Problems Automating Administrative tasks

turningp01nt

turningp01nt

New member
Does anyone know how to run a curl command to login to the admin control panel?

or any other way to automate the login process into the admin panel?
 
What tasks are you trying to automate?

Typically the way to automate administrative tasks is via cron jobs.
 
PHP: 
    session_start();
    // SET THE USER AGENT
    $user_agent                    = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari';
    // COOKIE FILE LOCATION
    $cookiefile                    = "/tmp/cookies.txt";
 
    // ------------ START THE ADMIN PANEL LOGIN
    // SET LOGIN INFORMATION
    $url                        = 'http://domain.com/admin.php?login/login';
    $referrer                    = 'http://domain.com/admin.php';
    $post_fields                    = array();
    $post_fields['login']                = 'ADMIN';            // ADMINISTRATIVE USER NAME
    $post_fields['password']            = 'PASS';            // ADMINISTRATIVE USER PASSWORD
    $post_fields['cookie_check']            = '1';                // SET COOKIE CHECK TO TRUE
    $post_fields['redirect']            = '/admin.php';            // SET REDIRECT URL
    $post_fields['_xfToken']            = '';                // XF TOKEN IS CURRENTLY BLANK
    // SPECIFY THE HOST(NAME) AND OTHER HEADERS
    $host                        = 'domain.com';
        $headers                    = array("Host: ".$host, "Content-Type: application/x-www-form-urlencoded");
 
    // INITIALIZE CURL SESSION
    $curl_handler    = curl_init();
    $options                    = array
        (
            CURLOPT_URL            => $url,
            CURLOPT_POST            => TRUE,
            CURLOPT_POSTFIELDS        => $post_fields,        // POST VARIABLES TO BE SENT
            CURLOPT_HEADER            => TRUE,            // DISPLAY HEADERS
            CURLOPT_VERBOSE            => TRUE,            // DISPLAY COMMUNICATION WITH SERVER
            CURLOPT_HTTPHEADER        => $headers,
            CURLOPT_FOLLOWLOCATION        => TRUE,
            CURLOPT_RETURNTRANSFER        => TRUE,
            CURLOPT_REFERER            => $referrer,
            CURLOPT_ENCODING        => "",
            CURLOPT_USERAGENT        => $user_agent,
            CURLOPT_AUTOREFERER        => TRUE,
            CURLOPT_CONNECTTIMEOUT        => 120,
            CURLOPT_TIMEOUT            => 120,
            CURLOPT_MAXREDIRS        => 10,
            CURLOPT_COOKIEJAR        => $cookiefile,
            CURLOPT_COOKIEFILE        => $cookiefile
        );
                            curl_setopt_array    ( $curl_handler, $options );
        $data['content']            = curl_exec        ( $curl_handler );    //RETRIEVES THE WEBPAGE'S SOURCE CODE
        $data['error']                = curl_errno        ( $curl_handler );
        $data['errormessage']            = curl_error        ( $curl_handler );
        $data['headers']            = curl_getinfo        ( $curl_handler );
    // ------------ END THE ADMIN PANEL LOGIN
 
    define(MYSQL_IP,    'IP ADDRESS');
    define(MYSQL_USERNAME,    'USER NAME');
    define(MYSQL_PASSWORD,    'PASSWORD');
    define(MYSQL_DATABASE,    'DATABASE');
    $conn = mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE) or die(mysql_error());
    mysql_select_db(MYSQL_DATABASE,$conn) or die(mysql_error());
 
 
    //-------------- START RETRIEVAL OF ADMIN CSRF_TOKEN
    $sql        = "SELECT csrf_token FROM xf_user_profile WHERE user_id = '1' LIMIT 1";
    // QUERY THE DATABASE
    $result        = mysql_query($sql) or die(mysql_error());
    $csrf        = mysql_fetch_assoc($result);
    if(mysql_num_rows($result) < 1)
    {
        echo "1";    // THERE WAS AN ISSUE RECEIVING ADMINISTRATIVE PERMISSIONS
        exit;
    }
    $csrf_token        = stripslashes($csrf['csrf_token']);
    //-------------- END RETRIEVAL OF ADMIN CSRF_TOKEN
 
 
  //WE USE THE RETRIEVED CSRF TOKEN FOR FUTURE CURL POST REQUESTS BY DOING:
    $time                = time();
    $post_fields['_xfToken']    = '1,'.$time.','.sha1($time.$csrf_token);
 
  // AND INCLUDING THE _xfToken IN THE post_fields FOR OTHER CURL POSTS, HOWEVER WHEN WE MAKE THIS FUTURE CURL REQUESTS IT CONTINUES TO GIVE US THE LOGIN PAGE WHEN WE EXAMINE THE $data['content']
 
I have never tried submitting a login form like that. You can try submitting the form fields to the action shown in the HTML source:

Code: 
			<form action="admin.php?login/login" class="xenForm formOverlay AcpLoginForm" method="post">
	
	<fieldset id="loginControls">
		<h1>XenForo - Admin Control Panel Login</h1>
		<span class="avatar"><img src="data/avatars/s/0/1.jpg?1339056510" alt="Your avatar" /></span>
		<div class="controlWrapper">
			<label>Name or Email: <span><input type="text" name="login" value="admin" class="textCtrl" id="ctrl_login" /></span></label>
			<label>Password: <span><input type="password" name="password" value="" title="Password" class="textCtrl" id="ctrl_password" /></span></label>
			<label>&nbsp; <span><input type="submit" value="Log in" class="button primary" /></span></label>
			<div id="errorMessage"></div>
		</div>
	</fieldset>
		
	<input type="hidden" name="cookie_check" value="1" />
	<input type="hidden" name="redirect" value="/admin.php" />
	
	

<input type="hidden" name="_xfToken" value="" />
</form>

But I'm not sure that will do you much good since the session is maintained by a browser cookie.

If you want to perform admin tasks then you should write an appropriate script to execute those tasks.
 
We have the appropriate script prepared, the only issue is submitting the login form to the action in the HTML source.
The cookie file currently maintains the xf_session_admin and when we post the fields to the action url using curl we receive a:
Code: 
HTTP/1.1 100 Continue
 
HTTP/1.1 200 OK
Date: Wed, 26 Sep 2012 05:08:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: private, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 26 Sep 2012 05:08:47 GMT
Content-Length: 1503
imagetoolbar: no
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8

However,
if we turn off javascript in the browser and manually log into the admin control panel we receive a 303 status code for the header response:
Code: 
HTTP/1.1 303 See Other
Date: Wed, 26 Sep 2012 05:15:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: private, max-age=0
Set-Cookie: xf_session_admin=fb78edf95816cde9ee5495c1a229b0c4; path=/; httponly
Last-Modified: Wed, 26 Sep 2012 05:15:47 GMT
Location: /admin.php
imagetoolbar: no
Access-Control-Allow-Origin: *
Content-Length: 0
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

this status code refreshs the xf_session_admin from what I can tell, and I believe that might be the why the log in script is failing, but I'm not positive.
 
You must log in or register to reply here.

Similar threads

X
  • Question Question
XF 2.2 Administrative UserGroup has basic capabilities turned off. This is not intuitive.
Replies
3
Views
396
Paul B
P
spirogg
  • Solved
XF 2.2 I accidentally selected Yes to all administrative options and wanted to know how I can change it back
2
Replies
20
Views
1K
Paul B
P
A
  • Question Question
XF 1.5 "Administrative" - Not much is checked with Fresh Install? Is this Admin? Check All?
Replies
2
Views
478
Mike
Mike
lifewithcannabis
  • Question Question
XF 1.5 'Administrative' Users
Replies
5
Views
609
Mike
Mike
W
  • Question Question
XF 1.4 Users can ignore administrative/moderator usergroups
Replies
12
Views
3K
Stuart Wright
Stuart Wright
Back
Top Bottom