How to make a php robot that can log in?

not sure what you meant.... regex the one time code and then submit it with the POST?

 

looks like that hidden field is there for security purposes, is there a workaround?

 

Right this 100% works tested on my host:

<?php
function curl($url, $post = NULL)
{
    $ch = curl_init();

    $cookies = "cookie.txt";
    $post = is_null($post) ? '' : $post;
        
    if ($cookies != '')
    {
        if (substr(PHP_OS, 0, 3) == 'WIN')
        {
            $cookies = str_replace('\\','/', getcwd().'/'.$cookies);
        }
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookies);
        curl_setopt ($ch, CURLOPT_URL, $url);
        if ($post != NULL)
        {
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
        }
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookies);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_TIMEOUT, 300);
        curl_setopt ($ch, CURLOPT_MAXREDIRS, 3);
        
        if(curl_exec($ch) === false)
        {
            curl_close ($ch);
			return false;
        }
        else
        {
            $html = curl_exec ($ch);
			curl_close ($ch);
			return $html;
        }
    }
}


//**** Login *****//
curl("http://localhost/wordpress/wp-login.php", "log=admin&pwd=xx1212");
//echo $loggedin 

//**** Addin New User *****//
$adduser = curl("http://localhost/wordpress/wp-admin/user-new.php");

preg_match('/name="_wpnonce_create-user" value="([a-z|0-9]+)"/', $adduser, $matches);

// role: 	subscriber, administrator, editor, author or contributor
$post = "action=createuser&_wpnonce_create-user=".$matches[1]."&_wp_http_referer=/wp-admin/user-new.php";
$post .= "&user_login=tester" . "&email=tester@gmail.com" . "&first_name=" . "&last_name=";
$post .= "&url=" . "&pass1=interestingpass" . "&pass2=interestingpass" . "&role=subscriber" . "&createuser=Add New User ";

$adduser = curl("http://localhost/wordpress/wp-admin/user-new.php", $post);
echo $adduser;
?>

PHP:

 

that worked! You're a genius! I just have one question... doesn't it generate a new security key every time you load the page? So how did you get to load it for regex and then load it again to submit it?

 

Yes a new security code will be generated each time, because i loaded it once here:

$adduser = curl("http://localhost/wordpress/wp-admin/user-new.php");

PHP:

Then i used post here:

$adduser = curl("http://localhost/wordpress/wp-admin/user-new.php", $post); // see the , $post on the end.

PHP:

First gets the source then the second send the post so it doesn't reload the source.

 

oooh, I see. That is neat! Thank you SO MUCH!!

 

Haha, your welcome we got there in the end!!

 

hehe, Yepp