CMD_API_PASSWD returns partial response

akinuri

New member
Joined
Feb 12, 2019
Messages
3
In order to automate things, I'm planing to group several commands in one custom page. I have examined the API page, and the forms on the DirectAdmin itself. I get how it works.

I have created a custom class and methods to manage Users, Resellers, etc. I'm having a problem with the CMD_PASSWD/CMD_API_PASSWD (at user level) page/command. It doesn't return a full response. I have tried several combinations:

Code:
POST     CMD_API_PASSWD      failed login                partial/empty response; login page      
POST     CMD_API_PASSWD      incorrect old password      partial/empty response 
POST     CMD_API_PASSWD      password change             empty body; error=0

// CMD_API_PASSWD works with POST, so switching to CMD_PASSWD

GET      CMD_PASSWD          failed login                login page
GET      CMD_PASSWD          incorrect old password      empty body
GET      CMD_PASSWD          password change             empty body                  password doesn't change

POST     CMD_PASSWD          failed login                login page/partial response
POST     CMD_PASSWD          incorrect old password      partial/empty response
POST     CMD_PASSWD          password change             empty body; error=0
I get "HTTP/1.1 ", or literally empty response, or a response with headers but no content/body, or sometimes "error=0", or partial body (if the body is html). In short, it is not reliable.

Is this CMD not officially supported? What I like about this CMD is that I can pass parameters such as "system", "ftp", "database". I can assign different passwords to each.

I'm assuming CMD_API_USER_PASSWD changes the password for all three (system, ftp, database). So no control there.

Is there another CMD for this kind of thing that I'm not aware of? Also, what's the problem with this CMD?
 

akinuri

New member
Joined
Feb 12, 2019
Messages
3
Not earlier, but that page doesn't really say anything new that I didn't know before. In fact, there's a hidden input (name="options" value="yes") in the HTM_PASSWD page. It's not mentioned in the page you linked. I'm guessing it also needs to be passed in addition to system, ftp, or database.

My problem is with what the CMD_API_PASSWD returns. I can change the password using it, but I can never be sure that I did, because it doesn't return anything reliable. See these possible cases:

Code:
$da = new DirectAdmin("__IP__", 2222, "__USERNAME__", "__SYSTEM_PW__");

$result = $da->query("POST", "CMD_API_PASSWD", [
    "oldpass" => "__WRONG_SYSTEM_PW__",
    "passwd"  => "__NEW_PW__",
    "passwd2" => "__NEW_PW__",
    "options" => "yes",
]);
print_r($result);

/*

API outputs:

Array
(
    [protocol] => HTTP/1.1
    [status] => 
    [headers] => Array
        (
        )

    [content] => 
    [parsed] => Array
        (
            [error] => 1
            [text] => Partial response
        )

)

Array
(
    [protocol] => HTTP/1.1
    [status] => 200 OK
    [headers] => Array
        (
            [Server] => DirectAdmin Daemon v1.54.1 Registered to _____
            [Set-Cookie] => session=; path=/; expires=Thu, 14 Feb 2019 12
            [Connection] => close
            [Content-Type] => text/plain
        )

    [content] => 
    [parsed] => Array
        (
        )

)

UI output:

Error changing password
Details
No options were selected

*/
Code:
$da = new DirectAdmin("__IP__", 2222, "__USERNAME__", "__WRONG_SYSTEM_PW__");

$result = $da->query("POST", "CMD_API_PASSWD", [
    "oldpass" => "__WRONG_SYSTEM_PW__",
    "passwd"  => "__NEW_PW__",
    "passwd2" => "__NEW_PW__",
]);
print_r($result);

/*

API outputs:

Array
(
    [protocol] => HTTP/1.1
    [status] => 200 OK
    [headers] => Array
        (
            [Server] => DirectAdmin Daemon v1.54.1 Registered to _____
            [Set-Cookie] => session=; path=/; expires=Thu, 01 Jan 1970 00
            [Connection] => close
            [Cache-Control] => no-cache
            [Pragma] => no-cache
            [X-DirectAdmin] => Unauthorized
            [Content-Type] => text/html
        )

    [content] => __OMITTED__
    [parsed] => Array
        (
            [error] => 1
            [text] => Unauthorized
            [details] => Array
                (
                    [0] => Invalid login. Please verify your Username and Password
                )

        )

)

Array
(
    [protocol] => HTTP/1.1
    [status] => 
    [headers] => Array
        (
        )

    [content] => 
    [parsed] => Array
        (
            [error] => 1
            [text] => Partial response
        )

)

Array
(
    [protocol] => 
    [status] => 
    [headers] => Array
        (
        )

    [content] => 
    [parsed] => Array
        (
            [error] => 1
            [text] => Empty response
        )

)

*/
Code:
$da = new DirectAdmin("__IP__", 2222, "__USERNAME__", "__SYSTEM_PW__");

$result = $da->query("POST", "CMD_API_PASSWD", [
    "oldpass" => "__SYSTEM_PW__",
    "passwd"  => "__NEW_PW__",
    "passwd2" => "__NEW_PW__",
    "options" => "yes",
    "ftp"     => "yes",
]);
print_r($result);

/*

API outputs:

Array
(
    [protocol] => HTTP/1.1
    [status] => 
    [headers] => Array
        (
        )

    [content] => 
    [parsed] => Array
        (
            [error] => 1
            [text] => Partial response
        )

)

Array
(
    [protocol] => HTTP/1.1
    [status] => 200 OK
    [headers] => Array
        (
            [Server] => DirectAdmin Daemon v1.54.1 Registered to inweb
            [Set-Cookie] => session=; path=/; expires=Thu, 14 Feb 2019 12
            [Connection] => close
            [Content-Type] => text/plain
        )

    [content] => 
    [parsed] => Array
        (
        )

)

*/
What is returned is never the same. I get the desired output like once in 20~ attempts. I'm not sure if the issue is specific to my server or to DirectAdmin in general.
 

akinuri

New member
Joined
Feb 12, 2019
Messages
3
No update?

I've made it easier for anyone to test and see what I'm talking about. Here's a code snippet that does CMD calls without any external library.

Code:
<?php

function socket($hostname, $port, $request_string) {
    $response = "";
    $socket = @fsockopen($hostname, $port, $errno, $errstr, 10);
    if (!$socket) {
        return die(json_encode(["error" => trim($errstr), "error_no" => $errno]));
    }
    fwrite($socket, $request_string);
    while (!feof($socket)) {
        $response .= fgets($socket, 4096);
    }
    fclose($socket);
    return $response;
}

// SETUP

$host = "___.___.___.___";
$port = 2222;
$user = "_____";
$pw   = "_____";

$auth = base64_encode("{$user}:{$pw}");

// GET DOMAINS LIST
// $request = <<<HERE
// GET /CMD_API_ADDITIONAL_DOMAINS HTTP/1.1
// Accept: */*n
// Authorization: Basic {$auth}
// Connection: Close
// Host: {$host}:{$port}
// User-Agent: PHP/1.0


// HERE;
// $response = socket($host, $port, $request);
// var_dump($response);


// CHANGE PASSWORD
$new_pw = "_____";
$request_body = "oldpass={$pw}&passwd={$new_pw}&passwd2={$new_pw}&options=yes&sytem=yes&ftp=yes&database=yes";
$content_length = strlen($request_body);
$request = <<<HERE
POST /CMD_API_PASSWD HTTP/1.1
Accept: */*
Authorization: Basic {$auth}
Connection: Close
Content-Length: {$content_length}
Content-Type: application/x-www-form-urlencoded
Host: {$host}:{$port}
User-Agent: PHP/1.0


{$request_body}
HERE;
$response = socket($host, $port, $request);
var_dump($response);
This problem occurs with other (POST) CMD calls too. For example: CMD_API_SELECT_USERS. When I delete an existing user (or even try to delete a non-existent user) I get incomplete responses such as:

Code:
HTTP/1.1 (just protocol and nothing else)

headers + error=1&text=" (partial response)

'' (empty response)
Some CMDs (e.g. CMD_API_ACCOUNT_USER for creating a user) works with GET, and I choose GET over POST, because POST is problematic. Unfortunately, CMD_API_PASSWD doesn't work with GET.

Is there a way for me to modify these CMD files to make sure they return meaningful response when using POST, or just make them also work with GET?

Currently, I'm starting to hate DirectAdmin for its POST CMDs.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,159
Location
GMT +7.00
If you don't like output from the mentioned commands and find it to be buggy you should open a ticket with Directadmin support and suggest that they fix it.

https://tickets.directadmin.com/

I don't see how else we (members of Directadmin community) can help you.
 
Top