A password must be supplied for cPanel migrations - make mandatory

[shoulders]

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 22.04.5
Usermin version	2.102
Virtualmin version	7.20.2 Pro
Theme version	21.20.7
Apache version	2.4.52
Package updates	10 package updates are available

the issue

If you do not enter a password for cpanel migrations you get this error

proposed solution

Make the password field mandatory when cpanel backup is selected

additional

maybe remove the option to try and figure out the password automatically? most backups will have this hashed nowadays (or should).

[jcameron]

The hashed password isn't good enough in most cases though - Virtualmin needs the original so it can be re-hashed for MySQL or the local /etc/shadow file format.

[shoulders]

The hashed password isn't good enough in most cases though - Virtualmin needs the original so it can be re-hashed for MySQL or the local /etc/shadow file format.

I should of been more specific, remove work out from backup option because most backups should not have the password present in the archive.

[jcameron]

In some cases we can get the password from the backup though, so I don't think it would make sense to remove that option entirely.

[shoulders]

• defiantly make password mandatory on cPanel because I keep forgetting to add the password, do a large upload and then it says I need a password.
• I am guessing the new version of Plesk and DirectAdmin will be the same, so perhaps make password mandatory for these aswell.
• The other imports for dead systems don't need to have any change made to them.

[jcameron]

Unfortunately due to the way browser form uploads work, we can't check for the password field until the whole backup file has been uploaded. Unless we were to do it on the form in Javascript...

[shoulders]

Unless we were to do it on the form in Javascript...

That how I thought you did some of the stuff anyway, using Javascript. This would do for me. So if cpanel (maybe plesk and direct admin) was selected then:

• hide pick automatically
• make input field mandatory and selected

Do you not have a client-side validation framework? If not, when a new webmin/virtualmin theme gets done then maybe add one in then. Joomla has a good example, their forms are built with xml and in the configuration you specify client-side and server-side validation.

[iliajie]

Unless we were to do it on the form in Javascript...

No, we can’t reliably do that either! The information is inside the uploaded file, and there’s not much we can do about it.

[shoulders]

You don't need to look in the file, all cpanel archives will need a password.

[iliajie]

You don't need to look in the file, all cpanel archives will need a password.

You cannot create a backup in cPanel without a password? What format is it?

[shoulders]

When you create cpanel backup it does not need a password.

When you import/migrate a cpanel backup into virtualmin and do not give the cpanel account password, the migration will fail because virtualmin says it needs the cpanel password.

So that is why I say make the password filed when importing a cpanel account mandatory.

[jcameron]

I've checked in a fix here that should speed up the process by detecting if a password wasn't provided sooner : https://github.com/virtualmin/virtualmin-gpl/commit/fbbd72c710554456cbb99274622b621e4ef117cf

[shoulders]

I see, you have added the Password check before the upload, this is a good workaround.

[iliajie]

I've checked in a fix here that should speed up the process by detecting if a password wasn't provided sooner : fbbd72c

Why is it acceptable for $parent not to have a password? Do passwords on the cPanel backups exist for the parent domain but not for subdomains?

[jcameron]

Why is it acceptable for $parent not to have a password? Do passwords on the cPanel backups exist for the parent domain but not for subdomains?

If $parent is set then the domain being migrated is a sub-server of an existing domain, so doesn't need it's own password.