CODEWITHSUNDEEP
phpmysqldatabasecpanelcpanel-xmlapi
Bruce
Bruce

Reputation: 1071

Is it possible to obtain a cpanel mysql database prefix?

$db_connection = $_SERVER['DOCUMENT_ROOT'] . '/includes/install/database_connection.php';
if (!file_exists($db_connection)) {
    require("install/xmlapi.php");
    if (isset($_POST['cpname'])) {
        $opts['user'] = $_POST['cpname'];
        $opts['pass'] = $_POST['cppass'];
        $opts['temp'] = substr(str_shuffle(md5(time())),0,'12');
        $xmlapi = new xmlapi($_SERVER['HTTP_HOST']);
        $xmlapi->set_port( 2083 );
        $xmlapi->password_auth($opts['user'],$opts['pass']);
        $xmlapi->set_debug(0);
        $cpaneluser=$opts['user'];
        $databasename="OSMP_DAT";
        $databaseuser="OSMP_admin";
        $databasepass=$opts['temp'];
        $db = $databasename;
        $user = $databaseuser;
        $pass = $databasepass;
        $loc = 'localhost';
        $createdb = $xmlapi->api1_query($cpaneluser, "Mysql", "adddb", array($databasename));
        $usr = $xmlapi->api1_query($cpaneluser, "Mysql", "adduser", array($databaseuser, $databasepass));
        $addusr = $xmlapi->api1_query($cpaneluser, "Mysql", "adduserdb", array("".$cpaneluser."_".$databasename."", "".$cpaneluser."_".$databaseuser."", 'all'));
        include ('install/installer.php');
        exit;
    }
    if (!isset($_POST['dbhost'])) { include ('install/db_installer.php'); }
    if (isset($_POST['dbhost'])) {
            // save connection details to $db_connection
    }
}

The above code works flawlessly as one would expect.

First it checks for the existence of database_connection.php. If it exists, it includes the file which contains database details.

If not - we are assuming its a first time install. So we are asking a user for cpanel login details, and our script creates the database and saves details to database_connection.php.

The only problem ... is database prefixes. When the database is created, if the WHM has database prefixes set for the user account, then a database prefix is prefixed to the database name.

I want to know how to determine if there is a prefix, and if so how to find out what it is so the script can prefix it on the database name as well.

Note I am not seeking a table prefix, but rather the database prefix as added by cpanel/whm

Upvotes: 0

Views: 827

Answers (1)

Bruce
Bruce

Reputation: 1071

So apparently cpanel by default if prefixing is enabled used the first 8 characters of ones username followed by an underscore. This is used for both database and database names.

So I simply modified the above code as follows:

$db_connection = $_SERVER['DOCUMENT_ROOT'] . '/includes/install/database_connection.php';
if (!file_exists($db_connection)) {
    require("install/xmlapi.php");
    if (isset($_POST['cpname'])) {
        $opts['user'] = $_POST['cpname'];
        $prefix = substr($opts['user'],0,8).'_';
        if ($prefix === FALSE) {$prefix = $opts['user'];}
        $opts['pass'] = $_POST['cppass'];
        $opts['temp'] = substr(str_shuffle(md5(time())),0,'12');
        $xmlapi = new xmlapi(localhost);
        $xmlapi->set_port( 2083 );
        $xmlapi->password_auth($opts['user'],$opts['pass']);
        $xmlapi->set_debug(1);
        $cpaneluser=$opts['user'];
        $databasename="OSMP_DAT";
        $databaseuser="osmp";
        $databasepass=$opts['temp'];
        $pass = $databasepass;
        $loc = 'localhost';
        $createdb = $xmlapi->api1_query($cpaneluser, "Mysql", "adddb", array($databasename));
        $usr = $xmlapi->api1_query($cpaneluser, "Mysql", "adduser", array($databaseuser, $databasepass));
        $addusr = $xmlapi->api1_query($cpaneluser, "Mysql", "adduserdb", array($databasename, $databaseuser, 'all'));
        $db = $prefix.$databasename;
        $user = $prefix.$databaseuser;
        include ('install/installer.php');
        exit;
    }
    if (!isset($_POST['dbhost'])) { include ('install/db_installer.php'); }
    if (isset($_POST['dbhost'])) {
        // save connection details to $db_connection
    }
}

So now a check is done to determine the length of the username and if longer than 8 characters, its truncated to 8. Then the understore is added and output as variables to pass along to the next part of the script.

The only flaw left as I can see is if the host has disabled the prefixing in whm, so I am well on my way.

For anyone attempting to use this code in the future - make note you need to secure the included files or you are going to have whopping security problems. As this code stands someone could manually call install/db_installer.php or install/installer.php and bypass the (!file_exists($db_connection)) check and the if (isset($_POST)) and the (!isset($_POST['dbhost'])).

DO NOT USE THIS CODE IF YOU DON'T KNOW HOW TO SECURE IT!

Upvotes: 0

Related Questions