I am trying to make a script which logs me automatically in as administrator in the Joomla panel. I am using snoopy for the post query and its working fine except that the response of Joomla is that the security token is wrong. I use JSession::getFormToken()
to get the token, which when I echo it outputs a token (but maybe not the right one?).
Why I need that? I just want to make a script that grants me admin rights to my site (the script will be password protected) and automatically creates articles but the problem is the security token in Joomla (currently using version 3.0) which is needed for the admin login and also for posting articles. Is there maybe a easier way to realize my idea?
Here is the script I use (BTW the script is in an article and I am using directPHP to bind PHP in the articles):
<?php include "Snoopy.class.php";
$snoopy = new Snoopy;
$x=JSession::getFormToken();
$submit_url = "http://domain.com/administrator/index.php";
$submit_vars["username"] = "admin";
$submit_vars["passwd"] = "mypassword";
$submit_vars["option"] = "com_login";
$submit_vars["task"] = "login";
$submit_vars["return"] = "aW3kDXgucMhw";
$submit_vars[$x] = "1";
if($snoopy->submit($submit_url,$submit_vars))
{
while(list($key,$val) = each($snoopy->headers))
echo $key.": ".$val."<br>
";
echo "<p>
";
echo "<PRE>".htmlspecialchars($snoopy->results)."</PRE>
";
}
else
echo "error fetching document: ".$snoopy->error."
"; ?>
The output is as follows:
0: HTTP/1.1 200 OK
1: Date: Sat, 21 Dec 2013 15:02:53 GMT
2: Server: Apache
3: X-Powered-By: PHP/5.3.28
4: Connection: close
5: Content-Type: text/html
Die Anfrage wurde zurückgewiesen, da der Sicherheitstoken ungültig ist. Aktualisieren Sie die Seite und versuchen Sie es erneut. (means the query's been rejected because of a wrong security token)
So how can I get the "right" security token or is there a easier way to realize my idea. Thanks in advance.