Can anyone tell me, without referring me to a script someone else already built, exactly how I would build code to change the password to an account through the WHM XML-API.

Currently, I'm using PHP to do a HTTP request, however WHM is now giving a 'Direct Access Denied' error. So I guess the only way is to use the XML-API, however I can't find any decent documentation on how to get started.

Hopefully someone can help me out. Thanks for your help.

<?

$whmusername = "root";//your whm login root
$whmhash = "somelonghash";//your api hash, found in WHM. generate one then paste it in here

$user = "";//user to change
$pass = "";//password to change it too

$query = "https://example.com:2087/xml-api/passwd?user=$user&pass=$pass";

$curl = curl_init(); # Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); # Allow certs that do not match the domain
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0); # Allow self-signed certs
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); # Return contents of transfer on curl_exec
$header[0] = "Authorization: WHM $whmusername:" . preg_replace("'(\r|\n)'","",$whmhash); # Remove newlines from the hash
curl_setopt($curl,CURLOPT_HTTPHEADER,$header); # Set curl header
curl_setopt($curl, CURLOPT_URL, $query); # Set your URL
$result = curl_exec($curl); # Execute Query, assign to $result
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
}
curl_close($curl);

print $result;

?>

try that, oh and remeber to edit example.com to whatever is applicable

The page takes ages to load, and the output is empty. I've tested on a couple of different servers.

I'm not sure what the best strategy is to figure out what's going wrong? Thanks for your help.

is error reporting on? it could be you don't have curl (but thats unlikely). there could be a syntax error, i didnt really check the code very thoroughly.

It runs fine.

No errors are mentioned.

Takes longer than most pages to load and $result is empty. Nothing has changed.

It may be because of a SSL certificate warning

Try using



$query = "http://example.com:2086/xml-api/passwd?user=$user&pass=$pass";


instead of



$query = "https://example.com:2087/xml-api/passwd?user=$user&pass=$pass";


replacing example.com with your domain/server IP

Regards

That I also tried, and the result was the same.

Do you need root access to use the XML API, or will reseller work?

Afaik , I think the reseller would work .

So then,

Can anyone help me debug this? I'm not getting anywhere on my own.

<?php
$whmhost = 'WHM hostname';
$whmuser = 'WHM user with correct permissions';
$whmhash = "accesshash unedited from WHM";

$user = 'Client username';
$pass = 'Client new password';

$curl = curl_init();

if( $curl != null ){
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
sprintf(
"Authorization: WHM %s:%s",
$whmuser,
preg_replace("'(\r|\n)'","", $whmhash)
)
));
curl_setopt($curl, CURLOPT_URL, sprintf(
"http://%s:2086/xml-api/passwd?user=%s&pass=%s",
$whmhost, $user, $pass
));
$result = curl_exec($curl);

if( $result ){
echo $result;
}

curl_close($curl);
}
?>


try that, does not use SSL ...

you've checked the whm api hash right? try resetting it

Change an Account's Password — passwd
This function changes the password of a domain owner (cPanel) or reseller (WHM) account.


Calling Functions
Using the XML API
Using the JSON API
Variables
Input
Output
Examples
XML API
JSON API




Calling Functions

Using the XML API
Show Hide To use the XML API to perform the passwd function from within your custom script:


•Append the /xml-api/passwd function call name, plus the required variables (see below), to a URL which includes the address of your server.

•For example, on a server whose hostname is example.com, you would include the following string in your script: https://example.com:2087/xml-api/passwd

•You need to be logged in with the proper permissions in order to call a function. See our document about Authenticating API Function Calls for more information about authenticating APIs from within a script.

•You can also perform the function by entering the string in your web browser's address bar. This may be useful for testing the function call and viewing its output.


Using the JSON API
Show Hide To use the JSON API to perform the passwd function from within your custom script:

Append the /json-api/passwd function call name, plus the required variables (see below), to a URL which includes the address of your server.
For example, on a server whose hostname is example.com, you would include the following string in your script: https://example.com:2087/json-api/passwd
You need to be logged in with the proper permissions in order to call a function. See our document about Authenticating API Function Calls for more information about authenticating APIs from within a script.
You can also perform the function by entering the string in your web browser's address bar. This may be useful for testing the function call and viewing its output.

Variables

Input
The passwd function takes the following variables as input. Both variables are required:

•user (string) — Name of the user whose password should be changed.
•pass (string) — New password for the user.

Output
Show Hide
•passwd — Root-level tag for the output of the passwd function.
◦rawout — Raw message output.
◦services — List of services for which the password has been updated.
■app — Service for which the password was updated. Should include the following:
■system
■ftp
■mail
■mysql
◦status — Whether or not the operation completed successfully.
■1 — yes.
■0 — no.
◦statusmsg — Details of the success or failure.

Examples

XML API
Show Hide Calling the following function:

https://example.com:2087/xml-api/passwd?user=bob&pass=r3allyc0pml3xp@ss!234

in WebHost Manager will produce output similar to:


<passwd>
<passwd>
<rawout>
Changing password for bob
Password for bob has been changed
Updating ftp passwords for bob
Ftp password files updated.
Ftp vhost passwords synced
</rawout>
<services>
<app>system</app>
</services>
<services>
<app>ftp</app>
</services>
<services>
<app>mail</app>
</services>
<services>
<app>mySQL</app>
</services>
<status>1</status>
<statusmsg>Password changed for user bob</statusmsg>
</passwd>
</passwd>

Hi,

Okay I figured it out. It appears it doesn't like access from my main server. So I created a proxy. Now it just takes ages, and I don't figure there's too much that can be done about that.

Matt: try getting the owners of the server in question to whitelist your main server's IP.