Accessing Cpanel via PHP Script: Security?

2025-04-16

Hello all,
I'm trying to setup a script so that I can allow clients access to Awstats WITHOUT giving them full cpanel access. I'm pulling the Awstats info into the script via cURL using the following code:

PHP Code:

 $Curl = curl_init(); 
curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER,0); 
 curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST,0); 
 curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); 
 curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl?$query"); 
 curl_setopt($Curl, CURLOPT_USERPWD, "$cpnlusername:$cpnlpassword"); 
if(isset($_POST)) 
{ 
curl_setopt($Curl, CURLOPT_POST, TRUE); 
curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED); 
} 
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); 
$results = curl_exec($Curl); 
echo curl_error($Curl); 
curl_close ($Curl);

Anyone see any obvious, gaping security holes with pulling info from cPanel this way? Accessing Cpanel via PHP Script: Security?