smallhost

I can't suspend an account in PHP without an eight-character identifier that I don't even have. Without this identifier, it's impossible to do it with PHP. I'm considering using Python and ChromeDriver, however it would take some time to implement. Basically a request is made to the Python server and Python controls my either my computer or a server to login to panel.myownfreehost.net for me and suspend an account. I'm not that good with Python, but if there is a way to login to panel.myownfreehost.net with PHP that would be amazing.

That's a great way of explaining! The problem is that I can't suspend an account without the 8 character UI (unique identifier), which needs the API. I have another idea, but it would involve a Python server (which might take awhile for me to afford). There's a thing called ChromeDriver where basically Python can control a Chromium-based browser (such as Chrome or Brave). I can potentially make a code where when a request is made to the server it will login to panel.myownfreehost.net, find the account and suspend it. This might take a LOT of time to do, and it might not even work (I'm not that good with Python). That sounds awesome, I'd definitely credit you if I implement that into SmallHost! The API is incorrect. It doesn't need the username, it needs the 8 character code that @BastelPichi2 was talking about.

That's the thing, I don't have this eight-digit identifier required to suspend the account via the API. I tried the API prior to trying an FTP upload, however it returned blank (not even an error message). Here's the code I used... <link rel="stylesheet" type="text/css" href="https://smallhost.us.to/theme.css" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <center> <h1>Account Deactivation</h1> <p>Your SmallHost account has been sent for deactivation. The return log is listed below, for your convienience. If there's an error in the log and your account has not been deactivated or the box below is blank, contact SmallHost immediately with a copy of this log.</p> <textarea rows="20" cols="75" disabled> <?php if(!isset($_COOKIE['userAuth'])) { header("Location: https://smallhost.us.to/clients/login.php"); die(); }else{ $decodedB64 = base64_decode($_COOKIE['userAuth']); $decodedJson = json_decode($decodedB64); $username = urlencode($decodedJson->user); $reason = urlencode('REQUESTED'); $url = "https://panel.myownfreehost.net:2087/xml-api/suspendacct.php?api.version=1&user=".$username."&reason=".$reason; $fields = [ 'username ' => 'MOFH API Username', 'password' => 'MOFH API Password', ]; $fields_string = http_build_query($fields); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, true); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); echo $result; } ?> </textarea> <p><a href="https://smallhost.us.to/clients/p/logout.php">Please log out immediately</a>, your account will be inactive shortly and control panel features won't work for this account.</p> <p>(c)2021-Present SmallHost. Powered by <a href="https://ifastnet.com/">iFastNet</a>. Subdomain from <a href="https://freedns.afraid.org/">FreeDNS</a>.</p> </center> I learned better after trying to upload a file with a META redirect via FTP and will either have to figure out what's wrong with my code or just have to manually suspend accounts (which would be a pain). As for InfinityFree's wrapper, I looked at it. It needs Docker, which isn't an option on the cPanel. The wrapper also needs this eight-digit identifier that I don't have. Right now, my best bet is to leave a message saying to email me for account deactivation.

Users create their account with the form at https://smallhost.us.to/register.php, not the API. Is there any other way to find this identifier, or do I have to manually deactivate a user's account?

The account just got reactivated and SmallHost is back up, thanks iFastNet! I'm looking into using the API to add this feature, however my code isn't working. I don't know if it's a PHP issue or I can't use cURL.

That's what I'm saying, my account is suspended and I can't unsuspend it on the MOFH panel. Since the API wasn't working (the code I used is above), I resorted to uploading a HTML file to the user's website via FTP. The file would contain a META redirect (which suspends the users account) and the user would go to that page to deactivate their account. Apparently, using file_put_contents with the FTP tag is not okay. I sent a ticket to iFastNet last night and all I received was a canned response saying that the file "wasn't allowed on free hosting". I kindly responded asking to be transferred to a live representative. My clients can no longer access the SmallHost client panel and users can no longer make SmallHost accounts since the site is inaccessible. Let's hope I can get this resolved...

My reseller account got flagged...again. PSA: DO NOT UPLOAD ANY FILES WITH FILE_PUT_CONTENTS FOR NOW, JUST TO STAY SAFE! UPDATE: MY ACCOUNT IS UNSUSPENDED NOW. YES, UPLOADING VIA FTP WITH FILE_PUT_CONTENTS IS NOT ALLOWED (AT LEAST ON RESELLER HOSTING, THAT I'M AWARE OF). Since that didn't work, I opted to my other idea--uploading a file to their site with a META redirect. Since that apparently suspends accounts (it happened to me once accidentally), I thought it would be easier to do that than to deal with the API. Apparently uploading a file using file_put_contents is bannable. (This is just an assumption, however I think this might be it. Just made a ticket with iFastNet.) Now my account has been suspended again. Contacting iFastNet to hopefully get this resolved...

The API needs the port in order to work, here's the docs. I don't think that's the issue, nor do I think the code's the issue. Maybe cURL is disabled for some odd reason?

Here's what I've done... <link rel="stylesheet" type="text/css" href="https://smallhost.us.to/theme.css" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <center> <h1>Account Deactivation</h1> <p>Your SmallHost account has been sent for deactivation. The return log is listed below, for your convienience. If there's an error in the log and your account has not been deactivated or the box below is blank, contact SmallHost immediately with a copy of this log.</p> <textarea rows="20" cols="75" disabled> <?php if(!isset($_COOKIE['userAuth'])) { header("Location: https://smallhost.us.to/clients/login.php"); die(); }else{ $decodedB64 = base64_decode($_COOKIE['userAuth']); $decodedJson = json_decode($decodedB64); $username = urlencode($decodedJson->user); $reason = urlencode('REQUESTED'); $url = "https://panel.myownfreehost.net:2087/xml-api/suspendacct.php?api.version=1&user=".$username."&reason=".$reason; $fields = [ 'username ' => 'MOFH API Username', 'password' => 'MOFH API Password', ]; $fields_string = http_build_query($fields); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, true); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); echo $result; } ?> </textarea> <p><a href="https://smallhost.us.to/clients/p/logout.php">Please log out immediately</a>, your account will be inactive shortly and control panel features won't work for this account.</p> <p>(c)2021-Present SmallHost. Powered by <a href="https://ifastnet.com/">iFastNet</a>. Subdomain from <a href="https://freedns.afraid.org/">FreeDNS</a>.</p> </center> And here's the result... The box should contain the XML log that looks something like this (according to the API)... <suspendacct> <result> <status>1</status> <statusmsg> <script>if (self['clear_ui_status']) { clear_ui_status(); }</script> Changing Shell to /bin/false...Changing shell for username. Shell changed. Locking Password...Locking password for user username. marking user vhosts / databases for suspension. .. .. Completed, this account will be fully suspended in 2 minutes. </statusmsg> </result> </suspendacct> The box doesn't even return an error message, so it can't be an error. What did I do wrong?

Thanks for responding! SmallHost doesn't use WHMCS as I don't have a license for it (maybe I can find it in Softaculous, idk), however I think I can deconstruct the script and make it work. I'll test it later and see what happens. Thank you

I'm trying to find out how I can integrate the API into the site. I need to find out the site's IP address, then I need to find how to integrate it (as I can't use Composer on the cPanel). I'm also looking into using the official API, however I don't know how to read XML in PHP and I still need to find the site's IP.

Hello, SmallHost here! I want to add a button where a user can deactivate (suspend) their SmallHost account. Due to US data laws, I can't make deleting an account harder than creating one, so I'm thinking of adding a button on the site where a user logged into my client panel can suspend their account by clicking it and re-entering their password. There are two ways I can go about this... Use the MOFH API. This is probably the best method, however I don't know how to read XML with PHP and I need to know the site's IP address in order for this to work. Upload a page with a META redirect to their site and redirect them to that page with PHP. iFastNet's system seems to be suspending accounts that contain META redirects (it happened to me once on accident!). This would be easier, but idk if this would work well in the long run. How should I go about adding this feature?

Instead of using JS or CSS, the HTML I sent relies on a screenshot of the buttons instead of the buttons actually being there. When the buttons (screenshot) is clicked, it'll let the user know that they're just viewing the demo and they can't click the buttons. If they don't have JS, it simply will do nothing.

I came up with a solution! Using inspect element, I got the HTML GUI for the cPanel. I then tore it down to the core, removing the majority of the scripts. After running into a bug where it was stuck on Loading (probably because I removed the majority of the scripts), I did a CTRL + F search for "Loading", found where the loading text was displaying and used that area as the body. Since the buttons weren't loading either, I decided to take a screenshot and use that. I use a JavaScript alert to let the user know when they click on a button that this is just a demo. It wouldn't load at all when I removed one of the scripts, but it contained a string named PAGE.securityToken. Changing it to "null" seemed to do the trick. My version of the demo panel's live at https://smallhostdemo.us.to (planning on adding HTTPS to it) https://smallhostdemo.us.to (just added HTTPS!). The code's here, feel free to use it! <!DOCTYPE html> <!--SmallHost cPanel Demo (c)2021-Present smallhost.us.to, all rights reserved. Powered by ifastnet.com. This is a demo version of the cPanel that SmallHost and other MOFH-based providers use. MOFH-based providers are free to use this code (you're welcome!), but they have to change https://cpanel.smallhostdemo.us.to to their cPanel URL and https://smallhost.us.to/register.php with the registration page for their host. Providing credit to SmallHost is reccomended, but not required. Enjoy! ^w^--> <html lang="english" dir="ltr" data-style="basic"> <head> <title> </title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width"> <meta name="theme-color" content="#293a4a"> <meta name="mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-status-bar-style" content="default"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="default"> <link rel="shortcut icon" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/home.master-ltr.cmb.min.css" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/chosen.min.css" /> <script type="text/javascript" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/js/master-legacy.cmb.min.js"></script> <script type="text/javascript" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/js/cjt-min.js?locale=en&locale_optional=1"></script> <script type="text/javascript"> PAGE.isRTL = document.getElementsByTagName("HTML")[0].getAttribute("dir") === "rtl"; PAGE.currentTheme = "paper_lantern"; PAGE.securityToken = "null"; PAGE.userName = "smllh_XXXXXXXX"; PAGE.domain = "smallhostdemo.us.to"; </script> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/icon_spritemap.css" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/styles.css" /> </head> <body id="cpanel_body" class="yui-skin-sam"> <div id="wrap"> <header id="masterAppContainer" ng-controller="applicationListController"> <div class="navbar navbar-inverse navbar-cpanel navbar-fixed-top" role="navigation"> <div class="navbar-header"> <button type="button" id="btnSideBarToggle" class="cp-nav-toggle"> <span class="sr-only">Toggle navigation</span> <span class="cp-icon-bar"></span> <span class="cp-icon-bar"></span> <span class="cp-icon-bar"></span> </button> <a id="lnkHeaderHome" class="navbar-brand" target="_top" href="#" title="Home"> <!--Your hosting provider's logo--><img id="imgLogo" class="navbar-brand-logo" src="https://images.hostmessage.info/login_logo/452e8662cb1a0ea1323df9b367429b7c.jpg" alt="" /><font style="vertical-align: sub;"> </font> </a> <script type="text/ng-template" id="customTemplate.html"> <a href="{{ match.model.url }}" ng-attr-target="{{match.model.target}}" ng-bind-html="match.model.name"> </a> </script> <div class="navbar-preferences form-inline"> <div class="btn-group"> <button id="btnUserPref" data-toggle="dropdown" class="btn dropdown-toggle user-preferences-btn"> <span id="userImg" class="glyphicon glyphicon-user"></span> <span id="lblUserNameTxt" class="hidden-inline-xs">smllh_XXXXXXXX</span> <span id="caretImg" class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right"> <li> </li> </ul> </div> </a><a id="lnkHeaderLogout" target="_top" href="https://smallhost.us.to/register.php" class="btn link-buttons"> <span id="logoutImg" class="glyphicon glyphicon-log-out"></span> <span id="lblLogout" class="hidden-inline-xs">Join SmallHost</span> </a> </div> </div> </div> <div id="include-global-header"> </div> </header> <aside id="sidebar"> <!--Your hosting provider's registration link--><a id="lnkMenu" href="https://smallhost.us.to/register.php" title="Join SmallHost" class="active" data-toggle="tooltip" data-placement="right"> </a> <!--Your hosting provider's registration link--><a id="null" href="https://smallhost.us.to/register.php" title="Join SmallHost" data-toggle="tooltip" data-placement="right"> <img width=28px height=28px src="https://cpanel.smallhostdemo.us.to/panel/images/pl-sidebar-upgrade.png"> </a> </a> <br><br> </aside> <div id="content" class="container-fluid"> <div growl limit-messages="1"></div> <div class="row"> <div id="main" class="col-xs-12 col-sm-12 col-md-9 col-lg-9"> <div ng-controller="applicationListController"> <div class="application-list-loading-indicator" ng-show="::false"> <!--Put a screenshot of the buttons and stats sidebar here.--><img src="buttons.png" alt="buttons" onclick="alert('THIS IS A DEMO! For security purposes, you can not access features on this demo panel. If you like what you see and want to host a site on SmallHost, sign up!')"> </div> </div> <div id="jump-search" class="ng-cloak"> </div> </div> </div> <!--If you use a WybeNetwork theme, add it BELOW this line. Dark theme is currently active.--> <link rel="stylesheet" type="text/css" href="https://vpt.cdn.wybenetwork.com/dark/icon_spritemap.css" /> <link rel="stylesheet" type="text/css" href="https://vpt.cdn.wybenetwork.com/dark/styles.css" /> <!--If you use a WybeNetwork theme, add it ABOVE this line. Dark theme is currently active.--> <script data-main="app/index.dist" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/require.min.js"></script> </div> <footer> <div class="container-fluid"> <br> <div class="navbar"> <a id="lnkPoweredByCpanel" href="https://www.cpanel.net" target="cpanel" title="cPanel, Inc." style="display:inline-block; z-index:XXXXXXX; visibility:visible;"> <img id="imgPoweredByCpanel" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/powered_by_cpanel.png" alt="cPanel, Inc." style="display:inline-block; z-index:XXXXXXX; visibility:visible;"> </a>This is a modified version of the SmallHost cPanel so people can see what the cPanel looks like. Like what you see? Join SmallHost, it's free! <sub id="txtCpanelVersion" style="display:inline-block; z-index:XXXXXXX; visibility:visible;"></sub> </div> </div> </div> </footer> </body> </html>

Yes, I took InfinityFree's code that you linked and built off it to disable more features for the demo panel. I disabled the majority of the sensitive features that InfinityFree didn't disable (i.e. file manager, CNAME records). If I am to implement this into the client panel, I will provide full credits to InfinityFree for that code.

So, here's my version of the code... if(void 0!==PAGE.appGroups){var itemsToRemove={preferences:[["feature","password"],["feature","setlang"],["feature","updatecontact"],["feature","user_manager"]],files:[["feature","diskusageviewer"],["feature","filemanager"],["feature","ftpaccts"]],databases:[["feature","phpmyadmin"],["feature","mysql"],["feature","postgres"]],domains:[["feature","addondomains"],["feature","subdomains"],["feature","parkeddomains"],["feature","redirects"]],email:[["feature","popaccts"],["feature","forwarders"],["feature","changemx"],["feature","zoneedit"],["feature","email_filters"]],metrics:[["feature","errlog"],["feature","rawlog"]],security:[["feature","sslmanager"],["feature","ipdeny"]],software:[["feature","sitereptile"],["feature","attracta_seotips"],["feature","cloudflare"],["feature","softaculous"],["feature","multiphp_configuration"]],advanced:[["feature","cron"],["feature","errpgs"]],support:[["file","createticket"],["file","ShowTickets"],["feature","ShowTickets"]]},itemsToUpdate={databases:[{matchAttr:["feature","phpmyadmin"],newAttributes:[["target",""]],stripAttrsFromUrl:!0}],software:[{matchAttr:["feature","multiphp_configuration"],newAttributes:[["target",""]],stripAttrsFromUrl:!0}],support:[{matchAttr:["feature","cloudflare_analytics"],newAttributes:[["url","https://smallhost.us.to"]]}]};for(h=PAGE.appGroups.length-1;h>=0;h--)if(appGroup=PAGE.appGroups[h],"soft_div"!==appGroup.group){var removeFromGroup=itemsToRemove[appGroup.group],updateInGroup=itemsToUpdate[appGroup.group];for(i=appGroup.items.length-1;i>=0;i--)appItem=appGroup.items[i],void 0!==removeFromGroup&&removeFromGroup.forEach(function(t){appItem[t[0]]===t[1]&&appGroup.items.splice(i,1)}),void 0!==updateInGroup&&updateInGroup.forEach(function(t){appItem[t.matchAttr[0]]===t.matchAttr[1]&&(t.newAttributes.forEach(function(t){appItem[t[0]]=t[1]}),t.stripAttrsFromUrl&&(urlParts=appItem.url.split(" "),appItem.url=urlParts[0]))})}else PAGE.appGroups.splice(h,1)} It (is supposed to, the CDN I'm using is slow and I don't wanna get my acc suspended for hosting it on the free hosting) disables everything besides the... Getting Started Account Upgrades Directory Privacy Backups Forwarders Select PHP Version I'm looking into disabling the Getting Started (it links to the disabled pages, like FTP), Account Upgrades (although I'll probabally have to leave that there, don't want iFastNet to get mad at me) and Forwarders. I don't mind about Select PHP Version as the site is very generic and less than the 1MB limit of disk I sat for the demo account and doesn't use PHP (here's the site's code, its VERY basic). <h1>SmallHost Demo cPanel</h1> Now the problem...users can still access the file manager via FTP as all they need's the username and password to connect (which could be found if I sat it up like a form with hidden values). On a positive note (since I typically don't code in JavaScript), I'm kinda proud of myself for getting this far. I'll keep poking around with things and see if I can find a solution.

After poking around with the inspect element, I think I found a solution! I'll post it here if it works.

Good idea, however the security issue still stands. People can see a form's hidden values by going into the inspect element. Thank you for helping find a solution!

Another concern is the username dropdown menu--users can change the demo account's password and email. Also, I'd need to make a way for the user to be able to login to the demo account without needing to know the password. It's possible to do, but not probable.

I made a new panel, but there's a HUGE bug. I sat all the resources to 0 and it looks like I have unlimited everything and 6 parked/addon/subdomains. The script works and I'm trying to find out how it works so I can modify it to block pages like the file manager and databases.

Hello, SmallHost here with a small question! Instead of using an advertisement network, I'm thinking about opening up SmallHost to partnerships. Approved partners could send a jpg image in, the image is put into a directory and every time an ad is requested a random ad from the directory is displayed (kinda like a "you put an ad for my service, I'll put an ad for yours" type thing). I coded a PHP script to get a random image from a directory and am thinking about setting it up on a subdomain, but I'm wondering if this is okay. Would it be against the terms to host advertisements on a subdomain and have it displayed via iFrame embed? Just wanted to be on the safe side and ask before I set it up.

I'll try that, however that would be bad from a security standpoint as anyone could change the password. The people using it could also point CNAME records as theres no way to regulate that.

To clarify in case I miscommunicated my idea, I'm requesting a feature where users can demo the control panel--not for users to demo the MOFH admin panel! I was reading this back and realized I wasn't clear enough and wanted to clarify to prevent miscommunication.

Hello, SmallHost here with a suggestion! I was thinking about how iFastNet has a feature where you could demo the iFastNet cPanel. I was wondering if something like that could be done for free hosting providers, so users can try before they sign up. Basically, there'd be a test account and people could try things out, but they can't access or change file stuff (as a security precaution). I was thinking about making a clone of the GUI and running it on a subdomain, however that would be a little complex to code. What do you think?

@TinkerManI meant to type minlength, not maxlength! Just made a test account and it should work now.