Michael Posted July 22, 2013 Report Posted July 22, 2013 Doesn't matter if you're not currently logged in. If you attempted to log in via basic authentication (like the link from Blesta) but did not first log out of any account you were currently logged into cPanel will not allow you to log in but instead redirect you to the log in page. This is a limitation of cPanel, but probably has something to do with the fact that basic authentication sessions simply don't expire. Instead, try opening a separate browser (if you're using chrome, open firefox instead). Then clear the browser cache. Then paste the login link in your browser. If you click the link and get the login page the redirect is happening correctly, but as I said, cPanel will not allow you to log in via basic authentication if you were previously logged in. I don't get that, I have two cPanel sessions open and can use them freely without logging out of one and then logging in one, that should be limited by the same domain aka hostname, which I don't have open or had open. Quote
Paul Posted July 22, 2013 Report Posted July 22, 2013 I actually didn't have this problem when I was testing, I was able to login to 2 different cPanel accounts by clicking the link without logging out of either. Quote
MemoryX2 Posted July 22, 2013 Author Report Posted July 22, 2013 I actually didn't have this problem when I was testing, I was able to login to 2 different cPanel accounts by clicking the link without logging out of either. I have no problems with this in WHMCS... No matter if I'm logged in to one account 5 or whatever Quote
Paul Posted July 22, 2013 Report Posted July 22, 2013 I have no problems with this in WHMCS... No matter if I'm logged in to one account 5 or whatever How are they formatting the request? Are they posting the data, or linking to it like us? Can you post either the form fields (mask the user/pass) or the URL if its a link (mask the user/pass). Quote
Michael Posted July 22, 2013 Report Posted July 22, 2013 How are they formatting the request? Are they posting the data, or linking to it like us? Can you post either the form fields (mask the user/pass) or the URL if its a link (mask the user/pass). <form action="https://hostname.pw:2083/login/" method="post" target="_blank"> <input type="hidden" name="token" value="Token here."> <input type="hidden" name="user" value="qyaaysku"> <input type="hidden" name="pass" value="passwordhere"> <input type="submit" value="Login to cPanel" class="btn"> <input type="button" value="Login to Webmail" onclick="window.open('https://hostname.pw:2096/')" class="btn"> </form> like that. Quote
Paul Posted July 22, 2013 Report Posted July 22, 2013 Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works. The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around. Quote
Michael Posted July 22, 2013 Report Posted July 22, 2013 Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works. The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around. Mine is off as default: Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication. Turning this on fixes Blesta. and it works in WHM** too. Quote
Cody Posted July 22, 2013 Report Posted July 22, 2013 Probably should add a task to use POST for auth instead. Looks like cPanel may be phasing it out if it's now disabled by default. Quote
Michael Posted July 22, 2013 Report Posted July 22, 2013 Probably should add a task to use POST for auth instead. Looks like cPanel may be phasing it out if it's now disabled by default. maybe so That's the Auto login problem solved haha Quote
Paul Posted July 22, 2013 Report Posted July 22, 2013 I have added this as CORE-597: Change log in link to use post instead of http basic auth Michael 1 Quote
Michael Posted July 22, 2013 Report Posted July 22, 2013 I have added this as CORE-597: Change log in link to use post instead of http basic auth I take it that comes for Blesta 3.0.0 B7 and Blesta 3.0.0 B7 r2 mate? that way we can test it. Quote
Michael Posted July 22, 2013 Report Posted July 22, 2013 Also Cody can you please have a look at: http://staging.blesta.com/forums/index.php?/topic/592-display-prices-on-your-website/#entry4916 Quote
Paul Posted July 22, 2013 Report Posted July 22, 2013 It's assigned to b7, but since it's not done I can't say for sure if it will be in there.. that's the plan. Michael 1 Quote
MemoryX2 Posted July 22, 2013 Author Report Posted July 22, 2013 Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works. The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around. That was it. I changed that on my server and it works perfectly, and just the way I want it to. I can log into a clients cpanel directly from their account just like I wanted. I have added this as CORE-597: Change log in link to use post instead of http basic auth Awesome. I think I recently saw this way described in their docs. It does look like it's being phased out. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.