Manage cPanel FTP accounts with WordPress

Posted on by Elio Rivero

These are the hooks we’ll use:

<?php
add_filter( 'wp_mail_content_type', 'ilc_return_text_html' );
add_action( 'user_register', 'ilc_user_register' );
add_action( 'delete_user', 'ilc_delete_user' );
add_action( 'show_user_profile', 'ilc_user_profile' );
add_action( 'edit_user_profile', 'ilc_user_profile' );

Let’s email the users mails with HTML format:

function ilc_return_text_html () {
    return 'text/html';
}

When a user is created, an FTP account is created too:

<?php
function ilc_user_register($userid) {
    $userinfo = get_userdata($userid);
    $directory = WP_CONTENT_DIR . '/uploads/' . $userinfo->user_nicename;
    mkdir($directory, 0755);
    $fpass = wp_generate_password();

    $data['login'] = $userinfo->user_nicename;
    $data['password'] = $fpass;
    $data['quota'] = '50';
    $data['homedir'] = '/public_html/wp-content/uploads/' . $userinfo->user_nicename;
    $response = getData('ftp/doaddftp.html', $data);
    if (strpos($response, 'failure') || strpos($response, 'Fatal') || !strpos($response, 'Added')) {
        $mensaje = 'Epic fail!';
    }
    $mensaje = 'Correct!';

    wp_mail($userinfo->user_email, 'Access your FTP account' . $mensaje, '<p>Use the following credentials:</p><ul><li>Server: <strong>your-site.com</strong></li><li>User <strong>' . $userinfo->user_nicename . '@your-site.com</strong></li><li>Password <strong>' . $fpass . '</strong><li></ul>');
}

function getData($url, $data = '') {
    $username = 'cpanelusername';
    $password = 'strongpasswordgeneratordotcom';
    $theme = 'x3';
    $auth = base64_encode($username . ':' . $password);
    $port = 2082;
    $host = 'your-site.com';
    $path = '/frontend/' . $theme . '/';

    $url = $path . $url;
    if (is_array($data)) {
        $url = $url . '?';
        foreach ($data as $key => $value) {
            $url .= urlencode($key) . '=' . urlencode($value) . '&';
        }
        $url = substr($url, 0, -1);
    }
    $response = '';
    $fp = fsockopen($host, $port);
    if (!$fp) {
        return false;
    }
    $out = 'GET ' . $url . ' HTTP/1.0' . '\r\n';
    $out .= 'Authorization: Basic ' . $auth . '\r\n';
    $out .= 'Connection: Close' . '\r\n\r\n';
    fwrite($fp, $out);
    while (!feof($fp)) {
        $response .= @fgets($fp);
    }
    fclose($fp);
    return $response;
}

if the user is deleted, the ftp account is deleted too

function ilc_delete_user($userid){
    $userinfo = get_userdata($userid);
    ilcrmdir ( WP_CONTENT_DIR . '/uploads/' . $userinfo->user_nicename);
    $data['login'] = $userinfo->user_nicename;
    $response = getData('ftp/realdodelftp.html', $data);
    if(false !== strpos($response, 'deleted')) {
        return true;
    }
    return false;
}
function ilcrmdir($dir){
    if (is_dir($dir)) {
        $objects = scandir($dir);
        foreach ($objects as $object) {
            if ($object != "." && $object != "..") {
                if (filetype($dir."/".$object) == "dir") rrmdir($dir."/".$object); else unlink($dir."/".$object);
            }
        }
        reset($objects);
        rmdir($dir);
    }
}

now let’s display the user files

function ilc_user_profile(){
    $userinfo = get_userdata($_GET['user_id']);
    $files = file_list( WP_CONTENT_DIR . '/uploads/' . $userinfo->user_login, '' );
    if(isset($files)){
        echo '<h3>' . esc_html__('Available Files', 'ilc') . '</h3>';
        echo '<p>' . esc_html__('These are the files available for download.', 'ilc') . '</p>';
        $files = file_list( WP_CONTENT_DIR . '/uploads/' . $userinfo->user_login );
        echo '<ol>';
        foreach ( $files as $i => $value ) {
            echo '<li><a title="Download ' . esc_attr__( $files[$i] ) . '" href="' . THEME_URI . '/library/admin/download.php?file=' . WP_CONTENT_DIR . '/uploads/' . esc_attr__( $userinfo->user_login ) . '/' . esc_attr__( $files[$i] ) . '">' . esc_html( $files[$i] ) . '</a></li>';
        }
        echo '</ol>';
    }
}
function file_list($d = '', $x = ''){
    foreach(array_diff(scandir($d),array('.','..')) as $f)
        if(is_file($d.'/'.$f)&&(($x)?ereg($x.'$',$f):1))
            if($f != '.ftpquota')
                $l[]=$f;
    return $l;
}

The content of download.php works for my server, but maybe you’ll have to tweak it for your server.

<?php
$fullPath = $_GET['file'];

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}

Published by Elio Rivero

Software engineer, designer and photographer.

Leave a Reply