File: //proc/self/cwd/wp-content/plugins/really-simple-ssl/lets-encrypt/integrations/cpanel/cpanel.php
<?php
defined( 'ABSPATH' ) or die();
require_once rsssl_path . 'lib/admin/class-encryption.php';
use RSSSL\lib\admin\Encryption;
require_once( rsssl_le_path . 'integrations/cpanel/functions.php' );
/**
* Completely rebuilt and improved on the FreeSSL.tech Auto CPanel class by Anindya Sundar Mandal
*/
class rsssl_cPanel
{
use Encryption;
public $host;
private $username;
private $password;
public $ssl_installation_url;
/**
* Initiates the cPanel class.
*/
public function __construct()
{
$username = rsssl_get_option('cpanel_username');
$password = $this->decrypt_if_prefixed( rsssl_get_option('cpanel_password') );
$host = rsssl_get_option('cpanel_host');
$this->host = str_replace( array('http://', 'https://', ':2083',':'), '', $host );
$this->username = $username;
$this->password = $password;
$this->ssl_installation_url = 'https://'.$this->host.":2083/frontend/jupiter/ssl/install.html";
}
/**
* Check if all creds are available
* @return bool
*/
public function credentials_available(){
if (!empty($this->host) && !empty($this->password) && !empty($this->username)) {
return true;
}
return false;
}
/**
* Install SSL for all passed domains
* @param array $domains
*
* @return RSSSL_RESPONSE
*/
public function installSSL($domains) {
$response = false;
if ( is_array($domains) && count($domains)>0 ) {
foreach( $domains as $domain ) {
$response_item = $this->installSSLPerDomain($domain);
//set on first iteration
if ( !$response ) {
$response = $response_item;
}
//override if not successfull, to always get the error.
if ( $response->status !== 'success' ) {
$response = $response_item;
}
}
}
if ( !$response ) {
$response = new RSSSL_RESPONSE('error', 'stop', __("No valid list of domains.", "really-simple-ssl"));
}
if ( $response->status === 'success' ) {
update_option('rsssl_le_certificate_installed_by_rsssl', 'cpanel:default', false);
}
return $response;
}
/**
* Install an SSL certificate on the domain provided - using cPanel UAPI.
*
* @param string $domain
*
* @return RSSSL_RESPONSE
*/
public function installSSLPerDomain($domain)
{
$shell_addon_active = defined('rsssl_shell_path');
$key_file = get_option('rsssl_private_key_path');
$cert_file = get_option('rsssl_certificate_path');
$cabundle_file = get_option('rsssl_intermediate_path');
$request_uri = 'https://'.$this->host.':2083/execute/SSL/install_ssl';
$payload = [
'domain' => $domain,
'cert' => file_get_contents($cert_file),
'key' => file_get_contents($key_file),
'cabundle' => file_get_contents($cabundle_file),
];
$response_raw = $this->connectUapi($request_uri, $payload);
$isIpBlock = $this->isIpBlock($response_raw);
$isLoginError = !$isIpBlock && $this->isLoginError($response_raw);
$response = json_decode($response_raw);
//Validate $response
if ($isIpBlock) {
update_option( 'rsssl_installation_error', 'cpanel:autossl', false );
$status = 'error';
$action = 'stop';
$message = __( "Your website's ip address is blocked. Please add your domain's ip address to the security policy in CPanel", "really-simple-ssl" );
} else if ($isLoginError) {
update_option('rsssl_installation_error', 'cpanel:autossl', false);
$status = 'error';
$action = 'stop';
$message = __("Login credentials incorrect. Please check your login credentials for cPanel.","really-simple-ssl");
} else if ( empty($response) ) {
update_option('rsssl_installation_error', 'cpanel:default', false);
$status = 'warning';
$action = $shell_addon_active ? 'skip' : 'continue';
$message = rsssl_get_manual_instructions_text($this->ssl_installation_url);
} else if ($response->status) {
delete_option('rsssl_installation_error' );
$status = 'success';
$action = 'continue';
$message = sprintf(__("SSL successfully installed on %s","really-simple-ssl"), $domain);
} else {
update_option('rsssl_installation_error', 'cpanel:default', false);
$status = 'error';
$action = $shell_addon_active ? 'skip' : 'continue';
$message = __("Errors were reported during installation.","really-simple-ssl").'<br> '.$response->errors[0];
}
return new RSSSL_RESPONSE($status, $action, $message);
}
/**
* Based on the known output of an ip block html page, check if the user should whitelist their own website ip.
* @param $raw
*
* @return bool
*/
public function isIpBlock($raw){
$triggers = [
'security_policy',
'You appear to be logging in from an unknown location',
'unrecognized IP address',
];
foreach($triggers as $key => $trigger ) {
if (strpos($raw,$trigger)!==false) {
return true;
}
}
return false;
}
/**
* Based on the known output of an ip block html page, check if the user has entered incorrect login creds
* @param $raw
*
* @return bool
*/
public function isLoginError($raw){
$triggers = [
'input-field-login icon password',
'name="pass" id="pass"',
];
foreach($triggers as $key => $trigger ) {
if (strpos($raw,$trigger)!==false) {
return true;
}
}
return false;
}
/**
* @param $domains
*
* @return RSSSL_RESPONSE
*/
public function enableAutoSSL($domains){
$domains = implode(',', $domains);
$request_uri = 'https://'.$this->host.':2083/execute/SSL/remove_autossl_excluded_domains';
$payload = [
'domains' => $domains,
];
$response_raw = $this->connectUapi($request_uri, $payload);
$isIpBlock = $this->isIpBlock($response_raw);
$response = json_decode($response_raw);
//Validate $response
if ($isIpBlock) {
update_option('rsssl_installation_error', 'cpanel:autossl', false);
$status = 'error';
$action = 'stop';
$message = __("Your website's ip address is blocked. Please add your domain's ip address to the security policy in CPanel","really-simple-ssl");
} else if (empty($response)) {
update_option('rsssl_installation_error', 'cpanel:autossl', false);
$status = 'error';
$action = 'skip';
$message = rsssl_get_manual_instructions_text($this->ssl_installation_url);
} else if ($response->status) {
delete_option('rsssl_installation_error');
$status = 'success';
$action = 'finalize';
$message = __("SSL successfully installed on $domains","really-simple-ssl");
} else {
update_option('rsssl_installation_error', 'cpanel:autossl', false);
$status = 'error';
$action = 'skip';//we try the default next
$message = __("Errors were reported during installation.","really-simple-ssl").'<br> '.$response->errors[0];
}
return new RSSSL_RESPONSE($status, $action, $message);
}
/**
* Connect to the cPanel using UAPI.
*
* @param string $request_uri
* @param null|array $payload
*
* @return mixed
*/
public function connectUapi($request_uri, $payload = null)
{
// Set up the cURL request object.
$ch = curl_init($request_uri);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, $this->username.':'.$this->password);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_BUFFERSIZE, 131072);
if (null !== $payload) {
// Set up a POST request with the payload.
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Make the call, and then terminate the cURL caller object.
$curl_response = curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
}
curl_close($ch);
//return output.
return $curl_response;
}
/**
* Set DNS TXT record using Json API through cPanel XMLAPI.
*
* @param string $domain
* @param string $value
*
* @return RSSSL_RESPONSE
*/
public function set_txt_record($domain, $value)
{
$args = [
'domain' => $domain,
'name' => '_acme-challenge',
'type' => 'TXT',
'txtdata' => $value,
'ttl' => '600',
'class' => 'IN',
'cpanel_jsonapi_user' => $this->username,
'cpanel_jsonapi_module' => 'ZoneEdit',
'cpanel_jsonapi_func' => 'add_zone_record',
'cpanel_jsonapi_apiversion' => '2',
];
$args = http_build_query($args, '', '&');
$url = 'https://'.$this->host.':2083/json-api/cpanel';
$authstr = 'Authorization: Basic '.base64_encode($this->username.':'.$this->password)."\r\n";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_BUFFERSIZE, 131072);
$header[0] = $authstr.
"Content-Type: application/x-www-form-urlencoded\r\n".
'Content-Length: '.\strlen($args)."\r\n"."\r\n".$args;
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_POST, 1);
$response = curl_exec($curl);
curl_close($curl);
if (false === $response) {
return new RSSSL_RESPONSE('error', 'stop', __("Unable to connect to cPanel", "really-simple-ssl").' '.curl_error($curl));
}
if (true === stristr($response, '<html>')) {
return new RSSSL_RESPONSE('error', 'stop', __("Login credentials incorrect", "really-simple-ssl"));
}
$response_array = json_decode($response, true);
if ( isset($response_array['cpanelresult']['data'][0]['result']['status']) ) {
if ($response_array['cpanelresult']['data'][0]['result']['status']) {
$status = 'success';
$action = 'continue';
$message = __("Successfully added TXT record.","really-simple-ssl");
} else {
$status = 'warning';
$action = 'continue';
$message = __("Could not automatically add TXT record. Please proceed manually, following the steps below.","really-simple-ssl");
if (isset($response_array['cpanelresult']['data'][0]['result']['statusmsg'])) {
$message .= '<br>'.$response_array['cpanelresult']['data'][0]['result']['statusmsg'];
}
}
return new RSSSL_RESPONSE($status, $action, $message);
}
$event_result = (bool) $response_array['cpanelresult']['event']['result'];
$preevent_result = isset($response_array['cpanelresult']['preevent']) ? (bool) $response_array['cpanelresult']['preevent']['result'] : true; //Some cPanel doesn't provide this key. In that case, ignore it by setting 'true'.
$postevent_result = isset($response_array['cpanelresult']['postevent']) ? (bool) $response_array['cpanelresult']['postevent']['result'] : true; //Some cPanel doesn't provide this key. In that case, ignore it by setting 'true'.
if ($event_result && $preevent_result && $postevent_result) {
$status = 'success';
$action = 'continue';
$message = __("Successfully added TXT record.","really-simple-ssl");
} else {
$status = 'warning';
$action = 'continue';
$message = __("Could not automatically add TXT record. Please proceed manually, following the steps below.","really-simple-ssl");
}
return new RSSSL_RESPONSE($status, $action, $message);
}
}