Mahtab Hassan Posted April 6, 2023 Share Posted April 6, 2023 Hello everyone! I was wondering, how to install ssl certificates after generating and add spf records without logging in to vPanel. if anybody can explain. i will be very thankful Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 6, 2023 Share Posted April 6, 2023 (edited) Hello, There isn't any official api to do this, but: for my own free host, I modified Xera a bit and used JavaScript with the domain checker and cPanel login. I embed them in a (hidden) IFRAME and make 2 post requests within the IFRAME automatically using JavaScript, which the url is the vPanel endpoints. TinkerHost seem to be having everything done automatically, I am currently unsure on how he can get the live ssl status for installation before we login to the client area(maybe a cron or GoGetSSL webhook?) Edited April 6, 2023 by SpookyKipper Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 6, 2023 Share Posted April 6, 2023 2 hours ago, SpookyKipper said: TinkerHost seem to be having everything done automatically I do. It’s a fairly new feature for me, and if possible, I would love to be the sole creator of it for awhile. I can give some things away though. All the code for the implementation is in PHP, noting has been modified with the vP to make this specific thing work (We all know what happens when you use frontend code, it just gets copied). PM me on discord for more Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 6, 2023 Author Share Posted April 6, 2023 5 minutes ago, TinkerMan said: I do. It’s a fairly new feature for me, and if possible, I would love to be the sole creator of it for awhile. I can give some things away though. All the code for the implementation is in PHP, noting has been modified with the vP to make this specific thing work (We all know what happens when you use frontend code, it just gets copied). PM me on discord for more i see Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 6, 2023 Share Posted April 6, 2023 22 minutes ago, TinkerMan said: I would love to be the sole creator of it for awhile. Nice 👍 22 minutes ago, TinkerMan said: We all know what happens when you use frontend code, it just gets copied Good point. You made me scrap the idea of using JavaScript as the vp frontend. Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 6, 2023 Share Posted April 6, 2023 You can archieve this by recreating the raw http requests your browser is sending - its defenetly possible. Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 6, 2023 Share Posted April 6, 2023 (edited) 8 minutes ago, BastelPichi said: recreating the raw http requests your browser is sending That’s pretty much what I’m doing Edited April 6, 2023 by TinkerMan Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 6, 2023 Share Posted April 6, 2023 2 minutes ago, TinkerMan said: That’s pretty much what I’m doing ik 😂 You sent me some of your code after all... Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 6, 2023 Share Posted April 6, 2023 I did, I did. And you were a huge help (Even though yours was in a different language) Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 8, 2023 Share Posted April 8, 2023 On 4/6/2023 at 7:19 PM, TinkerMan said: I did, I did. And you were a huge help (Even though yours was in a different language) Yes. Now that I have your code Ill sue the hell outta you with fake copyright. gg. Nah just kidding Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 8, 2023 Share Posted April 8, 2023 I'll just share the 5 lines of code I shared with you with everyone then! (Also, the code does not even work, so...) $fields = array( 'domain_name' => $domain, 'key' => $SQLSSLInfo['private_key'] ); $fields_string = http_build_query($fields); Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 9, 2023 Share Posted April 9, 2023 (edited) 11 hours ago, TinkerMan said: I'll just share the 5 lines of code I shared with you with everyone then! (Also, the code does not even work, so...) $fields = array( 'domain_name' => $domain, 'key' => $SQLSSLInfo['private_key'] ); $fields_string = http_build_query($fields); $SQLSSLInfo hmmm You save the private key in a SQL Database like me? Edited April 9, 2023 by SpookyKipper Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 9, 2023 Share Posted April 9, 2023 10 hours ago, SpookyKipper said: You save the private key in a SQL Database It’s really not a good idea, but I have to in order to display it to the user. Encrypting it is on my to-do list. Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 9, 2023 Author Share Posted April 9, 2023 1 hour ago, TinkerMan said: It’s really not a good idea, but I have to in order to display it to the user. Encrypting it is on my to-do list. i think you should encrypt private key and store it in a file with unique file structure with an unguessable name. 23 hours ago, TinkerMan said: I'll just share the 5 lines of code I shared with you with everyone then! (Also, the code does not even work, so...) $fields = array( 'domain_name' => $domain, 'key' => $SQLSSLInfo['private_key'] ); $fields_string = http_build_query($fields); thank you for sharing the code even though it is of no use. On 4/6/2023 at 4:19 AM, SpookyKipper said: Hello, There isn't any official api to do this, but: for my own free host, I modified Xera a bit and used JavaScript with the domain checker and cPanel login. I embed them in a (hidden) IFRAME and make 2 post requests within the IFRAME automatically using JavaScript, which the url is the vPanel endpoints. i will try it Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 10, 2023 Share Posted April 10, 2023 (edited) 18 hours ago, TinkerMan said: Encrypting it is on my to-do list. you can try using openssl_encrypt function in php, that's what I use Edited April 10, 2023 by SpookyKipper Quote Link to comment Share on other sites More sharing options...
MeTooIDK Posted April 30, 2023 Share Posted April 30, 2023 (edited) On 4/6/2023 at 2:42 PM, Mahtab Hassan said: Hello everyone! I was wondering, how to install ssl certificates after generating and add spf records without logging in to vPanel. if anybody can explain. i will be very thankful Sure! Theres 3 way use js everytime user go into panel use js XHR --> Your API Check User has SSL not Installed if not installed XHR --> ADD CSR,KEY,CERT( Dev Tools Network tab can track request data) no need worry about CSRF Problem. Same domain so CSRF problem could be solved puppeteer (EASY,HIGH RAM CPU USAGE) : Headless Chromium Browser. You can use JS to control browser to do something like Login,Because VP doesnt has captcha. http request (HARD): this is example login using axios,qs. this is part of code of my old project. It was for a 3rd Party VistaPanel - SukaPanel. Archived,that repo is the api https://github.com/ImLoadingUuU/MSA var data = qs.stringify({ 'uname': req.body.uname || "", 'passwd': req.body.passwd || "", 'theme': 'PaperLantern', 'seeesurf': req.body.seeesurf || '555930360198781056', 'login': '' }); var config = { method: 'post', url: 'https://cpanel.epizy.com/login.php', headers: { 'User-Agent': useragent, 'Content-Type': 'application/x-www-form-urlencoded' }, data : data }; axios(config) .then(function (response) { let docu = cheerio.load(response.data) if (docu("#forms script").html()) { console.log(response.headers["set-cookie"]) res.setHeader("cookie",response.headers["set-cookie"]) res.send({ message: "Success", successful: true, authID: docu("#forms script").text().replace(`document.location.href = '`).slice(0,-1).replace("undefined","").replace("panel/indexpl.php?id=",""), cookie: response.headers["set-cookie"][1].split(";")[0].split("=")[1], }) } else { res.send({ successful: false, message: docu("#login-sub #forms").text(), cookie: response.headers["set-cookie"][0].split(";")[0].split("=")[1], }) } }) .catch(function (error) { console.log(error); }); Edited April 30, 2023 by MeTooIDK Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 30, 2023 Share Posted April 30, 2023 2 hours ago, MeTooIDK said: this is part of code of my old project. It was for a 3rd Party VistaPanel - SukaPanel. Archived,that repo is the api https://github.com/ImLoadingUuU/MSA Repo 404, probably private. Quote Link to comment Share on other sites More sharing options...
MeTooIDK Posted April 30, 2023 Share Posted April 30, 2023 26 minutes ago, PlanetCloud said: Repo 404, probably private. i forgot to change,changed Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 30, 2023 Share Posted April 30, 2023 7 hours ago, MeTooIDK said: XHR --> ADD CSR,KEY,CERT( Dev Tools Network tab can track request data) you don't need csr Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 30, 2023 Share Posted April 30, 2023 Although it's good with good intentions, I think this could lead to security issues instead... DM me @MeTooIDK Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.