Check if login was successful
- Thread starter z1089
- Start date
zEitEr
Super Moderator
Hello,
You should send your request to any API page and check output.
You should send your request to any API page and check output.
zEitEr
Super Moderator
Are you sure? And how many accounts do you have without domains? Normally a user account has at least 1 domain.
Yes, in both cases i've got an empty output. I need user authentication that works every time.
Using CMD_API_SUBDOMAINS with correct password i've got error "Unable to show subdomains" but with incorrect password i've got an empty output. Could you tell me is it good idea to use it as the only user authentication? After this authentication i would store his username in session to use it by user with my reseller account and login as feature.
Thanks again for your help.
Using CMD_API_SUBDOMAINS with correct password i've got error "Unable to show subdomains" but with incorrect password i've got an empty output. Could you tell me is it good idea to use it as the only user authentication? After this authentication i would store his username in session to use it by user with my reseller account and login as feature.
Thanks again for your help.
zEitEr
Super Moderator
That's not a good idea to use CMD_API_SUBDOMAINS.
Then your code is incorrect I'd rather say, or try to authenticate as admin/reseller. For CMD_API_SHOW_DOMAINS you should use user-level credentials. Without a proper authentication a result would be a HTML code of a login page. If even a user ha no domains a result would be epmty array with a single key: "list". This is the code I use just now for a test:
PHP:
<?php
include_once('httpsocket.php');
$server_ip="127.0.0.1";
$server_login="userbob";
$server_pass="SECRET_PASS";
$server_host="127.0.0.1";
$server_ssl=true;
$server_port="2222";
$sock = new HTTPSocket;
if ($server_ssl) {
$sock->connect("ssl://".$server_host, $server_port);
} else {
$sock->connect($server_host, $server_port);
}
$sock->set_login($server_login,$server_pass);
$sock->query('/CMD_API_SHOW_DOMAINS',array());
$result = $sock->fetch_parsed_body();
var_dump($result);if user has at least one domain it will show:
Code:
array(1) {
["list"]=>
array(1) {
[0]=>
string(8) "domain.com"
}
}if I try to use admin's (or reseller's) password I got this:
Code:
array(0) {
}I've also added user level check using CMD_API_SHOW_USERS. It seems to work but i'm not sure is it secure.
PHP:
if(isset($result) && empty($result) || !empty($result['list'])){
echo "logged in";
$sock->query('/CMD_API_SHOW_USERS');
$result = $sock->fetch_parsed_body();
if(isset($result) && empty($result) || !empty($result['list'])){
echo "reseller";
}
else{
echo "not reseller";
}
}
else{
echo "not logged in";
}zEitEr
Super Moderator
If you are going to check
PHP:
$result = $sock->fetch_parsed_body();the way you suggested, then it's a bad idea. The variable $result is set and exists, and may be empty for a number of other reasons as well as because of a failed connection to a server.
zEitEr
Super Moderator
| Success Returns | url encoded array in list[] |
| Failure Returns | Nothing to break here. No domains returns empty list |
http://directadmin.com/api.html#user_apis
zEitEr
Super Moderator
If I try to use admin's (or reseller's) password I got this:
as well.
Code:
array(0) {
}as well.
zEitEr
Super Moderator
Add a domain then to the user account.
I would have to forbid from deleting last domain or add hidden domain when user decides to delete last one. I'm thinking about using this:
and then:
Is it possible to receive not empty $result['details'] when password is incorrect?
PHP:
$sock->query('/CMD_API_DOMAIN',
array(
'action' => 'create',
'domain' => '',
'ubandwidth' => 'unlimited',
'uquota' => 'unlimited',
'ssl' => 'OFF',
'cgi' => 'ON',
'php' => 'ON'
));and then:
PHP:
if(!empty($result['details'])){
//logged in
}Is it possible to receive not empty $result['details'] when password is incorrect?