "Account " . $result["id"] . "
>> Name: " . $result["name"] . "
>> Domain: " . $result["domain"] . "
>> IP: " . $ip_addr . "
>> Username: " . $result["username"] . "
>> Password: " . $result["password"] . "
>> Plan: " . $result["plan"] . "
>> Sign-Up Date: " . date("m/d/Y") . "
>> Payment Type: " . $result["payment"] . "
>> E-Mail: " . $result["email"] . "
>> Messenger: " . $result["messenger"] . "


";

$fp = fopen("accounts.txt", "a");
fputs($fp, $string);
$fp = fclose($fp);

mysql_db_query($my_database, "DELETE FROM $my_table WHERE id = \"$id\";");

mail($result["email"], "$email_subj", "<xmp>" . $total . "</xmp>", "From: $email_sender\nContent-Type: text/html");
echo "<br>Sent account information e-mail to " . $result["email"] . ".<br>Pending entry deleted.<br>Recorded client in database.<br><br>";
} else {
echo "<br>Account creation failed, manual creation required using WHM.<br><br>";
}
}
}

if ($action == "deleteall") {
mysql_db_query($my_database, "DELETE FROM $my_table;");

echo "All entries have been deleted.";
}

?>

Just A Suggestion :-
What You Can Do is show users their ID when they fill in the form & after they fill in their credit card information make them enter the ID & that will create their account instantaniously.

What Do You Think ?

that will be grate!

Originally posted by koolguru
I would Also Be Really Intrested In Something Like That.

I know WHN Billing Does That But It Is Quiet Expensive.

Is There Anything Cheaper ?
I Do Not Want Billing. Only Automatic Signups.



:cool: :cool: :cool: :cool: :cool: :cool: :cool: :cool:


Ventures Online has that pretty cool automated signup script. If you are their dedicated server customer, you can request them to install for you at your server.

:D

Do They Also Sell It ?

Or Is It Only For Their Customers ?


:rolleyes: :rolleyes: :rolleyes: :rolleyes:

:cool: :cool: :cool: :cool:

With the help of one of my members I manage to get the script working for automatic signup.

Features:
It displays the next account number to be generate it by the script.

It will create an account as soon you press Create Account

After the member enter the data on the form a database is created with the following information.

AccountID: 06190102
>> Name: hostbet
>> Domain: hostbet.com
>> IP: 157.238.46.72
>> Username: hostbet
>> Password: demo
>> Plan: Platinum
>> Sign-Up Date: 06/21/2001
>> Payment Type: Credit Card
>> E-Mail: sales@hostbet.com
>> Messenger: 82737452

An Email is send to the user with all their information that they need.

The account is create it according to the plan and send to the billing url so they input their information for online billing with the ID Created by the account.
--------END--------

Comming!

I like to make the database to be generate it as comma so I could use it with Excell or another DB system with my PC.

Is no full finish but it been working on the system.

Sorry no Demo.
I will post a PIC when is finished.

ckizer.. i'm offended. My script encrypts the username:password of WebHost Manager using the setup.php password as a key, therefore you must enter the correct setup.php password to ever gain access to the WebHost Manager information. Secure.


Andrew

How you are offended?
The way the script is now is the same way was from start just some modifications and still using the cripted password since I do prefer to have that way for security.

My first post was just to show that you could really by pass the password feature (and I know nothing of PHP or CGI) and if some one could come up with a better way to make it automatic, no one reply to the thread other than now that I post it that the script could be use for automatic signup since it is use for my services now.

please explain how you are offended by this?

PIC of sigup script:

http://www.hostbet.com/img/signup.jpg

Matt, your right i took a peek at it. the script claims to have encryption, but who knows what. It stores the ROOT password as well as all the mySQL table passwords. NOT good. If i didn't know better i would think this script was designed to secretly steal passwords... it looks suspect. who knows..

I was talking about that, posted by ckizer, thats why I said "ckizer.. i'm offended."

Can someone help me with this script???

I've made it work! I have 1 question...To make it automated...

-- someone would enter their info, and click on submit...enter their payment information...i'd like their account to be setup immediatedly...i do not want to have to go in an, create it manually..

can someone please help me with this....
Thanks

how about running a cron job ?

I've used the script, sent donations to the programmer, but I can't seem to get it to work correctly on a Site5 server.

Despite the money sent to the author in the past, he doesn't seem to want to provide any support.

The script just wont create the accounts. Everything else works fine for me.

I'll pay anybody who can get this script working for me on my site5 server $50.00.

email me: corey@websurface.net

Please only email me if you are sure you can set this up for me (having actually set it up on a site5 server).

The way I did it (auto signup)...

I actually created another signup script to do the creation of accounts. I simply use a variable to set whether or not I want it to auto sign up. (incase i run into trouble and want to suspend signups or something, I can still collect the info and manually create accts ;)).

I'm also using PayPal, so I had to do it a little trickier.. Of course I'm not going to give you all of the info on how I did it for security reasons or whatever, but this is the gist of it:

Signup: place to temp db.
After payment is verified (automatically), Account is created.
During account creation, make sure it is actually done (the script will say it's created as long it sees the top line, however, that is not always so.. there are times when whm will stop because domain incorrect and others.. (i've only come across domain one..)
Then, when account is created, move to another db, delete temp db and send the email. If during creation, there is error, the info is flagged, and user is notified acct will be set up soon... (not automatically.. duhh).

To make it brief, all you have to do is call the create acct function with the proper $id and variables.

And one more thing, since the key is based on your pw, you'll HAVE to make sure the pw is in there somewehre.. not going to tell you how I did it, but you should be able to figure it out :-p. I was actually stuck on that step for like 10 hours! Kept getting "Access Forbidden..." pissed me off :rolleyes:


Anyways... hope you understood that and it helps..
:D
:cool:

my problem is that it will not let me past the password for the admin screen...no matter how many time I typt it, it just brings me right back to the password screen...Im giving up unless I can find some help here.

Allen, please contact me via AIM (balto 0wnz). Thanks!

Originally posted by hostbet.com
With the help of one of my members I manage to get the script working for automatic signup.


Hi hostbet, can you give me the script that works with WHM ?

I try nixt and doesn't work at all.

I'm using Andrew's script from NIXT.org called whmManager 2 with no problem now, but it needed some twiddling and tweaking to get permissions right on my server and to provide the url's.

I'm having PayPal do the billing through their Subscriptions feature for recurring transactions. They email me with paid subscriber info (IPN Instant Payment Notification) which will feed into NIXT's script.

However I have just today removed automatic setup after reading roly's "bad abuse" thread here: http://webhostingtalk.com/showthread.php?s=&threadid=46931
It seems to me that same-day or 24-hour turnaround would be okay with most legitimate customers if it's marketed properly. Besides, I do some pre-install for my people so one-day is to be expected if I'm going to test properly. Instant gratification isn't what I sell anyway.

-- John Sinclair