有需求往DiscuzX3.2中批量添加用户,搜到一个脚本,
http://blog.csdn.net/zhongping136/article/details/46730191
但是测试无法添加成功,分析了下原因:
1. 打印返回页面,发现报错:
抱歉,您的请求来路不正确或表单验证串不符,无法提交搜了下这句话的位置,在文件:Discuz!X3.2\source\language\lang_message.php 第240行
错误原因是“submit_invalid”,应该是验证了Referer和formhash
2. formhash在脚本中已经有了,所以应该是Referer的问题,此处暴力点,直接把错误的判断返回正确即可。
代码位置:Discuz!X3.2\source\class\helper\helper_form.php 第34行
把 else 中的代码改成:
//showmessage('submit_invalid');
return TRUE;
(添加完用户后,一定要记得再改回来!!!)
3.再跑脚本,成功批量插入用户
附:
# encoding: utf-8
'''
Created on 2015年7月1日
@author: ZhongPing
'''
import urllib
import urllib2
import cookielib
import re
class Adder(object):
'''
classdocs
'''
home_url = ''
admin_user = ''
admin_password = ''
formhash = ''
def __init__(self, url, admin_user, admin_password):
'''
Constructor
'''
self.home_url = url + "?"
self.admin_user = admin_user
self.admin_password = admin_password
# 初始化一个CookieJar来处理Cookie
self.cookieJar=cookielib.CookieJar()
# 实例化一个全局opener
self.opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cookieJar))
self.headers ={
"Host":"localhost",
"Referer": url
}
def login(self):
'''
管理员登录系统
'''
# 登陆用户名和密码
data={
"admin_username":self.admin_user,
"admin_password":self.admin_password,
'frames':'yes',
'admin_questionid':'0',
'submit':'提交'
}
# urllib进行编码
post_data=urllib.urlencode(data)
url = self.home_url
req=urllib2.Request(url,post_data,self.headers)
result = self.opener.open(req)
url = self.home_url+'action=members&operation=add'
req=urllib2.Request(url)
result = self.opener.open(req)
tpage = result.read()
i = tpage.find('<input type="hidden" name="formhash" value="')
tpage = tpage[i:100+i]
pattern = re.compile(r'<input type="hidden" name="formhash" value="(\w+)" />')
match = pattern.match(tpage)
formhash = ''
if match:
formhash = match.groups()[0]
self.formhash = formhash
#print(self.formhash)
def adduser(self,uname,upwd,uemail,ugrpid = '10',emailnotify = '0',addsubmit = '提交'):
'''
添加用户
'''
url = ""
url = self.home_url+('action=members&operation=add')
values = {'formhash':self.formhash,
'newusername':uname,
'newpassword':upwd,
'newemail':uemail,
'newgroupid':ugrpid,
'emailnotify':emailnotify,
'addsubmit':addsubmit
}
data = urllib.urlencode(values)
req=urllib2.Request(url,data,self.headers)
response = self.opener.open(req)
the_page = response.read()
i = the_page.find('<h3>Discuz! 提示</h3><div class="infobox"><h4 class="infotitle2">用户')
if (i>0):
print(("用户"+uname+"添加成功!").decode("utf8"))
else:
print(("用户"+uname+"添加失败!").decode("utf8"))
def addusers(self,users):
'''
批量添加用户
users : [{'newusername':newusername,
'newpassword':newpassword,
'newemail':newemail,
'newgroupid':'10',
'emailnotify':'0',
'addsubmit':'addsubmit'
},
....]
'''
self.login()
for u in users:
if (hasattr(u, "newgroupid") and hasattr(u, "emailnotify") and hasattr(u, "addsubmit")) :
self.adduser(u['newusername'], u['newpassword'], u['newemail'], u['newgroupid'], u['emailnotify'], u['addsubmit'])
else:
self.adduser(u['newusername'], u['newpassword'], u['newemail'])
def readtxt(file):
users = []
fo = open(file)
lines = fo.readlines()
for l in lines:
if len(l)>0 :
u = l.split(",")
if len(u) == 6:
users.append({'newusername':u[0],
'newpassword':u[1],
'newemail':u[2],
'newgroupid':u[3],
'emailnotify':u[4],
'addsubmit':u[5]
})
if len(u) == 3:
users.append({'newusername':u[0],
'newpassword':u[1],
'newemail':u[2]
})
return users
def main():
file = 'user.txt'
home_url = 'http://localhost/upload/admin.php'
admin = 'admin'
pwd = '123456'
adder = Adder(home_url,admin,pwd)
users = readtxt(file)
adder.addusers(users)
if __name__ == '__main__':
main()
pass
1. 在Main()函数中需要根据实际情况修改相关参数:
file:包括用户信息的文件。
home_url:管理后台的访问路径。
pwd:管理员的访问密码。
2.用户信息文件按顺序存储用户信息(用户名,密码,邮箱,用户组,是否通知,addsubmit)。可以按如下两种方式组织:
包含全部信息:
test1,123456,[email protected],10,0,addsubmit test2,123456,[email protected],10,0,addsubmit test3,123456,[email protected],10,0,addsubmit test4,123456,[email protected],10,0,addsubmit也可以只需要部分信息:
test1,123456,[email protected] test2,123456,[email protected] test3,123456,[email protected] test4,123456,[email protected]