Wordpress autologin using CURL or fsockopen in PHP

php curl fsockopen
mmundiff picture mmundiff · Apr 7, 2009 · Viewed 8.2k times · Source

Client wants to click a link and auto login to Wordpress backend admin section.

I tried using fsockopen, code below. Didn't work.

$post_data['user_login'] = 'admin';
$post_data['user_pass'] = 'password';
$post_data['wp-submit'] = 'Log In';
$post_data['redirect_to'] = 'http://example.com/wp-admin/';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//we also need to add a question mark at the beginning of the string
$post_string = '?' . $post_string;

$data_length = strlen($post_string);

$connection = fsockopen('www.example.com', 80);

fputs($connection, "POST /wp-login.php HTTP/1.1\r\n");
fputs($connection, "Host: www.example.com \r\n");
fputs($connection, "Content-Type: application/x-www-form-urlencoded\r\n");
fputs($connection, "Content-Length: $data_length\r\n");
fputs($connection, "Connection: close\r\n\r\n");
fputs($connection, $post_string);


fclose($connection);

also tried CURL

$ch = curl_init('http://example.com/wp-login.php');

$post_data['user_login'] = 'admin';
$post_data['user_pass'] = 'password';
$post_data['wp-submit'] = 'Log In';
$post_data['redirect_to'] = 'http://example.com/wp-admin/';
//$post_data['testcookie'] = '0';
//$post_data['rememberme'] = 'forever';

foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);




curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_exec ($ch);
curl_close ($ch);

Anyone have an Idea of how to make this work?

Its a linux OS. Running php5.

I have done this before with javascript just submitting a form with all hidden inputs on page load. Client does not want javascript

Answer

Jens-Martin picture Jens-Martin · Apr 7, 2009

This worked for me:

$username="admin";
$password="admin";
$url="http://www.yourdomain.com/";
$cookie="cookie.txt";

$postdata = "log=". $username ."&pwd=". $password ."&wp-submit=Log%20In&redirect_to=". $url ."wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url . "wp-admin/");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
exit;

Related questions

How to check if a file exists from a url

I need to check if a particular file exists on a remote server. Using is_file() and file_exists() doesn't work. Any ideas how to do this quickly and easily?

Read More
Which is better approach between fsockopen and curl?

I am creating an app for Automated Recurring Billing. Please let me know which option should I opt for sending the request to server fsockeopen curl and why one is better than another?

Read More
using php Download File From a given URL by passing username and password for http authentication

I need to download a text file using php code. The file is having http authentication. What procedure I should use for this. Should I use fsocketopen or curl or Is there any other way to do this? I am …

Read More