smallhost

Thank you, I'll do that I cant since it was suspended by an admin...I'd have to contact iFastNet. I don't want to bother them if I don't need to, they got paying customers to take care of. I'm just gonna wait until either the account is reactivated or deleted (whatever happens).

Fortunately it wasn't my main account so SmallHost operations are still running! I was working on making a Team SmallHost plan, a plan exclusive to SmallHost team members (isupport chat agents, ticket handlers, Discord mods, customer service, security advisor, etc). I sat all the resources on that plan to 0 as I thought that would give unlimited resources. I then gave that plan to a demo account I have sat up and now the account's suspended. I don't feel like I should contact iFastNet/Byet about it because I got my main account suspended twice accidentally and I think they're kinda frustrated with me it's not my main account and I can simply create a new one and just make the plan without providing unlimited resources. If an account is suspended for overusing bandwidth, will it be unsuspended over time or would I have to make a new account after its deleted?

That's one of the issues I have, I don't think its possible to force HTTPS. The cPanel does have HTTPS and when you click the Control Panel button on the Client Panel it will load with HTTPS, but sadly I don't know how to make it load by default. If you have any CSS code you want me to consider using, feel free to send them here or in the Discord. For security reasons, I don't feel comfortable giving my SmallHost login credentials.

I'm working on making a program to do this in Python, however SmallHost doesn't have any funding to spend on a VPS server. As soon as I set up ads or get a job (whatever comes first), I'll see what I can do in regards to buying a VPS server. Also, a $2 VPS server is very inexpensive. Are you sure that isn't a monthly charge? Even if it is monthly, that's still cheap. Where did you find that VPS server?

That sounds possible...the problem is I'd need to code a Python bot to do that or find a way to do it in PHP with cURL. I'd also need to add a user agent header to make it look like its a browser sending the requests because it might not allow automated requests. This will take some time to do... Edit: Here's what I see that the bot needs to do (in this order). POST request to https://panel.myownfreehost.net/index.php. uname should be the admin email, passwd should be the admin password and role should be administrator. GET request to https://panel.myownfreehost.net/panel/index.php?option=drilldown&username=ACCOUNT TO SUSPEND. POST request to https://panel.myownfreehost.net/panel/index.php?option=changestatus. reason should be REQUESTED.

I can't suspend an account in PHP without an eight-character identifier that I don't even have. Without this identifier, it's impossible to do it with PHP. I'm considering using Python and ChromeDriver, however it would take some time to implement. Basically a request is made to the Python server and Python controls my either my computer or a server to login to panel.myownfreehost.net for me and suspend an account. I'm not that good with Python, but if there is a way to login to panel.myownfreehost.net with PHP that would be amazing.

That's a great way of explaining! The problem is that I can't suspend an account without the 8 character UI (unique identifier), which needs the API. I have another idea, but it would involve a Python server (which might take awhile for me to afford). There's a thing called ChromeDriver where basically Python can control a Chromium-based browser (such as Chrome or Brave). I can potentially make a code where when a request is made to the server it will login to panel.myownfreehost.net, find the account and suspend it. This might take a LOT of time to do, and it might not even work (I'm not that good with Python). That sounds awesome, I'd definitely credit you if I implement that into SmallHost! The API is incorrect. It doesn't need the username, it needs the 8 character code that @BastelPichi2 was talking about.

That's the thing, I don't have this eight-digit identifier required to suspend the account via the API. I tried the API prior to trying an FTP upload, however it returned blank (not even an error message). Here's the code I used... <link rel="stylesheet" type="text/css" href="https://smallhost.us.to/theme.css" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <center> <h1>Account Deactivation</h1> <p>Your SmallHost account has been sent for deactivation. The return log is listed below, for your convienience. If there's an error in the log and your account has not been deactivated or the box below is blank, contact SmallHost immediately with a copy of this log.</p> <textarea rows="20" cols="75" disabled> <?php if(!isset($_COOKIE['userAuth'])) { header("Location: https://smallhost.us.to/clients/login.php"); die(); }else{ $decodedB64 = base64_decode($_COOKIE['userAuth']); $decodedJson = json_decode($decodedB64); $username = urlencode($decodedJson->user); $reason = urlencode('REQUESTED'); $url = "https://panel.myownfreehost.net:2087/xml-api/suspendacct.php?api.version=1&user=".$username."&reason=".$reason; $fields = [ 'username ' => 'MOFH API Username', 'password' => 'MOFH API Password', ]; $fields_string = http_build_query($fields); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, true); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); echo $result; } ?> </textarea> <p><a href="https://smallhost.us.to/clients/p/logout.php">Please log out immediately</a>, your account will be inactive shortly and control panel features won't work for this account.</p> <p>(c)2021-Present SmallHost. Powered by <a href="https://ifastnet.com/">iFastNet</a>. Subdomain from <a href="https://freedns.afraid.org/">FreeDNS</a>.</p> </center> I learned better after trying to upload a file with a META redirect via FTP and will either have to figure out what's wrong with my code or just have to manually suspend accounts (which would be a pain). As for InfinityFree's wrapper, I looked at it. It needs Docker, which isn't an option on the cPanel. The wrapper also needs this eight-digit identifier that I don't have. Right now, my best bet is to leave a message saying to email me for account deactivation.

Users create their account with the form at https://smallhost.us.to/register.php, not the API. Is there any other way to find this identifier, or do I have to manually deactivate a user's account?

The account just got reactivated and SmallHost is back up, thanks iFastNet! I'm looking into using the API to add this feature, however my code isn't working. I don't know if it's a PHP issue or I can't use cURL.

That's what I'm saying, my account is suspended and I can't unsuspend it on the MOFH panel. Since the API wasn't working (the code I used is above), I resorted to uploading a HTML file to the user's website via FTP. The file would contain a META redirect (which suspends the users account) and the user would go to that page to deactivate their account. Apparently, using file_put_contents with the FTP tag is not okay. I sent a ticket to iFastNet last night and all I received was a canned response saying that the file "wasn't allowed on free hosting". I kindly responded asking to be transferred to a live representative. My clients can no longer access the SmallHost client panel and users can no longer make SmallHost accounts since the site is inaccessible. Let's hope I can get this resolved...

My reseller account got flagged...again. PSA: DO NOT UPLOAD ANY FILES WITH FILE_PUT_CONTENTS FOR NOW, JUST TO STAY SAFE! UPDATE: MY ACCOUNT IS UNSUSPENDED NOW. YES, UPLOADING VIA FTP WITH FILE_PUT_CONTENTS IS NOT ALLOWED (AT LEAST ON RESELLER HOSTING, THAT I'M AWARE OF). Since that didn't work, I opted to my other idea--uploading a file to their site with a META redirect. Since that apparently suspends accounts (it happened to me once accidentally), I thought it would be easier to do that than to deal with the API. Apparently uploading a file using file_put_contents is bannable. (This is just an assumption, however I think this might be it. Just made a ticket with iFastNet.) Now my account has been suspended again. Contacting iFastNet to hopefully get this resolved...

The API needs the port in order to work, here's the docs. I don't think that's the issue, nor do I think the code's the issue. Maybe cURL is disabled for some odd reason?

Here's what I've done... <link rel="stylesheet" type="text/css" href="https://smallhost.us.to/theme.css" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <center> <h1>Account Deactivation</h1> <p>Your SmallHost account has been sent for deactivation. The return log is listed below, for your convienience. If there's an error in the log and your account has not been deactivated or the box below is blank, contact SmallHost immediately with a copy of this log.</p> <textarea rows="20" cols="75" disabled> <?php if(!isset($_COOKIE['userAuth'])) { header("Location: https://smallhost.us.to/clients/login.php"); die(); }else{ $decodedB64 = base64_decode($_COOKIE['userAuth']); $decodedJson = json_decode($decodedB64); $username = urlencode($decodedJson->user); $reason = urlencode('REQUESTED'); $url = "https://panel.myownfreehost.net:2087/xml-api/suspendacct.php?api.version=1&user=".$username."&reason=".$reason; $fields = [ 'username ' => 'MOFH API Username', 'password' => 'MOFH API Password', ]; $fields_string = http_build_query($fields); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, true); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); echo $result; } ?> </textarea> <p><a href="https://smallhost.us.to/clients/p/logout.php">Please log out immediately</a>, your account will be inactive shortly and control panel features won't work for this account.</p> <p>(c)2021-Present SmallHost. Powered by <a href="https://ifastnet.com/">iFastNet</a>. Subdomain from <a href="https://freedns.afraid.org/">FreeDNS</a>.</p> </center> And here's the result... The box should contain the XML log that looks something like this (according to the API)... <suspendacct> <result> <status>1</status> <statusmsg> <script>if (self['clear_ui_status']) { clear_ui_status(); }</script> Changing Shell to /bin/false...Changing shell for username. Shell changed. Locking Password...Locking password for user username. marking user vhosts / databases for suspension. .. .. Completed, this account will be fully suspended in 2 minutes. </statusmsg> </result> </suspendacct> The box doesn't even return an error message, so it can't be an error. What did I do wrong?

Thanks for responding! SmallHost doesn't use WHMCS as I don't have a license for it (maybe I can find it in Softaculous, idk), however I think I can deconstruct the script and make it work. I'll test it later and see what happens. Thank you

I'm trying to find out how I can integrate the API into the site. I need to find out the site's IP address, then I need to find how to integrate it (as I can't use Composer on the cPanel). I'm also looking into using the official API, however I don't know how to read XML in PHP and I still need to find the site's IP.

Hello, SmallHost here! I want to add a button where a user can deactivate (suspend) their SmallHost account. Due to US data laws, I can't make deleting an account harder than creating one, so I'm thinking of adding a button on the site where a user logged into my client panel can suspend their account by clicking it and re-entering their password. There are two ways I can go about this... Use the MOFH API. This is probably the best method, however I don't know how to read XML with PHP and I need to know the site's IP address in order for this to work. Upload a page with a META redirect to their site and redirect them to that page with PHP. iFastNet's system seems to be suspending accounts that contain META redirects (it happened to me once on accident!). This would be easier, but idk if this would work well in the long run. How should I go about adding this feature?

Instead of using JS or CSS, the HTML I sent relies on a screenshot of the buttons instead of the buttons actually being there. When the buttons (screenshot) is clicked, it'll let the user know that they're just viewing the demo and they can't click the buttons. If they don't have JS, it simply will do nothing.

I came up with a solution! Using inspect element, I got the HTML GUI for the cPanel. I then tore it down to the core, removing the majority of the scripts. After running into a bug where it was stuck on Loading (probably because I removed the majority of the scripts), I did a CTRL + F search for "Loading", found where the loading text was displaying and used that area as the body. Since the buttons weren't loading either, I decided to take a screenshot and use that. I use a JavaScript alert to let the user know when they click on a button that this is just a demo. It wouldn't load at all when I removed one of the scripts, but it contained a string named PAGE.securityToken. Changing it to "null" seemed to do the trick. My version of the demo panel's live at https://smallhostdemo.us.to (planning on adding HTTPS to it) https://smallhostdemo.us.to (just added HTTPS!). The code's here, feel free to use it! <!DOCTYPE html> <!--SmallHost cPanel Demo (c)2021-Present smallhost.us.to, all rights reserved. Powered by ifastnet.com. This is a demo version of the cPanel that SmallHost and other MOFH-based providers use. MOFH-based providers are free to use this code (you're welcome!), but they have to change https://cpanel.smallhostdemo.us.to to their cPanel URL and https://smallhost.us.to/register.php with the registration page for their host. Providing credit to SmallHost is reccomended, but not required. Enjoy! ^w^--> <html lang="english" dir="ltr" data-style="basic"> <head> <title> </title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width"> <meta name="theme-color" content="#293a4a"> <meta name="mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-status-bar-style" content="default"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="default"> <link rel="shortcut icon" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/home.master-ltr.cmb.min.css" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/chosen.min.css" /> <script type="text/javascript" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/js/master-legacy.cmb.min.js"></script> <script type="text/javascript" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/js/cjt-min.js?locale=en&locale_optional=1"></script> <script type="text/javascript"> PAGE.isRTL = document.getElementsByTagName("HTML")[0].getAttribute("dir") === "rtl"; PAGE.currentTheme = "paper_lantern"; PAGE.securityToken = "null"; PAGE.userName = "smllh_XXXXXXXX"; PAGE.domain = "smallhostdemo.us.to"; </script> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/icon_spritemap.css" /> <link rel="stylesheet" type="text/css" href="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/styles.css" /> </head> <body id="cpanel_body" class="yui-skin-sam"> <div id="wrap"> <header id="masterAppContainer" ng-controller="applicationListController"> <div class="navbar navbar-inverse navbar-cpanel navbar-fixed-top" role="navigation"> <div class="navbar-header"> <button type="button" id="btnSideBarToggle" class="cp-nav-toggle"> <span class="sr-only">Toggle navigation</span> <span class="cp-icon-bar"></span> <span class="cp-icon-bar"></span> <span class="cp-icon-bar"></span> </button> <a id="lnkHeaderHome" class="navbar-brand" target="_top" href="#" title="Home"> <!--Your hosting provider's logo--><img id="imgLogo" class="navbar-brand-logo" src="https://images.hostmessage.info/login_logo/452e8662cb1a0ea1323df9b367429b7c.jpg" alt="" /><font style="vertical-align: sub;"> </font> </a> <script type="text/ng-template" id="customTemplate.html"> <a href="{{ match.model.url }}" ng-attr-target="{{match.model.target}}" ng-bind-html="match.model.name"> </a> </script> <div class="navbar-preferences form-inline"> <div class="btn-group"> <button id="btnUserPref" data-toggle="dropdown" class="btn dropdown-toggle user-preferences-btn"> <span id="userImg" class="glyphicon glyphicon-user"></span> <span id="lblUserNameTxt" class="hidden-inline-xs">smllh_XXXXXXXX</span> <span id="caretImg" class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right"> <li> </li> </ul> </div> </a><a id="lnkHeaderLogout" target="_top" href="https://smallhost.us.to/register.php" class="btn link-buttons"> <span id="logoutImg" class="glyphicon glyphicon-log-out"></span> <span id="lblLogout" class="hidden-inline-xs">Join SmallHost</span> </a> </div> </div> </div> <div id="include-global-header"> </div> </header> <aside id="sidebar"> <!--Your hosting provider's registration link--><a id="lnkMenu" href="https://smallhost.us.to/register.php" title="Join SmallHost" class="active" data-toggle="tooltip" data-placement="right"> </a> <!--Your hosting provider's registration link--><a id="null" href="https://smallhost.us.to/register.php" title="Join SmallHost" data-toggle="tooltip" data-placement="right"> <img width=28px height=28px src="https://cpanel.smallhostdemo.us.to/panel/images/pl-sidebar-upgrade.png"> </a> </a> <br><br> </aside> <div id="content" class="container-fluid"> <div growl limit-messages="1"></div> <div class="row"> <div id="main" class="col-xs-12 col-sm-12 col-md-9 col-lg-9"> <div ng-controller="applicationListController"> <div class="application-list-loading-indicator" ng-show="::false"> <!--Put a screenshot of the buttons and stats sidebar here.--><img src="buttons.png" alt="buttons" onclick="alert('THIS IS A DEMO! For security purposes, you can not access features on this demo panel. If you like what you see and want to host a site on SmallHost, sign up!')"> </div> </div> <div id="jump-search" class="ng-cloak"> </div> </div> </div> <!--If you use a WybeNetwork theme, add it BELOW this line. Dark theme is currently active.--> <link rel="stylesheet" type="text/css" href="https://vpt.cdn.wybenetwork.com/dark/icon_spritemap.css" /> <link rel="stylesheet" type="text/css" href="https://vpt.cdn.wybenetwork.com/dark/styles.css" /> <!--If you use a WybeNetwork theme, add it ABOVE this line. Dark theme is currently active.--> <script data-main="app/index.dist" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/css/require.min.js"></script> </div> <footer> <div class="container-fluid"> <br> <div class="navbar"> <a id="lnkPoweredByCpanel" href="https://www.cpanel.net" target="cpanel" title="cPanel, Inc." style="display:inline-block; z-index:XXXXXXX; visibility:visible;"> <img id="imgPoweredByCpanel" src="https://cpanel.smallhostdemo.us.to/panel/pl-res/powered_by_cpanel.png" alt="cPanel, Inc." style="display:inline-block; z-index:XXXXXXX; visibility:visible;"> </a>This is a modified version of the SmallHost cPanel so people can see what the cPanel looks like. Like what you see? Join SmallHost, it's free! <sub id="txtCpanelVersion" style="display:inline-block; z-index:XXXXXXX; visibility:visible;"></sub> </div> </div> </div> </footer> </body> </html>

Yes, I took InfinityFree's code that you linked and built off it to disable more features for the demo panel. I disabled the majority of the sensitive features that InfinityFree didn't disable (i.e. file manager, CNAME records). If I am to implement this into the client panel, I will provide full credits to InfinityFree for that code.

So, here's my version of the code... if(void 0!==PAGE.appGroups){var itemsToRemove={preferences:[["feature","password"],["feature","setlang"],["feature","updatecontact"],["feature","user_manager"]],files:[["feature","diskusageviewer"],["feature","filemanager"],["feature","ftpaccts"]],databases:[["feature","phpmyadmin"],["feature","mysql"],["feature","postgres"]],domains:[["feature","addondomains"],["feature","subdomains"],["feature","parkeddomains"],["feature","redirects"]],email:[["feature","popaccts"],["feature","forwarders"],["feature","changemx"],["feature","zoneedit"],["feature","email_filters"]],metrics:[["feature","errlog"],["feature","rawlog"]],security:[["feature","sslmanager"],["feature","ipdeny"]],software:[["feature","sitereptile"],["feature","attracta_seotips"],["feature","cloudflare"],["feature","softaculous"],["feature","multiphp_configuration"]],advanced:[["feature","cron"],["feature","errpgs"]],support:[["file","createticket"],["file","ShowTickets"],["feature","ShowTickets"]]},itemsToUpdate={databases:[{matchAttr:["feature","phpmyadmin"],newAttributes:[["target",""]],stripAttrsFromUrl:!0}],software:[{matchAttr:["feature","multiphp_configuration"],newAttributes:[["target",""]],stripAttrsFromUrl:!0}],support:[{matchAttr:["feature","cloudflare_analytics"],newAttributes:[["url","https://smallhost.us.to"]]}]};for(h=PAGE.appGroups.length-1;h>=0;h--)if(appGroup=PAGE.appGroups[h],"soft_div"!==appGroup.group){var removeFromGroup=itemsToRemove[appGroup.group],updateInGroup=itemsToUpdate[appGroup.group];for(i=appGroup.items.length-1;i>=0;i--)appItem=appGroup.items[i],void 0!==removeFromGroup&&removeFromGroup.forEach(function(t){appItem[t[0]]===t[1]&&appGroup.items.splice(i,1)}),void 0!==updateInGroup&&updateInGroup.forEach(function(t){appItem[t.matchAttr[0]]===t.matchAttr[1]&&(t.newAttributes.forEach(function(t){appItem[t[0]]=t[1]}),t.stripAttrsFromUrl&&(urlParts=appItem.url.split(" "),appItem.url=urlParts[0]))})}else PAGE.appGroups.splice(h,1)} It (is supposed to, the CDN I'm using is slow and I don't wanna get my acc suspended for hosting it on the free hosting) disables everything besides the... Getting Started Account Upgrades Directory Privacy Backups Forwarders Select PHP Version I'm looking into disabling the Getting Started (it links to the disabled pages, like FTP), Account Upgrades (although I'll probabally have to leave that there, don't want iFastNet to get mad at me) and Forwarders. I don't mind about Select PHP Version as the site is very generic and less than the 1MB limit of disk I sat for the demo account and doesn't use PHP (here's the site's code, its VERY basic). <h1>SmallHost Demo cPanel</h1> Now the problem...users can still access the file manager via FTP as all they need's the username and password to connect (which could be found if I sat it up like a form with hidden values). On a positive note (since I typically don't code in JavaScript), I'm kinda proud of myself for getting this far. I'll keep poking around with things and see if I can find a solution.

After poking around with the inspect element, I think I found a solution! I'll post it here if it works.

Good idea, however the security issue still stands. People can see a form's hidden values by going into the inspect element. Thank you for helping find a solution!

Another concern is the username dropdown menu--users can change the demo account's password and email. Also, I'd need to make a way for the user to be able to login to the demo account without needing to know the password. It's possible to do, but not probable.

I made a new panel, but there's a HUGE bug. I sat all the resources to 0 and it looks like I have unlimited everything and 6 parked/addon/subdomains. The script works and I'm trying to find out how it works so I can modify it to block pages like the file manager and databases.