syskall
Verified User
Hello,
I am trying to build a plugin for DirectAdmin.
In the plugin, I need to list all the users of the connected reseller. (using the httpsocket.php class)
It looks like:
Since the file must be readable by any user (rwxr-xr-x), I was wondering if it was really secure... Any user could just "less /usr/local/directadmin/plugins/plugname/user/index.html" and see the "adminpass".
Am I right ? If so, how can I make it secure ???
Thx a lot for your help !
I am trying to build a plugin for DirectAdmin.
In the plugin, I need to list all the users of the connected reseller. (using the httpsocket.php class)
It looks like:
PHP:
$reseller = $_SERVER['USER'];
$sock = new HTTPSocket;
$sock->connect("domain.com",2222);
$sock->set_login("admin|".$reseller,"adminpass"); // PLAIN ADMIN PASSWORD !!!!!!
$sock->set_method('GET');
$sock->query('/CMD_API_SHOW_USERS');
$userlist = $sock->fetch_parsed_body();
Am I right ? If so, how can I make it secure ???
Thx a lot for your help !