Wordpress autologin using CURL or fsockopen in PHP

Question

Client wants to click a link and auto login to Wordpress backend admin section.

I tried using fsockopen, code below. Didn't work.

$post_data['user_login'] = 'admin';
$post_data['user_pass'] = 'password';
$post_data['wp-submit'] = 'Log In';
$post_data['redirect_to'] = 'http://example.com/wp-admin/';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//we also need to add a question mark at the beginning of the string
$post_string = '?' . $post_string;

$data_length = strlen($post_string);

$connection = fsockopen('www.example.com', 80);

fputs($connection, "POST /wp-login.php HTTP/1.1\r\n");
fputs($connection, "Host: www.example.com \r\n");
fputs($connection, "Content-Type: application/x-www-form-urlencoded\r\n");
fputs($connection, "Content-Length: $data_length\r\n");
fputs($connection, "Connection: close\r\n\r\n");
fputs($connection, $post_string);


fclose($connection);

also tried CURL

$ch = curl_init('http://example.com/wp-login.php');

$post_data['user_login'] = 'admin';
$post_data['user_pass'] = 'password';
$post_data['wp-submit'] = 'Log In';
$post_data['redirect_to'] = 'http://example.com/wp-admin/';
//$post_data['testcookie'] = '0';
//$post_data['rememberme'] = 'forever';

foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);




curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_exec ($ch);
curl_close ($ch);

Anyone have an Idea of how to make this work?

Its a linux OS. Running php5.

I have done this before with javascript just submitting a form with all hidden inputs on page load. Client does not want javascript

Answer 1

This worked for me:

$username="admin";
$password="admin";
$url="http://www.yourdomain.com/";
$cookie="cookie.txt";

$postdata = "log=". $username ."&pwd=". $password ."&wp-submit=Log%20In&redirect_to=". $url ."wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url . "wp-admin/");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
exit;

Answer 2

I'm trying to do something similar in java. I've got problems with login :( What cookies are you sending? Something like that: "wordpress_test_cookie=WP+Cookie+check; path=/\r\n; wordpress_13c7bf34fd228ca46b193038edaba175=admin%7C1541526074%7C242a464c91d011816a4231d5ed077f2e; path=/\r\n" ?

//passwords were changed, those are only examples