How to login to wordpress programmatically?
I need to perform some action in wordpress admin panel programmatically but can\'t manage how to login to Wordpress using C# and HttpWebRequest.
Here is what I do:
-
I tried this with my WordPress.com account (protected with SSL). I discovered that the easiest way is to use .NET sockets to get the HTTP "Set-Cookie" headers, then parse the headers to .NET Cookie objects and then use to CookieContainer with the cookies for HttpWebRequest.
Easiest way to work with SSL over sockets is to implement SslStream over NetworkStream bound to the socket.
Example:
private void LogIn() { string fulladdress = "hostname.wordpress.com"; string username = HttpUtility.UrlEncode("username"); string password = HttpUtility.UrlEncode("password"); string formdata = "log={0}&pwd={1}&redirect_to=http%3A%2F%2F{2}%2Fwp-admin%2F&testcookie=1"; formdata = string.Format(formdata, username, password, fulladdress); IPHostEntry entry = Dns.GetHostEntry(fulladdress); Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP); s.Connect(entry.AddressList[0], 443); NetworkStream ns = new NetworkStream(s); System.Net.Security.SslStream ssl = new System.Net.Security.SslStream(ns); byte[] data = Encoding.UTF8.GetBytes(String.Format(WpfApplication2.Properties.Resources.LogRequest, "https://" + fulladdress, fulladdress, form.Length, username, password)); ssl.AuthenticateAsClient(fulladdress); ssl.Write(data, 0, data.Length); StringBuilder sb = new StringBuilder(); byte[] resp = new byte[128]; int i = 0; while (ssl.Read(resp, 0, 128) > 0) { sb.Append(Encoding.UTF8.GetString(resp)); } List<String> CookieHeaders = new List<string>(); foreach (string header in sb.ToString().Split("\n\r".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)) { if (header.StartsWith("Set-Cookie")) { CookieHeaders.Add(header.Replace("Set-Cookie: ", "")); } } CookieContainer jar = new CookieContainer(); foreach (string cook in CookieHeaders) { string name, value, path, domain; name = value = path = domain = ""; string[] split = cook.Split(';'); foreach (string part in split) { if (part.StartsWith(" path=")) { path = part.Replace(" path=", ""); } if (part.StartsWith(" domain=")) { domain = part.Replace(" domain=", ""); } if (!part.StartsWith(" path=") && !part.StartsWith(" domain=") && part.Contains("=")) { name = part.Split('=')[0]; value = part.Split('=')[1]; } } jar.Add(new Cookie(name, value, path, domain)); } HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://" + fulladdress + "/wp-admin/index.php"); req.UserAgent = "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"; req.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"; req.KeepAlive = false; req.AllowAutoRedirect = false; req.Referer = "https://" + fulladdress + "/wp-login.php"; req.ContentType = "application/x-www-form-urlencoded"; req.CookieContainer = jar; req.AllowAutoRedirect = true; req.AutomaticDecompression = DecompressionMethods.GZip; req.Method = "GET"; req.Timeout = 30000; HttpWebResponse response = (HttpWebResponse)req.GetResponse(); using (System.IO.StreamReader sr = new System.IO.StreamReader(response.GetResponseStream(), Encoding.UTF8)) { MessageBox.Show(sr.ReadToEnd()); } }The code is not very efficient, but it illustrates the process of logging into the administration interface.
Hope it helps :)
讨论(0) -
TomerBu has the best answer for me, but something was missing.
in his code, remplace :
foreach (Cookie c in response.Cookies) Console.WriteLine(c.Name + " = " + c.Value);by
if (response.Cookies != null) { foreach (Cookie currentcook in response.Cookies) request.CookieContainer.Add(currentcook); //This is the key !!! }Next for futur request, you'll have to reuse CookieContainer.
讨论(0) -
I don't know if others will find this helpful, but I just used the WordPress API to log in. I created a user (CRON_USR) who "logs in" at night as part of a cron job and does some tasks. The code is this:
require(dirname(__FILE__) . '/wp-load.php' ); $user = wp_authenticate(CRON_USR, CRON_PWD); wp_set_auth_cookie($user->ID, true, $secure_cookie); //$secure_cookie is an empty string do_action('wp_login', CRON_USR); wp_redirect('http://www.mysite.com/wp-admin/');讨论(0) -
TomerBu's answer works for me with the following additions. I had to install an SSL certificate on the website, add support for TLS1.2 and set the UserAgent in order for this to work. Without TLS1.2, the webserver immediately rejected my connection request. Without the SSL cert, the WordPress site did not consider my C# bot to be logged in for subsequent WebRequests (even though the login was successful).
*** Important note about TLS: I'm a security protocol novice and am only providing what worked for me. I installed the .NET 4.7.2 Developer Pack and changed the target framework for my C# Project to .NET 4.7.2, but I still needed to modify the ServicePointManager.SecurityProtocol as shown below. Search to find best practices including updating .NET and specifying multiple TLS versions in a bitwise ORed statement.
// Add support for TLS 1.2 (note bitwise OR) ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12; ... request.Proxy = null; request.AllowAutoRedirect = false; request.CookieContainer = cc; request.Method = "post"; // Add UserAgent request.UserAgent = "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1";讨论(0) -
NameValueCollection loginData = new NameValueCollection(); loginData.Add("username", "your_username"); loginData.Add("password", "your_password"); WebClient client = new WebClient(); string source = Encoding.UTF8.GetString(client.UploadValues("http://www.site.com/login", loginData)); string cookie = client.ResponseHeaders["Set-Cookie"];讨论(0) -
Since WordPress implement a redirect, leaving the page (redirecting) prevents the webrequest from getting the proper cookie.
in order to get the relevant cookie, one must prevent redirects.
request.AllowAutoRedirect = false;than use the cookie-conatainer for login.
see the following code: (based on an example from Albahari's C# book)
string loginUri = "http://www.someaddress.com/wp-login.php"; string username = "username"; string password = "pass"; string reqString = "log=" + username + "&pwd=" + password; byte[] requestData = Encoding.UTF8.GetBytes(reqString); CookieContainer cc = new CookieContainer(); var request = (HttpWebRequest)WebRequest.Create(loginUri); request.Proxy = null; request.AllowAutoRedirect = false; request.CookieContainer = cc; request.Method = "post"; request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = requestData.Length; using (Stream s = request.GetRequestStream()) s.Write(requestData, 0, requestData.Length); using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) { foreach (Cookie c in response.Cookies) Console.WriteLine(c.Name + " = " + c.Value); } string newloginUri = "http://www.someaddress.com/private/"; HttpWebRequest newrequest = (HttpWebRequest)WebRequest.Create(newloginUri); newrequest.Proxy = null; newrequest.CookieContainer = cc; using (HttpWebResponse newresponse = (HttpWebResponse)newrequest.GetResponse()) using (Stream resSteam = newresponse.GetResponseStream()) using (StreamReader sr = new StreamReader(resSteam)) File.WriteAllText("private.html", sr.ReadToEnd()); System.Diagnostics.Process.Start("private.html");讨论(0)
加载中...
- 热议问题