below is a script origionally known as "cpanel subdomains Creator 1.0" which I have edited to fit into the php script I am writing. The purpose is to create a subdomain in cPanel for new users.

<?php
###############################################################
#Defining cPanel login info
$cpaneluser="xxxxxx";
$cpanelpass="xxxxxx";
###############################################################
#Sets subdomain to create
$domain = "yourname.com";
$subd = "john5.yourname.com";
###############################################################
#Tells where to go
$request = "/frontend/x/subdomain/doadddomain.html?rootdomain=$domain&domain=$subd";
###############################################################
#open socket
$sock = fsockopen('localhost',2082);
###############################################################

$authstr = "$cpaneluser:$cpanelpass";
$pass = base64_encode($authstr);
$in = "GET $request\r\n";
$in .= "HTTP/1.0\r\n";
$in .= "Host:localhost\r\n";
$in .= "Authorization: Basic $pass\r\n";
$in .= "\r\n";
fputs($sock, $in);
while (!feof($sock)) {
$result .= fgets ($sock,128);
}
fclose( $sock );
$show = strip_tags($result);
echo $show;
?>

I don't really understand the last 10 lines or so, and exactly how it works to log in to cPanel, I just know it works.
The problem with this script is that it seems to have security holes because it will be repeatedly sending the username and password for the cpanel account over the unencrypted port (2082) and is just asking to be hacked. I tried changing the port which it opens to 2083, but for whatever reason the script just wont run when I do that. Does anyone know what I can do to the script to make it work on port 2083? Thanks.

I could be wrong, but try changing localhost to ssl://localhost and 2082 to 2083 and see if that works. Obviously, port 2083 isn't going to work if you're not going over the ssl connection....

I'm not sure about the uses of fsockopen and https but try that.
Kevin

Hi Kevin,

Thanks for the reply. A good thought, but in fsockopen i changed localhost to https://localhost, but it just resulted in a bunch of PHP warnings.

A secondary thought though. When calling to "localhost" I am now wondering if there is indeed a security risk by not running it encrypted. When connecting to localhost, is there any data sent externally, or is because its localhost it will just connect internally. If this is the case there wouldn't be a security risk of it being unencrypted because the unencrypted data could not be picked up by bots, etc.

Re-read my post...I first put https but I meant ssl://

fsockopen just opens a port connection, therefore https doesn't really fit in the scheme of things...

As well, if you can run it encrypted, you might as well :)
Kevin

yea I am checking out ssl:// now. I am getting a similar error, but I read that I need to enable openSSL when apache/PHP is compiled. Thanks for the help; i'll post the outcome.

Yep, it works now. Thanks for the help!