From 56e6f121993618c7c01cd0e1b84121db191c0061 Mon Sep 17 00:00:00 2001
From: Jagdish Patel <jagdish1230@gmail.com>
Date: Fri, 26 May 2023 15:41:05 +0530
Subject: [PATCH] Update cpaneluapi.class.php for improving security

---
 cpaneluapi.class.php | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/cpaneluapi.class.php b/cpaneluapi.class.php
index 505cfe7..41cb480 100644
--- a/cpaneluapi.class.php
+++ b/cpaneluapi.class.php
@@ -35,6 +35,7 @@ class cpanelAPI
     protected $scope; //String - Module we want to use
     protected $api;
     protected $auth;
+    protected $authType; // Authorization type 'Basic' to authenticate using account password or 'cpanel' to authenticate using cpanel api tokens to prevent leaking of account password
     protected $pass;
     protected $secret;
     protected $type;
@@ -48,11 +49,12 @@ class cpanelAPI
     protected $postData = '';
     /**
      * @param $user
-     * @param $pass
+     * @param $pass cpanel password or api token
      * @param $server
      * @param $secret
+     * @param $authType Basic/cpanel
      */
-    function __construct($user, $pass, $server, $secret = FALSE)
+    function __construct($user, $pass, $server, $secret = FALSE, $authType = 'Basic')
     {
         $this->user = $user;
         $this->pass = $pass;
@@ -61,6 +63,7 @@ function __construct($user, $pass, $server, $secret = FALSE)
             $this->secret = $secret;
             $this->set2Fa();
         }
+        $this->authType = $authType;
     }
 
     /**
@@ -151,6 +154,15 @@ public function __call($name, $arguments)
         return json_decode($this->json);
     }
 
+    /**
+    * @return string
+    **/
+    
+    protected function getAuth()
+    {
+        return ($this->authType == 'cpanel' ? $this->user . ":" . $this->pass : base64_encode($this->user . ":" . $this->pass));
+    }
+    
     /**
      * @param $name
      * @param $arguments
@@ -159,7 +171,7 @@ public function __call($name, $arguments)
      */
     protected function APIcall($name, $arguments)
     {
-        $this->auth = base64_encode($this->user . ":" . $this->pass);
+        $this->auth = $this->getAuth();
         $this->type = $this->ssl == 1 ? "https://" : "http://";
         $this->requestUrl = $this->type . $this->server . ':' . $this->port . $this->method;
         switch ($this->api) {
@@ -191,7 +203,7 @@ protected function APIcall($name, $arguments)
      */
     protected function curl_request($url)
     {
-        $httpHeaders = array("Authorization: Basic " . $this->auth);
+        $httpHeaders = array("Authorization: {$this->authType} " . $this->auth);
         //If we have a token then send that with the request for 2FA.
         if ($this->token) {
             $httpHeaders[] = "X-CPANEL-OTP: " . $this->token;