1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems Automating Administrative tasks

Discussion in 'XenForo Development Discussions' started by turningp01nt, Sep 14, 2012.

  1. turningp01nt

    turningp01nt New Member

    Does anyone know how to run a curl command to login to the admin control panel?

    or any other way to automate the login process into the admin panel?
     
  2. Chris D

    Chris D XenForo Developer Staff Member

    What tasks are you trying to automate?

    Typically the way to automate administrative tasks is via cron jobs.
     
  3. turningp01nt

    turningp01nt New Member

    PHP:
        session_start();
        
    // SET THE USER AGENT
        
    $user_agent                    'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari';
        
    // COOKIE FILE LOCATION
        
    $cookiefile                    "/tmp/cookies.txt";
     
        
    // ------------ START THE ADMIN PANEL LOGIN
        // SET LOGIN INFORMATION
        
    $url                        'http://domain.com/admin.php?login/login';
        
    $referrer                    'http://domain.com/admin.php';
        
    $post_fields                    = array();
        
    $post_fields['login']                = 'ADMIN';            // ADMINISTRATIVE USER NAME
        
    $post_fields['password']            = 'PASS';            // ADMINISTRATIVE USER PASSWORD
        
    $post_fields['cookie_check']            = '1';                // SET COOKIE CHECK TO TRUE
        
    $post_fields['redirect']            = '/admin.php';            // SET REDIRECT URL
        
    $post_fields['_xfToken']            = '';                // XF TOKEN IS CURRENTLY BLANK
        // SPECIFY THE HOST(NAME) AND OTHER HEADERS
        
    $host                        'domain.com';
            
    $headers                    = array("Host: ".$host"Content-Type: application/x-www-form-urlencoded");
     
        
    // INITIALIZE CURL SESSION
        
    $curl_handler    curl_init();
        
    $options                    = array
            (
                
    CURLOPT_URL            => $url,
                
    CURLOPT_POST            => TRUE,
                
    CURLOPT_POSTFIELDS        => $post_fields,        // POST VARIABLES TO BE SENT
                
    CURLOPT_HEADER            => TRUE,            // DISPLAY HEADERS
                
    CURLOPT_VERBOSE            => TRUE,            // DISPLAY COMMUNICATION WITH SERVER
                
    CURLOPT_HTTPHEADER        => $headers,
                
    CURLOPT_FOLLOWLOCATION        => TRUE,
                
    CURLOPT_RETURNTRANSFER        => TRUE,
                
    CURLOPT_REFERER            => $referrer,
                
    CURLOPT_ENCODING        => "",
                
    CURLOPT_USERAGENT        => $user_agent,
                
    CURLOPT_AUTOREFERER        => TRUE,
                
    CURLOPT_CONNECTTIMEOUT        => 120,
                
    CURLOPT_TIMEOUT            => 120,
                
    CURLOPT_MAXREDIRS        => 10,
                
    CURLOPT_COOKIEJAR        => $cookiefile,
                
    CURLOPT_COOKIEFILE        => $cookiefile
            
    );
                                
    curl_setopt_array    $curl_handler$options );
            
    $data['content']            = curl_exec        $curl_handler );    //RETRIEVES THE WEBPAGE'S SOURCE CODE
            
    $data['error']                = curl_errno        $curl_handler );
            
    $data['errormessage']            = curl_error        $curl_handler );
            
    $data['headers']            = curl_getinfo        $curl_handler );
        
    // ------------ END THE ADMIN PANEL LOGIN
     
        
    define(MYSQL_IP,    'IP ADDRESS');
        
    define(MYSQL_USERNAME,    'USER NAME');
        
    define(MYSQL_PASSWORD,    'PASSWORD');
        
    define(MYSQL_DATABASE,    'DATABASE');
        
    $conn mysql_connect(MYSQL_IPMYSQL_USERNAMEMYSQL_PASSWORDMYSQL_DATABASE) or die(mysql_error());
        
    mysql_select_db(MYSQL_DATABASE,$conn) or die(mysql_error());
     
     
        
    //-------------- START RETRIEVAL OF ADMIN CSRF_TOKEN
        
    $sql        "SELECT csrf_token FROM xf_user_profile WHERE user_id = '1' LIMIT 1";
        
    // QUERY THE DATABASE
        
    $result        mysql_query($sql) or die(mysql_error());
        
    $csrf        mysql_fetch_assoc($result);
        if(
    mysql_num_rows($result) < 1)
        {
            echo 
    "1";    // THERE WAS AN ISSUE RECEIVING ADMINISTRATIVE PERMISSIONS
            
    exit;
        }
        
    $csrf_token        stripslashes($csrf['csrf_token']);
        
    //-------------- END RETRIEVAL OF ADMIN CSRF_TOKEN
     
     
      //WE USE THE RETRIEVED CSRF TOKEN FOR FUTURE CURL POST REQUESTS BY DOING:
        
    $time                time();
        
    $post_fields['_xfToken']    = '1,'.$time.','.sha1($time.$csrf_token);
     
      
    // AND INCLUDING THE _xfToken IN THE post_fields FOR OTHER CURL POSTS, HOWEVER WHEN WE MAKE THIS FUTURE CURL REQUESTS IT CONTINUES TO GIVE US THE LOGIN PAGE WHEN WE EXAMINE THE $data['content']
     
  4. Chris D

    Chris D XenForo Developer Staff Member

    Fine...

    But what administrative tasks are you trying to automate?
     
  5. turningp01nt

    turningp01nt New Member

    Creating a category, forum, user group, and then setting a user to a user group.
     
  6. turningp01nt

    turningp01nt New Member

  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I have never tried submitting a login form like that. You can try submitting the form fields to the action shown in the HTML source:

    Code:
    			<form action="admin.php?login/login" class="xenForm formOverlay AcpLoginForm" method="post">
    	
    	<fieldset id="loginControls">
    		<h1>XenForo - Admin Control Panel Login</h1>
    		<span class="avatar"><img src="data/avatars/s/0/1.jpg?1339056510" alt="Your avatar" /></span>
    		<div class="controlWrapper">
    			<label>Name or Email: <span><input type="text" name="login" value="admin" class="textCtrl" id="ctrl_login" /></span></label>
    			<label>Password: <span><input type="password" name="password" value="" title="Password" class="textCtrl" id="ctrl_password" /></span></label>
    			<label>&nbsp; <span><input type="submit" value="Log in" class="button primary" /></span></label>
    			<div id="errorMessage"></div>
    		</div>
    	</fieldset>
    		
    	<input type="hidden" name="cookie_check" value="1" />
    	<input type="hidden" name="redirect" value="/admin.php" />
    	
    	
    
    <input type="hidden" name="_xfToken" value="" />
    </form>
    
    But I'm not sure that will do you much good since the session is maintained by a browser cookie.

    If you want to perform admin tasks then you should write an appropriate script to execute those tasks.
     
  8. turningp01nt

    turningp01nt New Member

    We have the appropriate script prepared, the only issue is submitting the login form to the action in the HTML source.
    The cookie file currently maintains the xf_session_admin and when we post the fields to the action url using curl we receive a:
    Code:
    HTTP/1.1 100 Continue
     
    HTTP/1.1 200 OK
    Date: Wed, 26 Sep 2012 05:08:47 GMT
    Server: Apache
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Last-Modified: Wed, 26 Sep 2012 05:08:47 GMT
    Content-Length: 1503
    imagetoolbar: no
    Access-Control-Allow-Origin: *
    Content-Type: text/html; charset=UTF-8
    However,
    if we turn off javascript in the browser and manually log into the admin control panel we receive a 303 status code for the header response:
    Code:
    HTTP/1.1 303 See Other
    Date: Wed, 26 Sep 2012 05:15:47 GMT
    Server: Apache
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Set-Cookie: xf_session_admin=fb78edf95816cde9ee5495c1a229b0c4; path=/; httponly
    Last-Modified: Wed, 26 Sep 2012 05:15:47 GMT
    Location: /admin.php
    imagetoolbar: no
    Access-Control-Allow-Origin: *
    Content-Length: 0
    Keep-Alive: timeout=15, max=93
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
    this status code refreshs the xf_session_admin from what I can tell, and I believe that might be the why the log in script is failing, but I'm not positive.
     

Share This Page