1. Forums /
  2. Tech Boards /
  3. Computer Programming /
  4. Web Development (PHP, HTML, Javascript) /
  5. PHP XenForo Auto-Login Script
Post: PHP XenForo Auto-Login Script
04-11-2016, 01:11 AM #1
D4tabase's Avatar
D4tabase
Haxor!
(adsbygoogle = window.adsbygoogle || []).push({}); I've created this PHP Script that allows you to login as other members without a password. It also logs you in into the ACP of XenForo without a password.
Also it will provide you a link with the location of the ACP file. It will provide you with the admins username, email, and user id. It will also give you the
cookie prefix if you need it.

Make sure you lock this file down if you upload it on your forum because it can create a security risk if someone unauthorized gains access to it.

Requirements:

  1. Javascript Enabled
  2. Cookies Enabled
  3. Same directory as XenForo



    

<?php

/*

 * XenForo Auto Login as user script.

 * This allows anyone to login as a user

 * without a password.

 * 

 * Forum Software: XenForo

 * Programming Language: PHP

 * Version: 1.0.0

 * 

 */



$username = (isset($_POST['username']) && !empty($_POST['username'])) ? $_POST['username'] : '';

$startTime = microtime(true);

$fileDir = dirname(__FILE__);

require($fileDir . '/library/XenForo/Autoloader.php'Winky Winky;

XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library'Winky Winky;



XenForo_Application::initialize($fileDir . '/library', $fileDir);

XenForo_Application::set('page_start_time', $startTime);



$dependencies = new XenForo_Dependencies_Public();

$dependencies->preLoadData();



XenForo_Session::startPublicSession();



$db = XenForo_Application::get('db'Winky Winky;

$config = XenForo_Application::get('config'Winky Winky;

$errors = array();

$logins = array();

$adminModel = new XenForo_Model_Admin();



if (strlen($username) > 0)

{

	$userModel = new XenForo_Model_User();

	$loginModel = new XenForo_Model_Login();

	$user = $userModel->getUserByNameOrEmail($username);

	

	if (!$user)

	{

		$errors[] = 'Failed to find username';

	}

	if (empty($errors))

	{

		foreach ($_COOKIE as $key => $val)

		{

			setcookie($key, '', time()-3600);

		}

		$loginModel->clearLoginAttempts($username); // Clears login attempts (Unblocks account if blocked for some reason)

		$userModel->setUserRememberCookie($user['user_id']);

		$userModel->deleteSessionActivity(0, $_SERVER['REMOTE_ADDR']);

		$visitor = XenForo_Visitor::setup($user['user_id']);

		XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);

		

		$class = XenForo_Application::resolveDynamicClass('XenForo_Session'Winky Winky;

		$publicSession = new $class();

		$publicSession->start();

		if (!$publicSession->get('user_id'Winky Winky)

		{

			$publicSession->userLogin($user['user_id'], $visitor['password_date']);

			$publicSession->save();

		}

		$adminSession = XenForo_Session::startAdminSession();

		if (!$adminSession->get('user_id'Winky Winky)

		{

			$adminSession->userLogin($user['user_id'], $visitor['password_date']);

			$adminSession->save();

		}

		$logins[] = 'You have logged in successfully!';

		$logins[] = 'Username: ' . htmlspecialchars($user['username'], ENT_COMPAT, 'UTF-8', false);

	}

}



$page = array(

	'admin_urls' => array(

	XenForo_Link::buildAdminLink('index'Winky Winky

	),

	'admins' => $adminModel->getAllAdmins()

);

?>

<!DOCTYPE HTML>

<html lang="en">

	<head>

		<title>XenForo Auto-Login | ACP Login</title>

		<script type="text/javascript">

			<?php

			if (!empty($errors)) {

				foreach ($errors as $error)

				{

					echo "alert('{$error}'Winky Winky;";

				}

			}

			if (!empty($logins)) {

				foreach ($logins as $login)

				{

					echo "alert('{$login}'Winky Winky;";

				}

			}

			?>

		</script>

	</head>

	<body>

		<h1>XenForo Auto-Login | ACP Login</h1>

		<hr />

		<form method="post">

			<input type="text" autocomplete="off" name="username" />

			<input type="submit" name="submit" value="Login As User" />

		</form>

		<hr />

		<p>Admin Control Panel file is located at</p>

		<p>

			<?php

			if (!empty($page['admin_urls']))

			{

				foreach ($page['admin_urls'] as $admin_url)

				{

					printf('<p><a href="%s">%s</a></p>', htmlspecialchars($admin_url), htmlspecialchars($admin_url));

				}

			}

			?>

		</p>

		<hr />

		<p>Admin Users:</p>

		<?php

		foreach ($page['admins'] as $admin)

		{

			printf(

			'<p>Username: %s Email: %s User ISad Awesome %s</p>',

			htmlspecialchars($admin['username'], ENT_COMPAT, 'UTF-8', false),

			htmlspecialchars($admin['email'], ENT_COMPAT, 'UTF-8', false),

			intval($admin['user_id']));

		}

		?>

		<hr />

		<p>Cookie prefix: <?php echo htmlspecialchars($config->cookie->prefix, ENT_COMPAT, 'UTF-8', false); ?></p>

		<hr />

		<h6>This file allows you to login to the control panel and forums as anyone. It also tries to find the admin control panel file.</h6>

	</body>

</html>

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo