New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
https://docs.phpmyadmin.net/en/latest/setup.html?#signon-authentication-mode
You can take a look in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/plugins/auth/AuthenticationCpanel.php
Wow, thanks guys. Really helpful for me. I am integrating databases into my gameserver control panel.
So basically cPanel saving our username and password as plaintext session and then use it to login to phpmyadmin ?
No.
Isn't this code does exactly that ? get username and password POST and save it as session variable.
The passwords isn't stored in plaintext - let's make that clear :-).
As you might (or might not) be aware - when you're logged into cPanel you get a cpsession assigned, something like cpsess{random_numbers}, when you click on the phpmyadmin icon, you'll call the cPanel authentication services which generates a new cpsession for the user, meaning the session for phpmyadmin and for cPanel are completely different.
the information passed along when you click the phpmyadmin icon is a REMOTE_PASSWORD and a REMOTE_USER variable (these are temporary, and the REMOTE_USER is something like cpses_{random_chars} )
the code that does the magic and checking happens within the "start cPanel authentication changes" of the cPanel authentication file in phpmyadmin.
The remote user and password are both temporary, and have nothing to do with the actual username and password for a given account, but these credentials are assigned on the fly when you call the authentication service from cPanel.
You cannot look at code from within phpMyAdmin, and a bunch of variables without knowing the background on how cPanel works.
If you wanna know how cPanel works - then feel free to strace the cpsrvd process which will tell you exactly what is going on when you do certain actions within cPanel and/or WHM
So basically the cpanel create a temporary account, assign that account to database, use that account to login to phpmyadmin. Is that it ?
Yep, you'll also see this user within the "mysql" database if you do something like
select * from user WHERE User LIKE 'cpses_%';
and the actual grants being inselect * from db WHERE User LIKE 'cpses_%';
I can't remember how often cPanel clears out the sessions (and thus also clearing the grants).