How to make a php robot that can log in?

Hello,
I need to make a PHP script that logs into my Wordpress blog Admin panel /wp-admin/ (given the username and password) and then goes to .../wp-admin/user-new.php and automatically creates/adds a new user with the given details.

How is this done? Could you give me an example? Thanks!

 

Look up PHP cURL, you might have to enable it on your server thou, there is loads of tutorials online for cURL

http://uk3.php.net/curl

 

Could you please give me an example with wordpress?

 

No, i would have to write you one which i don't have time for. If you can't programme or don't have time to, hire a programmer i'm sure there as some here that will do it cheap.

 

well, I got to log in with cURL. but can you point me in the right direction on how to fill in the forms and submit it so it creates a new user?

 

You use the same you used to login:

$post_data = "filed1=value1&filed2=value2" // So on......
curl_setopt($agent, CURLOPT_POST, true);
curl_setopt($agent, CURLOPT_POSTFIELDS, $post_data);  

PHP:

If you use view source to get the field names from wp-admin new user

 

I've codded this real quick hope it helps.

<?php
$post  = "user_login=" . $_POST['UsernameFiled'] . "&email=" . $_POST['EmailFiled'] . "&first_name=" . $_POST['FirstFiled'] . "&last_name=";
$post .= $_POST['LastFiled'] . "&url=" . $_POST['URLFiled'] . "&pass1=" . $_POST['Pass1Filed'] . "&pass2=" . $_POST['Pass2Filed'] . "&role=" . $_POST['roleFiled'] . "&createuser=Add New User ";

function curl($url, $post = NULL)
{
	$ch = curl_init();

	$cookies = "cookie.txt";
	$post = is_null($post) ? '' : $post;
		
	if ($cookies != '')
	{
		if (substr(PHP_OS, 0, 3) == 'WIN')
		{
			$cookies = str_replace('\\','/', getcwd().'/'.$cookies);
		}
		curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
		curl_setopt ($ch, CURLOPT_URL, $url2);
		if ($post != NULL)
		{
			curl_setopt ($ch, CURLOPT_POST, 1);
			curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
		}
		curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
		curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
		curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
		
		if(curl_exec($ch) === false)
		{
    		return false;
		}
		else
		{
			return $html;
		}
	}
}

$output = curl("http://www.domain.com/wp-admin/user-new.php", $post);
?>

PHP:

 

Notice: Undefined variable: url2

didn't work and it showed that error....

$html is also not defined...

 

Oops sorry chnage this:

curl_setopt ($ch, CURLOPT_URL, $url2);
// to:
curl_setopt ($ch, CURLOPT_URL, $url);

PHP:

 

This is my code... what am I doing wrong?

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/wordpress/wp-login.php');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'log=admin&pwd=mysuperpassword');
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$store = curl_exec ($ch);


//**** Addin New User *****//
$post  = "user_login=tester" . "&email=tester@gmail.com" . "&first_name=" . "&last_name=";
$post .= "&url=" . "&pass1=interestingpass" . "&pass2=interestingpass" . "&createuser=Add New User ";


function curl($url, $post = NULL)
{
    $ch = curl_init();


    $cookies = "cookie.txt";
    $post = is_null($post) ? '' : $post;
        
    if ($cookies != '')
    {
        if (substr(PHP_OS, 0, 3) == 'WIN')
        {
            $cookies = str_replace('\\','/', getcwd().'/'.$cookies);
        }
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
        curl_setopt ($ch, CURLOPT_URL, $url);
        if ($post != NULL)
        {
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
        }
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
        
        if(curl_exec($ch) === false)
        {
            return false;
        }
        else
        {
            //return $html;
        }
    }
}


$output = curl("http://localhost/wordpress/wp-admin/user-new.php", $post);


curl_close ($ch); 
?>

PHP:

 

I've shortened your version to:

<?php
function curl($url, $post = NULL)
{
    $ch = curl_init();

    $cookies = "cookie.txt";
    $post = is_null($post) ? '' : $post;
        
    if ($cookies != '')
    {
        if (substr(PHP_OS, 0, 3) == 'WIN')
        {
            $cookies = str_replace('\\','/', getcwd().'/'.$cookies);
        }
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
        curl_setopt ($ch, CURLOPT_URL, $url);
        if ($post != NULL)
        {
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
        }
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
        
        if(curl_exec($ch) === false)
        {
            curl_close ($ch);
			return false;
        }
        else
        {
            curl_close ($ch);
			//return $html;
        }
    }
}


//**** Login *****//
curl("http://localhost/wordpress/wp-login.php", "log=admin&pwd=mysuperpassword");


//**** Addin New User *****//
$post  = "user_login=tester" . "&email=tester@gmail.com" . "&first_name=" . "&last_name=";
$post .= "&url=" . "&pass1=interestingpass" . "&pass2=interestingpass" . "&createuser=Add New User ";

curl("http://localhost/wordpress/wp-admin/user-new.php", $post);
?>

PHP:

Explain more, is it login have you outputted the data to see what it's doing?

Also have you put a cookie.txt files in your directory?

 

ok, so this is the code right now I'm running, it clearly shows that I have logged in because it outputs the admin panel page which would not work if I had not logged in. But it doesn't create a new user... could the problem be with the field values?

<?php
function curl($url, $post = NULL)
{
    $ch = curl_init();


    $cookies = "cookie.txt";
    $post = is_null($post) ? '' : $post;
        
    if ($cookies != '')
    {
        if (substr(PHP_OS, 0, 3) == 'WIN')
        {
            $cookies = str_replace('\\','/', getcwd().'/'.$cookies);
        }
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
        curl_setopt ($ch, CURLOPT_URL, $url);
        if ($post != NULL)
        {
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
        }
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
        
        if(curl_exec($ch) === false)
        {
            curl_close ($ch);
            return false;
        }
        else
        {
            // *** AM I LOGGED IN? ***
            curl_setopt($ch, CURLOPT_URL, 'http://localhost/wordpress/wp-admin/');
            $content = curl_exec ($ch);
            echo $content;
            curl_close ($ch);
        }
    }
}




//**** Login *****//
curl("http://localhost/wordpress/wp-login.php", "log=admin&pwd=mysuperpassword");








//**** Addin New User *****//
$post  = "user_login=tester" . "&email=tester@gmail.com" . "&first_name=" . "&last_name=";
$post .= "&url=" . "&pass1=interestingpass" . "&pass2=interestingpass" . "&createuser=Add New User ";


curl("http://localhost/wordpress/wp-admin/user-new.php", $post);
?>

Code (markup):

 

Run this:

<?php
function curl($url, $post = NULL)
{
    $ch = curl_init();

    $cookies = "cookie.txt";
    $post = is_null($post) ? '' : $post;
        
    if ($cookies != '')
    {
        if (substr(PHP_OS, 0, 3) == 'WIN')
        {
            $cookies = str_replace('\\','/', getcwd().'/'.$cookies);
        }
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
        curl_setopt ($ch, CURLOPT_URL, $url);
        if ($post != NULL)
        {
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
        }
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
        
        if(curl_exec($ch) === false)
        {
            curl_close ($ch);
			return false;
        }
        else
        {
            $html = curl_exec ($ch);
			curl_close ($ch);
			return $html;
        }
    }
}


//**** Login *****//
$loggedin = curl("http://localhost/wordpress/wp-login.php", "log=admin&pwd=xx1212");
//echo $loggedin 

//**** Addin New User *****//
$post  = "user_login=tester" . "&email=tester@gmail.com" . "&first_name=" . "&last_name=";
$post .= "&url=" . "&pass1=interestingpass" . "&pass2=interestingpass" . "&createuser=Add New User ";

$adduser = curl("http://localhost/wordpress/wp-admin/user-new.php", $post);
echo $adduser;
?>

PHP:

Then post the output.

 

The output is the user-new.php page with username and email filled in.... but not submitted...

 

The password wasn't filled in...

 

Lol, oops. So it's working now?

 

nope... it didn't submit the form...

 

I'm going to upload this and test it, give me 5 mins

 

thanks.... maybe there's more fields that are required for the user to be created... hmm... give it a try

 

Okay so, they have a hidden filed so you would have to load the page first regex the one time code and then submit it with the POST.