> > On 3/22/07, PHP Fusebox <salientdigital@xxxxxxxxx> wrote: > > I built a CMS that lets a super user create and manage basic users > > (among lots of other things). I want basic users to get an > FTP account > > that is automatically associated with their website user > account, and > > managed from my add/edit user form. For example if I create a user > > named fred032@xxxxxxxxxxxx for him to login to my web app, I want my > > users to be able to use their same login name and password to access > > their web folder via FTP. > > > > I am running on LAMP on a CPanel server with ProFTP as the > FTP server > > software, but I have no clue how to get PHP to be able to create, > > edit, or delete an FTP account. Can someone point me in the right > > direction? > > > > I can see the Form field names and URLs in the CPanel forms > where this > > is set up, but is it safe to CURL these same URLs from my app? That > > seems like a big security risk. > > > > > > Thanks, > > Geoff > > Let's start with the end, it is a big security hole, as you would need > to enter your reseller account info in the curl options. Which might > be traced somewhere. > > I'm not sure how ProFTP is set up, but might it be that it is working > for every local user? So that if you create a new user on your system, > that it can also login through FTP. That's quite common for such > things as CPanel. I never used CPanel or such on my own development > server so i don't know, but i think it works like above, and you > should just create a new user with useradd from within PHP with the > exec function. > > Tijnema > > Make sure your system is secure, users created are in their own group and can't get to anything... Can't run anything, etc. I made that mistake a long time ago when I was first starting out.. Ended up with a root kit installed .... Yippeeeee Jake -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.17/730 - Release Date: 3/22/2007 7:44 AM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
