1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems Automating Administrative tasks

Discussion in 'XenForo Development Discussions' started by turningp01nt, Sep 14, 2012.

  1. turningp01nt

    turningp01nt New Member

    Does anyone know how to run a curl command to login to the admin control panel?

    or any other way to automate the login process into the admin panel?
  2. Chris D

    Chris D XenForo Developer Staff Member

    What tasks are you trying to automate?

    Typically the way to automate administrative tasks is via cron jobs.
  3. turningp01nt

    turningp01nt New Member

    $user_agent                    'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari';
    $cookiefile                    "/tmp/cookies.txt";
    // ------------ START THE ADMIN PANEL LOGIN
    $url                        'http://domain.com/admin.php?login/login';
    $referrer                    'http://domain.com/admin.php';
    $post_fields                    = array();
    $post_fields['login']                = 'ADMIN';            // ADMINISTRATIVE USER NAME
    $post_fields['password']            = 'PASS';            // ADMINISTRATIVE USER PASSWORD
    $post_fields['cookie_check']            = '1';                // SET COOKIE CHECK TO TRUE
    $post_fields['redirect']            = '/admin.php';            // SET REDIRECT URL
    $post_fields['_xfToken']            = '';                // XF TOKEN IS CURRENTLY BLANK
    $host                        'domain.com';
    $headers                    = array("Host: ".$host"Content-Type: application/x-www-form-urlencoded");
    $curl_handler    curl_init();
    $options                    = array
    CURLOPT_URL            => $url,
    CURLOPT_POST            => TRUE,
    CURLOPT_POSTFIELDS        => $post_fields,        // POST VARIABLES TO BE SENT
    CURLOPT_HEADER            => TRUE,            // DISPLAY HEADERS
    CURLOPT_HTTPHEADER        => $headers,
    CURLOPT_REFERER            => $referrer,
    CURLOPT_ENCODING        => "",
    CURLOPT_USERAGENT        => $user_agent,
    CURLOPT_TIMEOUT            => 120,
    CURLOPT_MAXREDIRS        => 10,
    CURLOPT_COOKIEJAR        => $cookiefile,
    CURLOPT_COOKIEFILE        => $cookiefile
    curl_setopt_array    $curl_handler$options );
    $data['content']            = curl_exec        $curl_handler );    //RETRIEVES THE WEBPAGE'S SOURCE CODE
    $data['error']                = curl_errno        $curl_handler );
    $data['errormessage']            = curl_error        $curl_handler );
    $data['headers']            = curl_getinfo        $curl_handler );
    // ------------ END THE ADMIN PANEL LOGIN
    define(MYSQL_IP,    'IP ADDRESS');
    define(MYSQL_USERNAME,    'USER NAME');
    define(MYSQL_PASSWORD,    'PASSWORD');
    define(MYSQL_DATABASE,    'DATABASE');
    $conn mysql_connect(MYSQL_IPMYSQL_USERNAMEMYSQL_PASSWORDMYSQL_DATABASE) or die(mysql_error());
    mysql_select_db(MYSQL_DATABASE,$conn) or die(mysql_error());
    $sql        "SELECT csrf_token FROM xf_user_profile WHERE user_id = '1' LIMIT 1";
    $result        mysql_query($sql) or die(mysql_error());
    $csrf        mysql_fetch_assoc($result);
    mysql_num_rows($result) < 1)
    $csrf_token        stripslashes($csrf['csrf_token']);
    $time                time();
    $post_fields['_xfToken']    = '1,'.$time.','.sha1($time.$csrf_token);
  4. Chris D

    Chris D XenForo Developer Staff Member


    But what administrative tasks are you trying to automate?
  5. turningp01nt

    turningp01nt New Member

    Creating a category, forum, user group, and then setting a user to a user group.
  6. turningp01nt

    turningp01nt New Member

  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I have never tried submitting a login form like that. You can try submitting the form fields to the action shown in the HTML source:

    			<form action="admin.php?login/login" class="xenForm formOverlay AcpLoginForm" method="post">
    	<fieldset id="loginControls">
    		<h1>XenForo - Admin Control Panel Login</h1>
    		<span class="avatar"><img src="data/avatars/s/0/1.jpg?1339056510" alt="Your avatar" /></span>
    		<div class="controlWrapper">
    			<label>Name or Email: <span><input type="text" name="login" value="admin" class="textCtrl" id="ctrl_login" /></span></label>
    			<label>Password: <span><input type="password" name="password" value="" title="Password" class="textCtrl" id="ctrl_password" /></span></label>
    			<label>&nbsp; <span><input type="submit" value="Log in" class="button primary" /></span></label>
    			<div id="errorMessage"></div>
    	<input type="hidden" name="cookie_check" value="1" />
    	<input type="hidden" name="redirect" value="/admin.php" />
    <input type="hidden" name="_xfToken" value="" />
    But I'm not sure that will do you much good since the session is maintained by a browser cookie.

    If you want to perform admin tasks then you should write an appropriate script to execute those tasks.
  8. turningp01nt

    turningp01nt New Member

    We have the appropriate script prepared, the only issue is submitting the login form to the action in the HTML source.
    The cookie file currently maintains the xf_session_admin and when we post the fields to the action url using curl we receive a:
    HTTP/1.1 100 Continue
    HTTP/1.1 200 OK
    Date: Wed, 26 Sep 2012 05:08:47 GMT
    Server: Apache
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Last-Modified: Wed, 26 Sep 2012 05:08:47 GMT
    Content-Length: 1503
    imagetoolbar: no
    Access-Control-Allow-Origin: *
    Content-Type: text/html; charset=UTF-8
    if we turn off javascript in the browser and manually log into the admin control panel we receive a 303 status code for the header response:
    HTTP/1.1 303 See Other
    Date: Wed, 26 Sep 2012 05:15:47 GMT
    Server: Apache
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Set-Cookie: xf_session_admin=fb78edf95816cde9ee5495c1a229b0c4; path=/; httponly
    Last-Modified: Wed, 26 Sep 2012 05:15:47 GMT
    Location: /admin.php
    imagetoolbar: no
    Access-Control-Allow-Origin: *
    Content-Length: 0
    Keep-Alive: timeout=15, max=93
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
    this status code refreshs the xf_session_admin from what I can tell, and I believe that might be the why the log in script is failing, but I'm not positive.

Share This Page