Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How cPanel can autologin into phpmyadmin ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How cPanel can autologin into phpmyadmin ?

As far as I know autologin can be achieved by POSTing pma_username and pma_password. Does cPanel saving our username/password as plaintext so it can conveniently autologining into phpmyadmin, or is there some kind of magic that I didn't know of ?

Comments

  • ZerpyZerpy Member

    You can take a look in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/plugins/auth/AuthenticationCpanel.php

    Thanked by 1dwtbf
  • CConnerCConner Member, Host Rep

    Wow, thanks guys. Really helpful for me. I am integrating databases into my gameserver control panel.

  • So basically cPanel saving our username and password as plaintext session and then use it to login to phpmyadmin ?

  • ZerpyZerpy Member

    @yokowasis said:

    So basically cPanel saving our username and password as plaintext session and then use it to login to phpmyadmin ?

    No.

  • @Zerpy said:

    @yokowasis said:

    So basically cPanel saving our username and password as plaintext session and then use it to login to phpmyadmin ?

    No.

    Isn't this code does exactly that ? get username and password POST and save it as session variable.

  • ZerpyZerpy Member
    edited July 2017

    @yokowasis said:

    @Zerpy said:

    @yokowasis said:

    So basically cPanel saving our username and password as plaintext session and then use it to login to phpmyadmin ?

    No.

    Isn't this code does exactly that ? get username and password POST and save it as session variable.

    The passwords isn't stored in plaintext - let's make that clear :-).

    As you might (or might not) be aware - when you're logged into cPanel you get a cpsession assigned, something like cpsess{random_numbers}, when you click on the phpmyadmin icon, you'll call the cPanel authentication services which generates a new cpsession for the user, meaning the session for phpmyadmin and for cPanel are completely different.

    the information passed along when you click the phpmyadmin icon is a REMOTE_PASSWORD and a REMOTE_USER variable (these are temporary, and the REMOTE_USER is something like cpses_{random_chars} )

    the code that does the magic and checking happens within the "start cPanel authentication changes" of the cPanel authentication file in phpmyadmin.

    The remote user and password are both temporary, and have nothing to do with the actual username and password for a given account, but these credentials are assigned on the fly when you call the authentication service from cPanel.

    You cannot look at code from within phpMyAdmin, and a bunch of variables without knowing the background on how cPanel works.

    If you wanna know how cPanel works - then feel free to strace the cpsrvd process which will tell you exactly what is going on when you do certain actions within cPanel and/or WHM

  • So basically the cpanel create a temporary account, assign that account to database, use that account to login to phpmyadmin. Is that it ?

  • ZerpyZerpy Member

    @yokowasis said:
    So basically the cpanel create a temporary account, assign that account to database, use that account to login to phpmyadmin. Is that it ?

    Yep, you'll also see this user within the "mysql" database if you do something like select * from user WHERE User LIKE 'cpses_%'; and the actual grants being in select * from db WHERE User LIKE 'cpses_%';

    I can't remember how often cPanel clears out the sessions (and thus also clearing the grants).

    Thanked by 1Clouvider
Sign In or Register to comment.