335 lines
11 KiB
PHP
335 lines
11 KiB
PHP
<?php
|
|
defined( 'ABSPATH' ) or die();
|
|
|
|
require_once( rsssl_le_path . 'integrations/cpanel/functions.php' );
|
|
/**
|
|
* Completely rebuilt and improved on the FreeSSL.tech Auto CPanel class by Anindya Sundar Mandal
|
|
*/
|
|
class rsssl_cPanel
|
|
{
|
|
public $host;
|
|
private $username;
|
|
private $password;
|
|
public $ssl_installation_url;
|
|
|
|
/**
|
|
* Initiates the cPanel class.
|
|
*/
|
|
public function __construct()
|
|
{
|
|
$username = rsssl_get_option('cpanel_username');
|
|
$password = RSSSL_LE()->letsencrypt_handler->decode( rsssl_get_option('cpanel_password') );
|
|
$host = rsssl_get_option('cpanel_host');
|
|
$this->host = str_replace( array('http://', 'https://', ':2083',':'), '', $host );
|
|
$this->username = $username;
|
|
$this->password = $password;
|
|
$this->ssl_installation_url = 'https://'.$this->host.":2083/frontend/jupiter/ssl/install.html";
|
|
}
|
|
/**
|
|
* Check if all creds are available
|
|
* @return bool
|
|
*/
|
|
public function credentials_available(){
|
|
if (!empty($this->host) && !empty($this->password) && !empty($this->username)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Install SSL for all passed domains
|
|
* @param array $domains
|
|
*
|
|
* @return RSSSL_RESPONSE
|
|
*/
|
|
public function installSSL($domains) {
|
|
$response = false;
|
|
|
|
if ( is_array($domains) && count($domains)>0 ) {
|
|
foreach( $domains as $domain ) {
|
|
$response_item = $this->installSSLPerDomain($domain);
|
|
//set on first iteration
|
|
if ( !$response ) {
|
|
$response = $response_item;
|
|
}
|
|
|
|
//override if not successfull, to always get the error.
|
|
if ( $response->status !== 'success' ) {
|
|
$response = $response_item;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( !$response ) {
|
|
$response = new RSSSL_RESPONSE('error', 'stop', __("No valid list of domains.", "really-simple-ssl"));
|
|
}
|
|
|
|
if ( $response->status === 'success' ) {
|
|
update_option('rsssl_le_certificate_installed_by_rsssl', 'cpanel:default', false);
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Install an SSL certificate on the domain provided - using cPanel UAPI.
|
|
*
|
|
* @param string $domain
|
|
*
|
|
* @return RSSSL_RESPONSE
|
|
*/
|
|
public function installSSLPerDomain($domain)
|
|
{
|
|
$shell_addon_active = defined('rsssl_shell_path');
|
|
|
|
$key_file = get_option('rsssl_private_key_path');
|
|
$cert_file = get_option('rsssl_certificate_path');
|
|
$cabundle_file = get_option('rsssl_intermediate_path');
|
|
$request_uri = 'https://'.$this->host.':2083/execute/SSL/install_ssl';
|
|
|
|
$payload = [
|
|
'domain' => $domain,
|
|
'cert' => file_get_contents($cert_file),
|
|
'key' => file_get_contents($key_file),
|
|
'cabundle' => file_get_contents($cabundle_file),
|
|
];
|
|
|
|
$response_raw = $this->connectUapi($request_uri, $payload);
|
|
$isIpBlock = $this->isIpBlock($response_raw);
|
|
$isLoginError = !$isIpBlock && $this->isLoginError($response_raw);
|
|
$response = json_decode($response_raw);
|
|
//Validate $response
|
|
if ($isIpBlock) {
|
|
update_option( 'rsssl_installation_error', 'cpanel:autossl', false );
|
|
$status = 'error';
|
|
$action = 'stop';
|
|
$message = __( "Your website's ip address is blocked. Please add your domain's ip address to the security policy in CPanel", "really-simple-ssl" );
|
|
} else if ($isLoginError) {
|
|
update_option('rsssl_installation_error', 'cpanel:autossl', false);
|
|
$status = 'error';
|
|
$action = 'stop';
|
|
$message = __("Login credentials incorrect. Please check your login credentials for cPanel.","really-simple-ssl");
|
|
} else if ( empty($response) ) {
|
|
update_option('rsssl_installation_error', 'cpanel:default', false);
|
|
$status = 'warning';
|
|
$action = $shell_addon_active ? 'skip' : 'continue';
|
|
$message = rsssl_get_manual_instructions_text($this->ssl_installation_url);
|
|
} else if ($response->status) {
|
|
delete_option('rsssl_installation_error' );
|
|
$status = 'success';
|
|
$action = 'continue';
|
|
$message = sprintf(__("SSL successfully installed on %s","really-simple-ssl"), $domain);
|
|
} else {
|
|
update_option('rsssl_installation_error', 'cpanel:default', false);
|
|
$status = 'error';
|
|
$action = $shell_addon_active ? 'skip' : 'continue';
|
|
$message = __("Errors were reported during installation","really-simple-ssl").'<br> '.$response->errors[0];
|
|
}
|
|
|
|
return new RSSSL_RESPONSE($status, $action, $message);
|
|
}
|
|
|
|
/**
|
|
* Based on the known output of an ip block html page, check if the user should whitelist their own website ip.
|
|
* @param $raw
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function isIpBlock($raw){
|
|
$triggers = [
|
|
'security_policy',
|
|
'You appear to be logging in from an unknown location',
|
|
'unrecognized IP address',
|
|
];
|
|
foreach($triggers as $key => $trigger ) {
|
|
if (strpos($raw,$trigger)!==false) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Based on the known output of an ip block html page, check if the user has entered incorrect login creds
|
|
* @param $raw
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function isLoginError($raw){
|
|
$triggers = [
|
|
'input-field-login icon password',
|
|
'name="pass" id="pass"',
|
|
];
|
|
foreach($triggers as $key => $trigger ) {
|
|
if (strpos($raw,$trigger)!==false) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
/**
|
|
* @param $domains
|
|
*
|
|
* @return RSSSL_RESPONSE
|
|
*/
|
|
public function enableAutoSSL($domains){
|
|
$domains = implode(',', $domains);
|
|
$request_uri = 'https://'.$this->host.':2083/execute/SSL/remove_autossl_excluded_domains';
|
|
$payload = [
|
|
'domains' => $domains,
|
|
];
|
|
|
|
$response_raw = $this->connectUapi($request_uri, $payload);
|
|
$isIpBlock = $this->isIpBlock($response_raw);
|
|
$response = json_decode($response_raw);
|
|
//Validate $response
|
|
if ($isIpBlock) {
|
|
update_option('rsssl_installation_error', 'cpanel:autossl', false);
|
|
$status = 'error';
|
|
$action = 'stop';
|
|
$message = __("Your website's ip address is blocked. Please add your domain's ip address to the security policy in CPanel","really-simple-ssl");
|
|
} else if (empty($response)) {
|
|
update_option('rsssl_installation_error', 'cpanel:autossl', false);
|
|
$status = 'error';
|
|
$action = 'skip';
|
|
$message = rsssl_get_manual_instructions_text($this->ssl_installation_url);
|
|
} else if ($response->status) {
|
|
delete_option('rsssl_installation_error');
|
|
$status = 'success';
|
|
$action = 'finalize';
|
|
$message = __("SSL successfully installed on $domains","really-simple-ssl");
|
|
} else {
|
|
update_option('rsssl_installation_error', 'cpanel:autossl', false);
|
|
$status = 'error';
|
|
$action = 'skip';//we try the default next
|
|
$message = __("Errors were reported during installation.","really-simple-ssl").'<br> '.$response->errors[0];
|
|
}
|
|
return new RSSSL_RESPONSE($status, $action, $message);
|
|
}
|
|
|
|
/**
|
|
* Connect to the cPanel using UAPI.
|
|
*
|
|
* @param string $request_uri
|
|
* @param null|array $payload
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function connectUapi($request_uri, $payload = null)
|
|
{
|
|
// Set up the cURL request object.
|
|
$ch = curl_init($request_uri);
|
|
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
|
|
curl_setopt($ch, CURLOPT_USERPWD, $this->username.':'.$this->password);
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
|
curl_setopt($ch, CURLOPT_BUFFERSIZE, 131072);
|
|
|
|
if (null !== $payload) {
|
|
// Set up a POST request with the payload.
|
|
curl_setopt($ch, CURLOPT_POST, true);
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
|
|
}
|
|
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
|
|
// Make the call, and then terminate the cURL caller object.
|
|
$curl_response = curl_exec($ch);
|
|
if (curl_errno($ch)) {
|
|
$error_msg = curl_error($ch);
|
|
}
|
|
curl_close($ch);
|
|
|
|
//return output.
|
|
return $curl_response;
|
|
}
|
|
|
|
/**
|
|
* Set DNS TXT record using Json API through cPanel XMLAPI.
|
|
*
|
|
* @param string $domain
|
|
* @param string $value
|
|
*
|
|
* @return RSSSL_RESPONSE
|
|
*/
|
|
public function set_txt_record($domain, $value)
|
|
{
|
|
$args = [
|
|
'domain' => $domain,
|
|
'name' => '_acme-challenge',
|
|
'type' => 'TXT',
|
|
'txtdata' => $value,
|
|
'ttl' => '600',
|
|
'class' => 'IN',
|
|
'cpanel_jsonapi_user' => $this->username,
|
|
'cpanel_jsonapi_module' => 'ZoneEdit',
|
|
'cpanel_jsonapi_func' => 'add_zone_record',
|
|
'cpanel_jsonapi_apiversion' => '2',
|
|
];
|
|
|
|
$args = http_build_query($args, '', '&');
|
|
$url = 'https://'.$this->host.':2083/json-api/cpanel';
|
|
$authstr = 'Authorization: Basic '.base64_encode($this->username.':'.$this->password)."\r\n";
|
|
|
|
$curl = curl_init();
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
|
|
curl_setopt($curl, CURLOPT_URL, $url);
|
|
curl_setopt($curl, CURLOPT_BUFFERSIZE, 131072);
|
|
|
|
$header[0] = $authstr.
|
|
"Content-Type: application/x-www-form-urlencoded\r\n".
|
|
'Content-Length: '.\strlen($args)."\r\n"."\r\n".$args;
|
|
|
|
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
|
|
curl_setopt($curl, CURLOPT_POST, 1);
|
|
|
|
$response = curl_exec($curl);
|
|
curl_close($curl);
|
|
|
|
if (false === $response) {
|
|
return new RSSSL_RESPONSE('error', 'stop', __("Unable to connect to cPanel", "really-simple-ssl").' '.curl_error($curl));
|
|
}
|
|
|
|
if (true === stristr($response, '<html>')) {
|
|
return new RSSSL_RESPONSE('error', 'stop', __("Login credentials incorrect", "really-simple-ssl"));
|
|
}
|
|
$response_array = json_decode($response, true);
|
|
|
|
if ( isset($response_array['cpanelresult']['data'][0]['result']['status']) ) {
|
|
if ($response_array['cpanelresult']['data'][0]['result']['status']) {
|
|
$status = 'success';
|
|
$action = 'continue';
|
|
$message = __("Successfully added TXT record.","really-simple-ssl");
|
|
} else {
|
|
$status = 'warning';
|
|
$action = 'continue';
|
|
$message = __("Could not automatically add TXT record. Please proceed manually, following the steps below.","really-simple-ssl");
|
|
if (isset($response_array['cpanelresult']['data'][0]['result']['statusmsg'])) {
|
|
$message .= '<br>'.$response_array['cpanelresult']['data'][0]['result']['statusmsg'];
|
|
}
|
|
}
|
|
return new RSSSL_RESPONSE($status, $action, $message);
|
|
}
|
|
|
|
$event_result = (bool) $response_array['cpanelresult']['event']['result'];
|
|
$preevent_result = isset($response_array['cpanelresult']['preevent']) ? (bool) $response_array['cpanelresult']['preevent']['result'] : true; //Some cPanel doesn't provide this key. In that case, ignore it by setting 'true'.
|
|
$postevent_result = isset($response_array['cpanelresult']['postevent']) ? (bool) $response_array['cpanelresult']['postevent']['result'] : true; //Some cPanel doesn't provide this key. In that case, ignore it by setting 'true'.
|
|
|
|
if ($event_result && $preevent_result && $postevent_result) {
|
|
$status = 'success';
|
|
$action = 'continue';
|
|
$message = __("Successfully added TXT record.","really-simple-ssl");
|
|
} else {
|
|
$status = 'warning';
|
|
$action = 'continue';
|
|
$message = __("Could not automatically add TXT record. Please proceed manually, following the steps below.","really-simple-ssl");
|
|
}
|
|
|
|
return new RSSSL_RESPONSE($status, $action, $message);
|
|
}
|
|
|
|
|
|
}
|