>> But username and password are required for these functions, right?
>
> Yep, but if it's the subuser that trying to do this, they've presumably
> already logged in....
That part I understand. ;-)
The reason I asked the question is because there appears to be only one
reason that a login is even necessary to renew a domain name, and that is to
get the current expiration date for the domain (in the renew.cgi it's this:
$response->{attributes}->{expiredate} ). You must be logged in to get this
info, as it is part of the userinfo object which requires a cookie.
Once the expiredate attribute is found, it is parsed, since the information
arrives like this 2003-12-30 23:35:52, we pull out the first part and we get
the current expiration year as 2003.
Then we send a command which might look like this:
my $xcp_req = {
action => 'renew',
object => 'domain',
attributes => {
domain => $reg_domain,
currentexpirationyear => $year,
period => $period,
},
};
with $year as the value we just pulled out...
So the only reason any login is even necessary is to get the
currentexpirationyear attribute, because as you can see, the above command
is all that is needed to renew a domain name in the API. You don't actually
send the username/password along with the renew command; just the domain
name, the current expiration year, and the period to renew...
The reason I bring this up is because there really should not be a need to
login to renew a domain name, it is an unnecessary step. Anyone should be
able to renew the domain. And the only reason that the current setup
requires a login - from a technical perspective - is to get that one bit of
info, the current expiration date so we can parse out the year and send it
along with the renew command.
Which is what led many of us to find other ways of getting this info, so
that we could implement faster and easier ways for our customers to renew
domain names.
So, if OpenSRS would add an API call which would allow us to query for this
info without doing it from get_domain_info , or alternatively *drop the
requirement that currentexpirationyear be sent along with the renew
command*, you could easily allow your subuser - or anyone - to renew
domains.
I think that about sums it up.
--
John Keegan
[EMAIL PROTECTED]
http://RackShare.com
