User-level plugin: howto make sure a domain belongs to the user?

[websafe]

Hello.

I have a problem. I'm trying to write a simple user-level plugin that requires a domain param in the url (?domain=my-example-domain.com).

In user/index.html I have:

#!/usr/local/bin/php
<?php
include dirname(__FILE__) . '/../plugin/dosomething.php';
?>

My question is simple, how can I check (be sure) in dosomething.php, that the domain found in $_SERVER['QUERY_STRING'] belongs to getenv('USERNAME')?

TIA

 

[websafe]

For now I see only one solution: using DirectAdmins API. But with the API the plugin will need a config with credentials of an administrative user? Am I right?

 

[websafe]

For now I see only one solution: using DirectAdmins API. But with the API the plugin will need a config with credentials of an administrative user? Am I right?

OK, i found it: inside a plugin I don't need admins password when connecting to 127.0.0.1:2222, is this OK? This was really hard to find, because i could not believe this! ;-]

require 'httpsocket.php';
$sock = new HTTPSocket;
$sock->connect('127.0.0.1', 2222);
$sock->set_login('admin','');
$sock->query('/CMD_API_SHOW_ALL_USERS');
$result = $sock->fetch_parsed_body();
print_r($result);


This code works inside a plugin, but this means, that on the "public" PHP at least function socket_create must be disabled, or the server gets insecure?

 

[zEitEr]

Yes, that's correct. But there might be problems, if you're running directadmin with SSL enabled for it.