How can i allow my resellers to sign into their WHM from my website??

Or can this even be done..

thanks

http://www.yourdomain.com:2086 or https://www.yourdomain.com:2087

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";
window.location = whmlogin;
}
else {
alert("Please enter a Username and password.");
}
}
// End -->
</script>
</head>

<body bgcolor="#FFFFFF">
<form name=login>
<div align="center">
<table border=1 cellpadding=3>
<tr>
<td colspan=2 align=center>
<h2 align="center">WHM Login</h2>
</td>
</tr>
<tr>
<td>Username:</td>
<td>
<input type=text name=username size=15 maxlength="26">
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type=password name=password size=15>
</td>
</tr>
<tr>
<td>Hostname:</td>
<td>
<input type="text" value="youdomain.com" name="server" maxlength="65" size="15">
</td>
</tr>
<tr>
<td colspan=2 align=center>
<input type=button value="Login!" onClick="Login(this.form)" name="button">
</td>
</tr>
</table>
</div>
</form>
</body>
</html>


Something like this?

Originally posted by The Prohacker

Something like this?

Hey cool.. thanks :D

:2086 or :2087???

yes, :2087 is a secure port (https://). You can use either one but I personally use 2087 just for that extra piece of mind.

Greg Moore

nice little script! :) I tinkered with it a bit - hope you don't mind.

Greg Moore

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";
window.location = whmlogin;
}
else {
alert("Please enter a Username and password.");
}
}
// End -->
</script>
<style type="text/css">
<!--
.title {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #666666;
}
.box {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #000000;
text-decoration: none;
}
-->
</style>
</head>

<body bgcolor="#FFFFFF">
<form name=login>
<div align="center">
<table border=0 cellpadding=1 cellspacing="1" bgcolor="#CCCCCC" class="box">
<tr>
<td colspan=2 align=center class="title">
Reseller Login
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Username:</td>
<td>
<input name=username type=text class="box" size=20 maxlength="26">
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Password:</td>
<td>
<input name=password type=password class="box" size=20>
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Hostname:</td>
<td>
<select name="server" class="box" id="server">
<option selected>server.one.com</option>
<option>server.two.com</option>
</select> </td>
</tr>
<tr>
<td colspan=2 align=center>
<input name="button" type=button class="box" onClick="Login(this.form)" value="Login!">
</td>
</tr>
</table>
</div>
</form>
</body>
</html>

Would there be any security problems by using a script like that??

Hey the second script looks nicer,, but i cant get it to work,, damned thing keeps saying please give username and password after i already have...?

Could you put it back to the domain input box instead of the menu??

I'm betting my $ that this thread spits out some pretty useful ideas. :)

Originally posted by jdp29053
Hey the second script looks nicer,, but i cant get it to work,, damned thing keeps saying please give username and password after i already have...?

Could you put it back to the domain input box instead of the menu??




<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";
window.location = whmlogin;
}
else {
alert("Please enter a Username and password.");
}
}
// End -->
</script>
<style type="text/css">
<!--
.title {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #666666;
}
.box {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #000000;
text-decoration: none;
}
-->
</style>
</head>

<body bgcolor="#FFFFFF">
<form name=login>
<div align="center">
<table border=0 cellpadding=1 cellspacing="1" bgcolor="#CCCCCC" class="box">
<tr>
<td colspan=2 align=center class="title">
Reseller Login
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Username:</td>
<td>
<input name=username type=text class="box" size=20 maxlength="26">
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Password:</td>
<td>
<input name=password type=password class="box" size=20>
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Hostname:</td>
<td><input name=server type=text class="box" size=20 maxlength="26"> </td>
</tr>
<tr>
<td colspan=2 align=center>
<input name="button" type=button class="box" onClick="Login(this.form)" value="Login!">
</td>
</tr>
</table>
</div>
</form>
</body>
</html>

Working script with pull down:


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";
window.location = whmlogin;
}
else {
alert("Please enter a Username and password.");
}
}
// End -->
</script>
<style type="text/css">
<!--
.title {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #666666;
}
.box {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #000000;
text-decoration: none;
}
-->
</style>
</head>

<body bgcolor="#FFFFFF">
<form name=login>
<div align="center">
<table border=0 cellpadding=1 cellspacing="1" bgcolor="#CCCCCC" class="box">
<tr>
<td colspan=2 align=center class="title">
Reseller Login
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Username:</td>
<td>
<input name=username type=text class="box" size=20 maxlength="26">
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Password:</td>
<td>
<input name=password type=password class="box" size=20>
</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>Hostname:</td>
<td>
<select name="server" class="box" id="server">
<option value="server.one.com" selected>One</option>
<option value="server.two.com">Two</option>
</select> </td>

</tr>
<tr>
<td colspan=2 align=center>
<input name="button" type=button class="box" onClick="Login(this.form)" value="Login!">
</td>
</tr>
</table>
</div>
</form>
</body>
</html>


BTW: akashik, good job with making it look good :D

thank you!

BTW: akashik, good job with making it look good :D

:D Thanks for making my eyecandy work. I probably should have tested it before posting.

Greg Moore

I would not recommend using any of the above scripts.

Why?

Because this is a huge security hole:
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";Even if a person logs out of WHM, the URL is left in Browser cache. This means one must "always" remember to clear their cache -- which is easy to forget. If the above is used and a person is at a friend's house or a using public access, well, we all know what can happen.

If not cleared, next person who comes along and looks at Browser History, just has to load the URL and they are in. Not good!

I hope this isnt a stupid question but......How could that script be changed to allow people to log into their hosting CPanel instead of WebHostManager?

Thanks

change the port to 2082 instead 2086/7

I installed the above script on a site and it doesnt work,, it works outside of the site, but when install into my html of the site it says there is a scripting error and i cant login....


Would anyone be willing to take a look at the site for me?
If so please PM, if i must i will pay you to fix it, but i hope i dont have too:)

Originally posted by Website Rob
I would not recommend using any of the above scripts.

Why?

Because this is a huge security hole:
var whmlogin = "http://" + username + ":" + password + "@" + server + ":2086/";Even if a person logs out of WHM, the URL is left in Browser cache. This means one must "always" remember to clear their cache -- which is easy to forget. If the above is used and a person is at a friend's house or a using public access, well, we all know what can happen.

If not cleared, next person who comes along and looks at Browser History, just has to load the URL and they are in. Not good!

Does it though?

Use the scripts then check ur history only the final loged in URL is saved

Originally posted by Steve-PWH


Does it though?

Use the scripts then check ur history only the final loged in URL is saved
Yes it does, as I have already verified for myself.

Simple testing shows that if this script is used, then the Browser is closed or other sites are visited, the Username/Password is still there.

When I said Browser History, I did not mean what shows in the Address Bar - previous URL's. That is not Browser History.

Try using CTRL+H instead.

Security should always be focused on first, for secure access -- not ease of use. It's nice to have but should not compromise security in the process.

I would bet dollars to doughnuts that a person will end up just Bookmarking the URL, instead of using the login as described in this script. Then, it becomes even easier for someone who shouldn't, have access to an area they should not.

This is all my personal opinion of course, but after so many successful hack-ins of computer systems -- i. e., because someone has their Username/Password on sticky paper attached to their Monitor -- I see scripts of the type discussed here, as a big security hole that does not have to be.

Originally posted by Website Rob
I would bet dollars to doughnuts that a person will end up just Bookmarking the URL, instead of using the login as described in this script. Then, it becomes even easier for someone who shouldn't, have access to an area they should not.

This is all my personal opinion of course, but after so many successful hack-ins of computer systems -- i. e., because someone has their Username/Password on sticky paper attached to their Monitor -- I see scripts of the type discussed here, as a big security hole that does not have to be.

I keep the login info for WHM on my servers in my Favorites for easy, fast call up...

Since I'm the only use that uses this computer, and I keep it fairly closed up, there is not threat...


:D

For yourself, it's probably a good setup. ;)

Others though, reading this post -- now & later -- may not be aware of the security consequences. Especially if accessing from a computer other than their own. That is why I brought up the security flaw.

With Mozilla & IE 6 both having Password Mgrs., it's much easier to Bookmark the link and have half the access code filled in. Then a person only has to remember the other half -- their Username or Password. Much easier and better security for everyone. :D

Originally posted by Website Rob

Yes it does, as I have already verified for myself.

Simple testing shows that if this script is used, then the Browser is closed or other sites are visited, the Username/Password is still there.

When I said Browser History, I did not mean what shows in the Address Bar - previous URL's. That is not Browser History.

Try using CTRL+H instead.

Security should always be focused on first, for secure access -- not ease of use. It's nice to have but should not compromise security in the process.

I would bet dollars to doughnuts that a person will end up just Bookmarking the URL, instead of using the login as described in this script. Then, it becomes even easier for someone who shouldn't, have access to an area they should not.

This is all my personal opinion of course, but after so many successful hack-ins of computer systems -- i. e., because someone has their Username/Password on sticky paper attached to their Monitor -- I see scripts of the type discussed here, as a big security hole that does not have to be.

Does not show in mine -> what browser u using?

does leave password in history for FTP and neomail but not for Cpanel

Not tried it on WHM (Why u what this for WHM is questionable)

It does :(

Found it

I aplogize :)

I look for ways of a URL not going into history or URL memory -> Anyone got one LOL

Not a problem, Steve. :)

I have seen other type Password scripts use this method and have known about it for long time. What a person tries to access -- does not matter. If a Username / Password is inserted into a URL, it becomes part of the URL and in History; until expired or deleted.

Easiest and most secure method I have found is a third-party Password program -- which itself is Password protected -- or the method I metioned above: using .htaccess with the Browser Password Mgr. remembering half the access code.

I too, am open to ways that are easy and secure, haven't found any better, though, than the two I just mentioned.