PHP: Plesk Hosting, username and password of everything!

I have a VPS (CentOS) with a few domains (about 15), mainly for personal use. The problem I always had was remembering or storing all possible username and password for all services. After searching for a while the psa db, I noticed that every password was stored as cleartext! Following this, I wrote this simple PHP script to have a report with all passwords.

Telling you that you need to be extra careful not to expose this script to the public is of course not necessary!

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>mycodepad.wordpress.gr - Plesk Domains Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
* {
    font-family: Courier New;
}
</style>
</head>
<body>
<a name='top'></a>

<?php

//CONNECT TO DB psa

$sQuery = "SELECT * FROM domains ORDER BY displayName";    
$hResult = mysql_query($sQuery);
while($arData = mysql_fetch_assoc($hResult)){
    echo("<a href='#".$arData['displayName']."'>".$arData['displayName']."</a>, ");
}
mysql_data_seek($hResult, 0);
while($arData = mysql_fetch_assoc($hResult)){
    echo("<a name='".$arData['displayName']."'></a>");
    echo("<h1>".$arData['displayName']."</h1>");
    
    //Dates
    echo("<i>Creation: ".$arData['cr_date'].",</i> ");
    $sQuery2 = "SELECT * FROM Limits WHERE id = ".$arData['limits_id'];
	$hResult2 = mysql_query($sQuery2);
    while($arData2 = mysql_fetch_assoc($hResult2)){
        if($arData2['limit_name'] == 'expiration') {
            if($arData2['value'] == -1)
                echo("<i>Never expires</i>");
            else
                echo("<i>Expires: ".date("Y-m-d", $arData2['value'])."</i>");
        }
    }

    //eMails
    echo("<h3>eMails</h3>");
    $sQuery = "SELECT * FROM mail INNER JOIN accounts ON mail.account_id = accounts.id WHERE dom_id = ".$arData['id'];
    $hResult2 = mysql_query($sQuery2);
    if(mysql_num_rows($hResult2)) {
        while($arData2 = mysql_fetch_assoc($hResult2)){
            echo($arData2['mail_name']."@".$arData['displayName']);
            echo(" ");
            echo($arData2['password']);
            echo("<br />");
        }
    }
    else
        echo("<i>Domain has no emails</i>");
    
    //FTP
    echo("<h3>FTP</h3>");
    $sQuery = "SELECT * FROM sys_users INNER JOIN accounts ON sys_users.account_id = accounts.id WHERE home LIKE '%".$arData['displayName']."%'";
    $hResult2 = mysql_query($sQuery2);
    if(@mysql_num_rows($hResult2)) {
        while($arData2 = mysql_fetch_assoc($hResult2)){
            echo($arData2['login']);
            echo(" ");
            echo($arData2['password']);
            echo("<br />");
        }
    }
    else
        echo("<i>Domain has no ftp</i>");

    //DB
    echo("<h3>DB</h3>");
    $sQuery = "SELECT db_users.login,accounts.password,data_bases.type,data_bases.name FROM data_bases INNER JOIN db_users ON data_bases.id = db_users.db_id INNER JOIN accounts ON db_users.account_id = accounts.id WHERE dom_id = ".$arData['id'];
    $hResult2 = mysql_query($sQuery2);
    if(mysql_num_rows($hResult2)) {
        while($arData2 = mysql_fetch_assoc($hResult2)){            
            echo($arData2['login']);
            echo(" ");
            echo($arData2['password']);
            echo(" <i>(".strtoupper($arData2['type'])." DB ".$arData2['name']."</i>)");
            echo("<br />");        
        }

    }
    else
        echo("<i>Domain has no databases</i>");
    
    //Protected Directories
    echo("<h3>Protected Directories</h3>");
    $sQuery = "SELECT * FROM protected_dirs pd INNER JOIN pd_users pdu ON pd.id = pdu.pd_id INNER JOIN accounts a ON pdu.account_id = a.id WHERE pd.dom_id = ".$arData['id'];
    $hResult2 = mysql_query($sQuery2);
    if(mysql_num_rows($hResult2)) {
        while($arData2 = mysql_fetch_assoc($hResult2)){
            echo($arData2['path']." (<i>".(($arData2['non_ssl']=='true')?'http,':'').(($arData2['ssl']=='true')?'https':'')."</i>) ");
            echo($arData2['login']);
            echo(" ");
            echo($arData2['password']);
            echo("<br />");        
        }
    }
    else
        echo("<i>Domain has no protected directories</i>");
    
    //Control Panel access
    echo("<h3>Control Panel</h3>");
    $sQuery = "SELECT * FROM dom_level_usrs INNER JOIN domains ON dom_level_usrs.dom_id = domains.id INNER JOIN accounts ON dom_level_usrs.account_id = accounts.id WHERE domains.id = ".$arData['id'];
    $hResult2 = mysql_query($sQuery2);
    if(mysql_num_rows($hResult2)) {
        while($arData2 = mysql_fetch_assoc($hResult2)){
            echo($arData2['name']);
            echo(" ");
            echo($arData2['password']);
            echo("<br />");        
        }

    }
    else
        echo("<i>Domain has no CP access</i>");
    
    echo("<br /><a href='#top'>top</a>");
}

?>

</body>
</html>

Searching the queries a little more, you’ll find all kind of data you need to generate other reports, like expiring domains, limits etc

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s