Solved

Cannot read CPanel login page (401 Access Denied Still Working)

Posted on 2008-10-07
7
1,524 Views
Last Modified: 2012-05-08
The following code attempts to read the CPanel login page on my own server. The code fails even though the login page can be read manually in any browser. The failure message is as follows:

Warning: file_get_contents(http://64.131.68.211:2082/): failed to open stream: HTTP request failed! HTTP/1.1 401 Access Denied Still Working in C:\Web\TestHTTPS-EE.php on line 5

I am using PHP 5.1.6 and openssl is enabled. I am using Apache 2.2.3 on Windows running on my local computer as localhost.

The problem also occurs if I move this PHP file to a remote server. It also occurs if I add the username and password to the URL.

Note that other websites, even secure ones, can be read without a problem by similar coding. For example, $url="https://65.200.16.78/"; works.

I have searched the Web but cannot find a solution.

<?php

// Read and display CPanel login page

$url="http://64.131.68.211:2082/"; // Fails ("401 Access Denied Still Working")

$C=file_get_contents($url);

echo $C;

?>

Open in new window

0
Comment
Question by:dspector
  • 5
  • 2
7 Comments
 
LVL 8

Accepted Solution

by:
RWJDCom earned 300 total points
Comment Utility
I have had similar problems when I was trying to read the cPanal login page for something I was writing and what I found was that using file_get_contents was not the way to go and using cURL worked a alot better.  

cPanel also has an API you can use if you are just trying to run commands.  :)

Again, try using cURL instead of file_get_contents.   You can get the syntax from http://www.php.net, just do a search for cURL.

I hope this helps.
0
 
LVL 1

Author Comment

by:dspector
Comment Utility
Thanks, but I don't want to use cURL, a separate library, since there is nothing that cURL can do that PHP proper should not be able to do. I want a genuine solution in PHP if it is possible. There should be one possible, since I believe that PHP proper can accomplish any kind of Internet connection that a browser can.

Since this bug affects other people, a solution will also benefit others. If this is a bug in file_get_contents or wrappers, that would be good to know, so I can report it to The PHP Group.

Perhaps someone else out there can find a way to make this work without using cURL?

Additional hint: what makes CPanel different from other sites is that it frequently uses a self-signed (untrusted) security certificate, as it does in this case. Browsers complain, too, the first time they try to read the page. Then they succeed when the user clicks a button or two.

0
 
LVL 1

Author Comment

by:dspector
Comment Utility
I've implemented the solution using cURL, and it works fine if you set the parameters CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER to false, causing security certificates to be ignored. Of course, the application can query the user before doing this, so at least the lower security is made obvious.

But surely a page with a self-signed or untrusted certificate can be opened with fsockopen? Surely someone out there can figure out how to do this without requiring the entire cURL Library?

Someone? Anyone?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:dspector
Comment Utility
This question has been open for awhile, but there is as yet no good answer.

If no one knows the answer, I will delete or close this question so it doesn't remain open. EE doesn't like questions that are open for too long.

David
0
 
LVL 8

Expert Comment

by:RWJDCom
Comment Utility
Unfortunately I don't think your going to be able to accomplish what you want using just standard PHP.  That's why I suggested that you use cURL to do it because most providers have cURL compiled into PHP or if not they can surely add it for you.

I wish I could help you more.

-Jeff
0
 
LVL 1

Author Comment

by:dspector
Comment Utility
I can't imagine what cURL could do that PHP cannot do, since I believe that PHP gives full access to socket control.

Jeff, since you were the only person who even bothered answering, I'll give you the "answer", but like many questions I've asked here and elsewhere I'm not really satisfied with the answer. Our computer environment is great when we are doing something ordinary, but when we try to do something unique its limitations get revealed pretty fast.

David
0
 
LVL 1

Author Closing Comment

by:dspector
Comment Utility
Thanks for taking the time to help!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Foolproof security solutions has become one of the key necessities of every e-commerce or Internet banking website. If you too own an online shopping site then its vital for you to equip your web portal with customer security features that can allow…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now