Re: [PHP] Creating an FTP account on the fly from PHP
On Thu, March 22, 2007 5:20 pm, PHP Fusebox wrote: > I built a CMS that lets a super user create and manage basic users > (among lots of other things). I want basic users to get an FTP account > that is automatically associated with their website user account, and > managed from my add/edit user form. For example if I create a user > named [EMAIL PROTECTED] for him to login to my web app, I want my > users to be able to use their same login name and password to access > their web folder via FTP. > > I am running on LAMP on a CPanel server with ProFTP as the FTP server > software, but I have no clue how to get PHP to be able to create, > edit, or delete an FTP account. Can someone point me in the right > direction? > > I can see the Form field names and URLs in the CPanel forms where this > is set up, but is it safe to CURL these same URLs from my app? That > seems like a big security risk. It's as big a security risk as you make it, with how carefully you write your script, and guard access to it. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an FTP account on the fly from PHP
On 3/23/07, Travis Doherty <[EMAIL PROTECTED]> wrote: PHP Fusebox wrote: > I built a CMS that lets a super user create and manage basic users > (among lots of other things). I want basic users to get an FTP account > that is automatically associated with their website user account, and > managed from my add/edit user form. For example if I create a user > named [EMAIL PROTECTED] for him to login to my web app, I want my > users to be able to use their same login name and password to access > their web folder via FTP. > > I am running on LAMP on a CPanel server with ProFTP as the FTP server > software, but I have no clue how to get PHP to be able to create, > edit, or delete an FTP account. Can someone point me in the right > direction? > ProFTPd? It can authenticate against MySQL tables... It gets authentication from your database. We used to do this many many years ago... It worked fine and was probably choke full of security problems. Setting up ProFTPd for MySQL authentication was a pain, I'm sure its easier today. Once you have that setup, its just a simple matter of CRUD SQL queries. Travis Doherty CPanel automatically installs server software, and also configures them. So to let it work with the current system, you need to know how it works now :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an FTP account on the fly from PHP
PHP Fusebox wrote: > I built a CMS that lets a super user create and manage basic users > (among lots of other things). I want basic users to get an FTP account > that is automatically associated with their website user account, and > managed from my add/edit user form. For example if I create a user > named [EMAIL PROTECTED] for him to login to my web app, I want my > users to be able to use their same login name and password to access > their web folder via FTP. > > I am running on LAMP on a CPanel server with ProFTP as the FTP server > software, but I have no clue how to get PHP to be able to create, > edit, or delete an FTP account. Can someone point me in the right > direction? > ProFTPd? It can authenticate against MySQL tables... It gets authentication from your database. We used to do this many many years ago... It worked fine and was probably choke full of security problems. Setting up ProFTPd for MySQL authentication was a pain, I'm sure its easier today. Once you have that setup, its just a simple matter of CRUD SQL queries. Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating an FTP account on the fly from PHP
> > On 3/22/07, PHP Fusebox <[EMAIL PROTECTED]> wrote: > > I built a CMS that lets a super user create and manage basic users > > (among lots of other things). I want basic users to get an > FTP account > > that is automatically associated with their website user > account, and > > managed from my add/edit user form. For example if I create a user > > named [EMAIL PROTECTED] for him to login to my web app, I want my > > users to be able to use their same login name and password to access > > their web folder via FTP. > > > > I am running on LAMP on a CPanel server with ProFTP as the > FTP server > > software, but I have no clue how to get PHP to be able to create, > > edit, or delete an FTP account. Can someone point me in the right > > direction? > > > > I can see the Form field names and URLs in the CPanel forms > where this > > is set up, but is it safe to CURL these same URLs from my app? That > > seems like a big security risk. > > > > > > Thanks, > > Geoff > > Let's start with the end, it is a big security hole, as you would need > to enter your reseller account info in the curl options. Which might > be traced somewhere. > > I'm not sure how ProFTP is set up, but might it be that it is working > for every local user? So that if you create a new user on your system, > that it can also login through FTP. That's quite common for such > things as CPanel. I never used CPanel or such on my own development > server so i don't know, but i think it works like above, and you > should just create a new user with useradd from within PHP with the > exec function. > > Tijnema > > Make sure your system is secure, users created are in their own group and can't get to anything... Can't run anything, etc. I made that mistake a long time ago when I was first starting out.. Ended up with a root kit installed Yippe Jake -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.17/730 - Release Date: 3/22/2007 7:44 AM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an FTP account on the fly from PHP
On 3/22/07, PHP Fusebox <[EMAIL PROTECTED]> wrote: I built a CMS that lets a super user create and manage basic users (among lots of other things). I want basic users to get an FTP account that is automatically associated with their website user account, and managed from my add/edit user form. For example if I create a user named [EMAIL PROTECTED] for him to login to my web app, I want my users to be able to use their same login name and password to access their web folder via FTP. I am running on LAMP on a CPanel server with ProFTP as the FTP server software, but I have no clue how to get PHP to be able to create, edit, or delete an FTP account. Can someone point me in the right direction? I can see the Form field names and URLs in the CPanel forms where this is set up, but is it safe to CURL these same URLs from my app? That seems like a big security risk. Thanks, Geoff Let's start with the end, it is a big security hole, as you would need to enter your reseller account info in the curl options. Which might be traced somewhere. I'm not sure how ProFTP is set up, but might it be that it is working for every local user? So that if you create a new user on your system, that it can also login through FTP. That's quite common for such things as CPanel. I never used CPanel or such on my own development server so i don't know, but i think it works like above, and you should just create a new user with useradd from within PHP with the exec function. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Creating an FTP account on the fly from PHP
I built a CMS that lets a super user create and manage basic users (among lots of other things). I want basic users to get an FTP account that is automatically associated with their website user account, and managed from my add/edit user form. For example if I create a user named [EMAIL PROTECTED] for him to login to my web app, I want my users to be able to use their same login name and password to access their web folder via FTP. I am running on LAMP on a CPanel server with ProFTP as the FTP server software, but I have no clue how to get PHP to be able to create, edit, or delete an FTP account. Can someone point me in the right direction? I can see the Form field names and URLs in the CPanel forms where this is set up, but is it safe to CURL these same URLs from my app? That seems like a big security risk. Thanks, Geoff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php