Solved

unsuspend/suspend

Posted on 2006-06-13
9
748 Views
Last Modified: 2013-12-13
hi
how do i suspend an account using a script php ?
i want to change the paramater $suspenduser with the name of account $accdomain in suspend($host,$user,$accesshash,$usessl,$suspenduser) in the file accounting.php.inc
for exmple :
$host="localhost";
$user"user";
$accesshash="accesshash";
$suspenduser="user.mysite.com";
In whm you can choose betwen th name of the account or the user, so i want to use th account
any idea is good
0
Comment
Question by:qadelq
  • 5
  • 4
9 Comments
 
LVL 40

Expert Comment

by:RQuadling
ID: 16900607
Does your DB have an option to suspend a user?

There is not PHP function called suspend, so you must be looking at a specific application?
0
 

Author Comment

by:qadelq
ID: 16900813
i think that you dont indrstand me
ok
if you look at suspend/unsuspend account page in whm there are two optoins to suspend an account one by domain and an other by users.
i have a script suspending account by users in accounting.php.inc file:



<?php
global $cpanelaccterr;
function suspend ($host,$user,$accesshash,$usessl,$suspenduser) {
    $result = whmreq("/scripts/remote_suspend?user=${suspenduser}",$host,$user,$accesshash,$usessl);
    if ($cpanelaccterr != "") { return; }
    return $result;
}
function unsuspend ($host,$user,$accesshash,$usessl,$suspenduser) {
    $result = whmreq("/scripts/remote_unsuspend?user=${suspenduser}",$host,$user,$accesshash,$usessl);
    if ($cpanelaccterr != "") { return; }
    return $result;
}

function whmreq ($request,$host,$user,$accesshash,$usessl) {


    $cleanaccesshash = preg_replace("'(\r|\n)'","",$accesshash);
        $authstr = $user . ":" . $cleanaccesshash;
    $cpanelaccterr = "";


    if (function_exists("curl_init")) {
        $ch = curl_init();
        if ($usessl) {
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);                
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
            curl_setopt($ch, CURLOPT_URL, "https://${host}:2087" . $request);
        } else {
            curl_setopt($ch, CURLOPT_URL, "http://${host}:2086" . $request);
                }
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
            $curlheaders[0] = "Authorization: WHM $authstr";
                curl_setopt($ch,CURLOPT_HTTPHEADER,$curlheaders);
        $data=curl_exec ($ch);
        curl_close ($ch);
    } elseif (function_exists("socket_create")) {
        if ($usessl) {
            $cpanelaccterr = "SSL Support requires curl";
            return;
        }
        $service_port = 2086;
        $address = gethostbyname($host);
        $socket = socket_create (AF_INET, SOCK_STREAM, 0);
        if ($socket < 0) {
                $cpanelaccterr = "socket_create() failed";
            return;
        }
        $result = socket_connect ($socket, $address, $service_port);
        if ($result < 0) {
                $cpanelaccterr = "socket_connect() failed";
            return;
        }
        $in = "GET $request HTTP/1.0\n";
        socket_write($socket,$in,strlen($in));    
        $in = "Connection: close\n";
        socket_write($socket,$in,strlen($in));    
        $in = "Authorization: WHM $authstr\n\n\n";
        socket_write($socket,$in,strlen($in));    
   
        $inheader = 1;
        while(($buf = socket_read($socket, 512)) != false) {
          if (!$inheader) {
              $data .= $buf;
              }
          if(preg_match("'\r\n\r\n$'s", $buf)) {
            $inheader = 0;
          }
          if(preg_match("'\n\n$'s", $buf)) {
            $inheader = 0;
          }
          if(preg_match("'\r\n$'s", $buf)) {
            $inheader = 0;
          }
        }

    } else {
        $cpanelaccterr = "php not compiled with --enable-sockets OR curl";
        return;
    }

    return $data;    
}

 
   $host = "localhost";
   $user = "myuser";
   $accesshash = 'myaccesshash';
   // new account
   $acctdomain ='user.mysite.com';
   $suspenduser = "accuser";
   $acctpass = 'pwd';
   $acctplan = 'pkg'; // see Accounting.php.inc what should be in here
   $spd=suspend ($host,$user,$accesshash,$usessl,$suspenduser)
 
?>
 when i execute this script the account "user.mysite.com" appear in the list suspended accounts in whm, but i want to replace $suspenduser by $acctdomain
thanks
   
0
 
LVL 40

Expert Comment

by:RQuadling
ID: 16900918
Sorry. I thought whm was a mistype.

I'm not a CPanel expert, so can you please explain the difference between the user and the domain? I though they are the same thing in this regard?
0
 

Author Comment

by:qadelq
ID: 16900997
thanks for your replay

I when create new acount in whm , the requirment  1- user  ( username) 2- domain ( yuordomain.com) , but I when want to suspend or terminat , the whm requirment the user in order to terminate or suspend the acount  (please note the example above) , therefore I want susped or termenate the acount depnded on the acctdomain ( domain) .
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 40

Expert Comment

by:RQuadling
ID: 16901008
Is the user uniquely tied to the domain?

Having looked at the code you supplied, you need to take a look at

/scripts/remote_suspend

and

/scripts/remote_unsuspend

These are the scripts which do the suspending and unsuspending. I don't know if they are PHP or not. They expect a user parameter. They may accept a domain parameter.
0
 

Author Comment

by:qadelq
ID: 16901159
please explain
0
 
LVL 40

Expert Comment

by:RQuadling
ID: 16901380
The code you supplied doesn't actually make the required changes to the status. Instead it calls 1 of 2 scripts ...

scripts/remote_suspend

from

$result = whmreq("/scripts/remote_suspend?user=${suspenduser}",$host,$user,$accesshash,$usessl);

and

scripts_remote_unsuspend

from

$result = whmreq("/scripts/remote_unsuspend?user=${suspenduser}",$host,$user,$accesshash,$usessl);


As you can see the parameters are all user orientated, but the scripts themselves may well support domain.

You will need to see if they do. Can you supply those scripts here?
0
 

Author Comment

by:qadelq
ID: 16901704
ok

1- suspendacct


  #!/usr/bin/perl
# cpanel9 - scripts        Copyright(c) 1997-2004 cPanel, Inc.
#                                 All rights Reserved.
# copyright@cpanel.net      http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited

BEGIN {
    push(@INC,'/scripts');
}

use cPScript::SafetyBits;
use cPScript::iContact qw( );
use SafeFile;
use AcctLock;
use POSIX;

my $system = (POSIX::uname())[0];


$user = $ARGV[0];
$reason = $ARGV[1];
$disallowun = $ARGV[2];
if ($user eq "" || $user eq "root") {
    print "Syntax Error: usage: suspendacct <user>\n";
    exit;
}
my $homedir = gethomedir($user);
my $shell = getshell($user);
print "Changing Shell to /bin/false...";
system("chsh","-s","/bin/false","$user");
print "Done\n";
AcctLock::acctlock();
print "Locking Password...";
if (-e "/usr/sbin/pw") {
    system("/usr/sbin/pw","lock","$user");
} else {
    system("passwd","-l","$user");
}
print "Done\n";
AcctLock::acctunlock();
$owner = getowner($user);
$owner =~ s/\n//g;
if ($owner eq "" || $owner eq "root" || $user eq $owner) {
    chomp($host = `hostname`);
} else {
    $host = getdomain($owner);
}

$domain = getdomain($user);
if (! -e "/var/cpanel/suspended") {
    mkdir("/var/cpanel/suspended",0755);
}

open(USERS,">/var/cpanel/suspended/${user}");
print USERS $reason;
close(USERS);
if ($disallowun eq "1") {
    open(USERS,">/var/cpanel/suspended/${user}.lock");
    close(USERS);
}

if ($system =~ /freebsd/i) {
    system("killall","-9","-u","$user","-m",".");
} else {
    system("skill","-9","$user");
}

open(CPU,"/var/cpanel/users/${user}");
while(<CPU>) {
    if (/^DNS.?.?.?.?=(\S+)/) {
        push(@DNS,$1);
    }
}
close(CPU);

mkdir("/usr/local/cpanel/3rdparty/mailman/suspended.lists",0755);

foreach my $dns (@DNS) {
    $dns = makevaliddns($dns);
    next if ($dns eq "-1");

    system("mv /usr/local/cpanel/3rdparty/mailman/lists/*_$dns /usr/local/cpanel/3rdparty/mailman/suspended.lists 2>/dev/null");

    if (-f "${homedir}/etc/${dns}/shadow" && ! -l "${homedir}/etc/${dns}/shadow") {
        print "Suspending email account logins for ${dns} .... ";
        suspendshadowfile("${homedir}/etc/${dns}/shadow");
        print "Done\n";
    }
}


$msg = <<"EOM";
+===================================+
| Account Info                      |
+===================================+
| Domain: $domain
| UserName: $user
+===================================+
Account suspended by $ENV{'REMOTE_USER'} ($ENV{'USER'})
EOM

cPScript::iContact::icontact('application' => 'suspendacct',
                             'level'   => 3,
                             'subject' => qq{Account Suspended on $host ($domain)},
                             'message' => $msg,
                             'msgtype' => '');


if ($shell eq "/bin/false") {
    print "Account Already Suspended\n";
    exit;
}
if (! -e "/var/cpanel/suspendinfo") {
    mkdir("/var/cpanel/suspendinfo",0700);
}
open(CPINFO,">","/var/cpanel/suspendinfo/${user}");
print CPINFO "shell=${shell}\n";
close(CPINFO);


open(CPU,">>/var/cpanel/users/${user}");
my $now = time();
print CPU "SUSPENDTIME=$now\n";
close(CPU);

if (! -e "/var/spool/cron.suspended") {
    mkdir("/var/spool/cron.suspended",0700);
}

if (-f "/var/spool/cron/${user}") {
    link("/var/spool/cron/${user}",
         "/var/spool/cron.suspended/${user}");
    unlink("/var/spool/cron/${user}");
}

cPScript::SafetyBits::safe_chmod(0000,$user,"${homedir}/public_ftp");
rename("$homedir/public_html/.htaccess","$homedir/public_html/.htaccess.suspend");
unlink("$homedir/public_html/.htaccess");
open(HTACCESS,">>$homedir/public_html/.htaccess");
print HTACCESS "RedirectMatch .* http://${host}/suspended.page/\n";
print HTACCESS "Options -Includes -Indexes -ExecCGI\n";
close(HTACCESS);
system("sync");

my $ftpfile = "/etc/proftpd/$user";
if(-e $ftpfile && -e "/var/cpanel/suspended/$user") {
    print "Suspending FTP accounts...\n";
    rename($ftpfile, "$ftpfile.suspended")
        or warn "Could not rename $ftpfile to $ftpfile.suspended";
}

system("/usr/local/cpanel/bin/ftpupdate",$user);
system '/usr/local/cpanel/bin/updateauthtab';
print ${user} . "'s account has been suspended\n";



sub gethomedir {
    my($user) = @_;
    my($homedir);
    open(PASSWD,"/etc/passwd");
    while(<PASSWD>) {
        if (/^$user:/) {
            (undef,undef,undef,undef,undef,$homedir,undef) = split(/:/, $_,  7);
            return $homedir;
        }
    }
    close(PASSWD);
}

sub getshell {
    my($user) = @_;
    my($shell);
    open(PASSWD,"/etc/passwd");
    while(<PASSWD>) {
        s/\n//g;
        if (/^$user:/) {
            (undef,undef,undef,undef,undef,undef,$shell) = split(/:/, $_,  7);
            return $shell;

        }
    }
    close(PASSWD);
}

sub getowner {
    my($user) = @_;
    my($owner);
    open(CPUO,"/var/cpanel/users/$user") || return 'root';
    while(<CPUO>) {
        s/\n//g;
        if (/^OWNER=(\S+)/) {
            $owner = $1;
        }
    }
    close(CPUO);

    if ($owner eq "" || $owner eq "0") { $owner = 'root'; }
    return($owner);
}


sub getdomain {
    my($user) = $_[0];
    open(CPU,"/var/cpanel/users/$user");
    while(<CPU>) {
        s/\n//g;
        if (/^DNS=(\S+)/) {
            close(CPU);
            return $1;
        }
    }
    close(CPU);
    return "";
}


sub makevaliddns {
    my($domain) = @_;
    $domain =~ s/[^\w\.\-]*[_]*//g;


    if (length($domain) < 3) {
        return(-1);
    }
    if ($domain =~ /^\./) {
        return(-1);
    }


    return($domain);
}

sub suspendshadowfile {
    my($file) = @_;
    my($shadowlock);
    $shadowlock = SafeFile::safeopen(\*SHF,"<",$file);
    my @CT = <SHF>;
    SafeFile::safeclose(\*SHF,$shadowlock);
    $shadowlock = SafeFile::safeopen(\*SHF,">",$file);
    foreach (@CT) {

        my @DC=split(/:/,$_);
        chomp($DC[$#DC]);
        if ($DC[1] !~ /^\*LOCKED\*/) {
            $DC[1] = "*LOCKED*" . $DC[1];
        }
        print SHF join(":",@DC) . "\n";
    }
    SafeFile::safeclose(\*SHF,$shadowlock);
}

================================================
==================================================

2- unsuspendacct

#!/usr/bin/perl
# cpanel9 - scripts        Copyright(c) 1997-2004 cPanel, Inc.
#                                 All rights Reserved.
# copyright@cpanel.net      http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited


BEGIN {
   push(@INC,"/scripts");
}


use cPScript::SafetyBits;
use cPScript::iContact qw( );
use SafeFile;
use AcctLock;

open(CF,"/var/cpanel/cpanel.config");
while(<CF>) {
    next if (/^\#/);
    s/\n//g;
    ($var,$value) = split(/=/, $_);
    $CPCONF{$var} = $value;
}
close(CF);


$user = $ARGV[0];
if ($user eq "" || $user eq "root") {
    print "Syntax Error: usage: unsuspendacct <user>\n";
    exit;
}
if (-e "/etc/wwwacct.conf") {
    open(CONF,"/etc/wwwacct.conf");
    while(<CONF>) {
        $_ =~ s/\n//g;
        if ($_ !~ /^;/) {
            if ($_ =~ /DEFSHELL/) {
                (undef,$shell) = split(/ /, $_);
                last;
            }
        }
    }
    close(CONF);
}      

if ($owner eq "" || $owner eq "root") {
    chomp($host = `hostname`);
} else {
    $host = getdomain($owner);
}

if ((! -e $shell) || (! $shell)) {
    $shell = "/bin/bash";
}
my $homedir = gethomedir($user);

if ($CPCONF{'acls'} eq "1") {
    if (my $pid = fork()) {        
        waitpid($pid,0);  
    } else {
        setuids($user);
        system("setfacl","-kb","-m","group:nobody:x",
               "-m","group:mail:x",
               "-m","group:cpanel:x",
               "-m","group:mailnull:x",
                '-m','group:65535:x',
               '-m','group:ftp:x',
                "--","${homedir}");
        chmod(0750,${homedir});
        exit();
    }              
} else {              
    cPScript::SafetyBits::safe_chmod(0711,$user,$homedir);
}
if (-e "/var/cpanel/fileprotect") {            
                            my $httpgid = (getgrnam('nobody'))[2];
    my $useruid = (getpwnam($user))[2];
    cPScript::SafetyBits::safe_userchgid($useruid,$httpgid,"${homedir}/public_html");
    cPScript::SafetyBits::safe_chmod(0750,$useruid,"${homedir}/public_html");
} else {        
    cPScript::SafetyBits::safe_chmod(0755,$user,"${homedir}/public_html");
}

cPScript::SafetyBits::safe_chmod(0755,$user,"${homedir}/public_ftp");


my(%SUINFO);
open(SUINFO,"<","/var/cpanel/suspendinfo/${user}");
while(<SUINFO>) {                
    chomp();            
    my($name,$value) = split(/=/, $_);
    $SUINFO{$name} = $value;    
}
close(SUINFO);              
unlink("/var/cpanel/suspendinfo/${user}");

if ($SUINFO{'shell'} eq "") {
    system("chsh","-s","/usr/local/cpanel/bin/noshell","$user");
} else {
    system("chsh","-s",$SUINFO{'shell'},$user);
}
AcctLock::acctlock();                  
if (-e "/usr/sbin/pw") {            
    system("/usr/sbin/pw","unlock","$user");
} else {
    system("passwd","-u","$user");
}              
AcctLock::acctunlock();

open(CPU,"/var/cpanel/users/${user}");
while(<CPU>) {
    if (/^DNS.?.?.?.?=(\S+)/) {                
        if (/^DNS.?.?.?.?=(\S+)/) {                              
        push(@DNS,$1);
    }
}
close(CPU);

mkdir("/usr/local/cpanel/3rdparty/mailman/suspended.lists",0755);        

foreach my $dns (@DNS) {
    $dns = makevaliddns($dns);
    next if ($dns eq "-1");

    system("mv /usr/local/cpanel/3rdparty/mailman/suspended.lists/*_$dns /usr/local/cpanel/3rdparty/mailman/lists 2>/dev/null");

    if (-f "${homedir}/etc/${dns}/shadow" && ! -l "${homedir}/etc/${dns}/shadow") {
        print "Unsuspending email account logins for ${dns} .... ";
        unsuspendshadowfile("${homedir}/etc/${dns}/shadow");
        print "Done\n";        
    }
}                            



unlink("$homedir/public_html/.htaccess");
rename("$homedir/public_html/.htaccess.suspend","$homedir/public_html/.htaccess");
unlink("/var/cpanel/suspended/${user}");      
unlink("/var/cpanel/suspended/${user}.lock");

system("sync");                      

my $ftpfile = "/etc/proftpd/$user";
if(-e "$ftpfile.suspended" && !-e "/var/cpanel/suspended/$user") {
    print "Unsuspending FTP accounts...\n";
    rename("$ftpfile.suspended", $ftpfile)
        or warn "Could not rename $ftpfile.suspended to $ftpfile";
}

system("/usr/local/cpanel/bin/ftpupdate",$user);
           system '/usr/local/cpanel/bin/updateauthtab';
print "${user}'s account is now active\n";

$domain = getdomain($user);

if (-f "/var/spool/cron.suspended/${user}") {
    unlink("/var/spool/cron/${user}");
    link("/var/spool/cron.suspended/${user}",
         "/var/spool/cron/${user}");
    unlink("/var/spool/cron.suspended/${user}");
}



$msg = <<"EOM";
+===================================+
| Account Info                      |
+===================================+
| Domain: $domain            
| UserName: $user
+===================================+
Account Unsuspended by $ENV{'REMOTE_USER'} ($ENV{'USER'})
EOM

cPScript::iContact::icontact('application' => 'unsuspendacct',
                             'level'       => 3,
                             'subject'     => qq{Account Unsuspended on $host ($domain)},
                             'message'     => $msg,
                             'msgtype'     => '');


sub gethomedir {
    my($user) = @_;
    my($homedir);
    open(PASSWD,"/etc/passwd");
    while(<PASSWD>) {
        if (/^$user:/) {
            (undef,undef,undef,undef,undef,$homedir,undef) = split(/:/, $_,  7);
            return $homedir;              
        }
    }
    close(PASSWD);

}




sub makevaliddns {
    my($domain) = @_;
    $domain =~ s/[^\w\.\-]*[_]*//g;

    if (length($domain) < 3) {      
        return(-1);                  
    }
    if ($domain =~ /^\./) {  
        return(-1);
    }


    return($domain);
}




sub getdomain {
    my($user) = $_[0];
    open(CPU,"/var/cpanel/users/$user");
    while(<CPU>) {
        s/\n//g;
        if (/^DNS=(\S+)/) {    
            close(CPU);
            return $1;  
            }
    }
    close(CPU);
    return "";
}                

sub unsuspendshadowfile {
    my($file) = @_;
    my($shadowlock);
    $shadowlock = SafeFile::safeopen(\*SHF,"<",$file);
    my @CT = <SHF>;
    SafeFile::safeclose(\*SHF,$shadowlock);
    $shadowlock = SafeFile::safeopen(\*SHF,">",$file);
    foreach (@CT) {                
        my @DC=split(/:/,$_);
        chomp($DC[$#DC]);            
        while ($DC[1] =~ /^\*LOCKED\*/) {
            $DC[1] =~ s/^\*LOCKED\*//g;
        }                    
        print SHF join(":",@DC) . "\n";
    }
    SafeFile::safeclose(\*SHF,$shadowlock);
}



===========================================

thanks
0
 
LVL 40

Accepted Solution

by:
RQuadling earned 500 total points
ID: 16902365
Ha! That's PERL. I'd be guessing.

Sorry.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now