• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Problems Automating Administrative tasks

#1
Does anyone know how to run a curl command to login to the admin control panel?

or any other way to automate the login process into the admin panel?
 

Chris D

XenForo developer
Staff member
#2
What tasks are you trying to automate?

Typically the way to automate administrative tasks is via cron jobs.
 
#3
PHP:
    session_start();
    // SET THE USER AGENT
    $user_agent                    = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari';
    // COOKIE FILE LOCATION
    $cookiefile                    = "/tmp/cookies.txt";
 
    // ------------ START THE ADMIN PANEL LOGIN
    // SET LOGIN INFORMATION
    $url                        = 'http://domain.com/admin.php?login/login';
    $referrer                    = 'http://domain.com/admin.php';
    $post_fields                    = array();
    $post_fields['login']                = 'ADMIN';            // ADMINISTRATIVE USER NAME
    $post_fields['password']            = 'PASS';            // ADMINISTRATIVE USER PASSWORD
    $post_fields['cookie_check']            = '1';                // SET COOKIE CHECK TO TRUE
    $post_fields['redirect']            = '/admin.php';            // SET REDIRECT URL
    $post_fields['_xfToken']            = '';                // XF TOKEN IS CURRENTLY BLANK
    // SPECIFY THE HOST(NAME) AND OTHER HEADERS
    $host                        = 'domain.com';
        $headers                    = array("Host: ".$host, "Content-Type: application/x-www-form-urlencoded");
 
    // INITIALIZE CURL SESSION
    $curl_handler    = curl_init();
    $options                    = array
        (
            CURLOPT_URL            => $url,
            CURLOPT_POST            => TRUE,
            CURLOPT_POSTFIELDS        => $post_fields,        // POST VARIABLES TO BE SENT
            CURLOPT_HEADER            => TRUE,            // DISPLAY HEADERS
            CURLOPT_VERBOSE            => TRUE,            // DISPLAY COMMUNICATION WITH SERVER
            CURLOPT_HTTPHEADER        => $headers,
            CURLOPT_FOLLOWLOCATION        => TRUE,
            CURLOPT_RETURNTRANSFER        => TRUE,
            CURLOPT_REFERER            => $referrer,
            CURLOPT_ENCODING        => "",
            CURLOPT_USERAGENT        => $user_agent,
            CURLOPT_AUTOREFERER        => TRUE,
            CURLOPT_CONNECTTIMEOUT        => 120,
            CURLOPT_TIMEOUT            => 120,
            CURLOPT_MAXREDIRS        => 10,
            CURLOPT_COOKIEJAR        => $cookiefile,
            CURLOPT_COOKIEFILE        => $cookiefile
        );
                            curl_setopt_array    ( $curl_handler, $options );
        $data['content']            = curl_exec        ( $curl_handler );    //RETRIEVES THE WEBPAGE'S SOURCE CODE
        $data['error']                = curl_errno        ( $curl_handler );
        $data['errormessage']            = curl_error        ( $curl_handler );
        $data['headers']            = curl_getinfo        ( $curl_handler );
    // ------------ END THE ADMIN PANEL LOGIN
 
    define(MYSQL_IP,    'IP ADDRESS');
    define(MYSQL_USERNAME,    'USER NAME');
    define(MYSQL_PASSWORD,    'PASSWORD');
    define(MYSQL_DATABASE,    'DATABASE');
    $conn = mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE) or die(mysql_error());
    mysql_select_db(MYSQL_DATABASE,$conn) or die(mysql_error());
 
 
    //-------------- START RETRIEVAL OF ADMIN CSRF_TOKEN
    $sql        = "SELECT csrf_token FROM xf_user_profile WHERE user_id = '1' LIMIT 1";
    // QUERY THE DATABASE
    $result        = mysql_query($sql) or die(mysql_error());
    $csrf        = mysql_fetch_assoc($result);
    if(mysql_num_rows($result) < 1)
    {
        echo "1";    // THERE WAS AN ISSUE RECEIVING ADMINISTRATIVE PERMISSIONS
        exit;
    }
    $csrf_token        = stripslashes($csrf['csrf_token']);
    //-------------- END RETRIEVAL OF ADMIN CSRF_TOKEN
 
 
  //WE USE THE RETRIEVED CSRF TOKEN FOR FUTURE CURL POST REQUESTS BY DOING:
    $time                = time();
    $post_fields['_xfToken']    = '1,'.$time.','.sha1($time.$csrf_token);
 
  // AND INCLUDING THE _xfToken IN THE post_fields FOR OTHER CURL POSTS, HOWEVER WHEN WE MAKE THIS FUTURE CURL REQUESTS IT CONTINUES TO GIVE US THE LOGIN PAGE WHEN WE EXAMINE THE $data['content']
 

Jake Bunce

XenForo moderator
Staff member
#7
I have never tried submitting a login form like that. You can try submitting the form fields to the action shown in the HTML source:

Code:
			<form action="admin.php?login/login" class="xenForm formOverlay AcpLoginForm" method="post">
	
	<fieldset id="loginControls">
		<h1>XenForo - Admin Control Panel Login</h1>
		<span class="avatar"><img src="data/avatars/s/0/1.jpg?1339056510" alt="Your avatar" /></span>
		<div class="controlWrapper">
			<label>Name or Email: <span><input type="text" name="login" value="admin" class="textCtrl" id="ctrl_login" /></span></label>
			<label>Password: <span><input type="password" name="password" value="" title="Password" class="textCtrl" id="ctrl_password" /></span></label>
			<label>&nbsp; <span><input type="submit" value="Log in" class="button primary" /></span></label>
			<div id="errorMessage"></div>
		</div>
	</fieldset>
		
	<input type="hidden" name="cookie_check" value="1" />
	<input type="hidden" name="redirect" value="/admin.php" />
	
	

<input type="hidden" name="_xfToken" value="" />
</form>
But I'm not sure that will do you much good since the session is maintained by a browser cookie.

If you want to perform admin tasks then you should write an appropriate script to execute those tasks.
 
#8
We have the appropriate script prepared, the only issue is submitting the login form to the action in the HTML source.
The cookie file currently maintains the xf_session_admin and when we post the fields to the action url using curl we receive a:
Code:
HTTP/1.1 100 Continue
 
HTTP/1.1 200 OK
Date: Wed, 26 Sep 2012 05:08:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: private, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 26 Sep 2012 05:08:47 GMT
Content-Length: 1503
imagetoolbar: no
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
However,
if we turn off javascript in the browser and manually log into the admin control panel we receive a 303 status code for the header response:
Code:
HTTP/1.1 303 See Other
Date: Wed, 26 Sep 2012 05:15:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: private, max-age=0
Set-Cookie: xf_session_admin=fb78edf95816cde9ee5495c1a229b0c4; path=/; httponly
Last-Modified: Wed, 26 Sep 2012 05:15:47 GMT
Location: /admin.php
imagetoolbar: no
Access-Control-Allow-Origin: *
Content-Length: 0
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
this status code refreshs the xf_session_admin from what I can tell, and I believe that might be the why the log in script is failing, but I'm not positive.