有需求往DiscuzX3.2中批量添加用戶,搜到一個腳本,
http://blog.csdn.net/zhongping136/article/details/46730191
但是測試無法添加成功,分析了下原因:
1. 打印返回頁面,發現報錯:
抱歉,您的請求來路不正確或表單驗證串不符,無法提交
搜了下這句話的位置,在文件:Discuz!X3.2\source\language\lang_message.php 第240行
錯誤原因是“submit_invalid”,應該是驗證了Referer和formhash
2. formhash在腳本中已經有了,所以應該是Referer的問題,此處暴力點,直接把錯誤的判斷返回正確即可。
代碼位置:Discuz!X3.2\source\class\helper\helper_form.php 第34行
把 else 中的代碼改成:
//showmessage('submit_invalid');
return TRUE;
(添加完用戶後,一定要記得再改回來!!!)
3.再跑腳本,成功批量插入用戶
附:
# encoding: utf-8
'''
Created on 2015年7月1日
@author: ZhongPing
'''
import urllib
import urllib2
import cookielib
import re
class Adder(object):
'''
classdocs
'''
home_url = ''
admin_user = ''
admin_password = ''
formhash = ''
def __init__(self, url, admin_user, admin_password):
'''
Constructor
'''
self.home_url = url + "?"
self.admin_user = admin_user
self.admin_password = admin_password
# 初始化一個CookieJar來處理Cookie
self.cookieJar=cookielib.CookieJar()
# 實例化一個全局opener
self.opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cookieJar))
self.headers ={
"Host":"localhost",
"Referer": url
}
def login(self):
'''
管理員登錄系統
'''
# 登陸用戶名和密碼
data={
"admin_username":self.admin_user,
"admin_password":self.admin_password,
'frames':'yes',
'admin_questionid':'0',
'submit':'提交'
}
# urllib進行編碼
post_data=urllib.urlencode(data)
url = self.home_url
req=urllib2.Request(url,post_data,self.headers)
result = self.opener.open(req)
url = self.home_url+'action=members&operation=add'
req=urllib2.Request(url)
result = self.opener.open(req)
tpage = result.read()
i = tpage.find('<input type="hidden" name="formhash" value="')
tpage = tpage[i:100+i]
pattern = re.compile(r'<input type="hidden" name="formhash" value="(\w+)" />')
match = pattern.match(tpage)
formhash = ''
if match:
formhash = match.groups()[0]
self.formhash = formhash
#print(self.formhash)
def adduser(self,uname,upwd,uemail,ugrpid = '10',emailnotify = '0',addsubmit = '提交'):
'''
添加用戶
'''
url = ""
url = self.home_url+('action=members&operation=add')
values = {'formhash':self.formhash,
'newusername':uname,
'newpassword':upwd,
'newemail':uemail,
'newgroupid':ugrpid,
'emailnotify':emailnotify,
'addsubmit':addsubmit
}
data = urllib.urlencode(values)
req=urllib2.Request(url,data,self.headers)
response = self.opener.open(req)
the_page = response.read()
i = the_page.find('<h3>Discuz! 提示</h3><div class="infobox"><h4 class="infotitle2">用戶')
if (i>0):
print(("用戶"+uname+"添加成功!").decode("utf8"))
else:
print(("用戶"+uname+"添加失敗!").decode("utf8"))
def addusers(self,users):
'''
批量添加用戶
users : [{'newusername':newusername,
'newpassword':newpassword,
'newemail':newemail,
'newgroupid':'10',
'emailnotify':'0',
'addsubmit':'addsubmit'
},
....]
'''
self.login()
for u in users:
if (hasattr(u, "newgroupid") and hasattr(u, "emailnotify") and hasattr(u, "addsubmit")) :
self.adduser(u['newusername'], u['newpassword'], u['newemail'], u['newgroupid'], u['emailnotify'], u['addsubmit'])
else:
self.adduser(u['newusername'], u['newpassword'], u['newemail'])
def readtxt(file):
users = []
fo = open(file)
lines = fo.readlines()
for l in lines:
if len(l)>0 :
u = l.split(",")
if len(u) == 6:
users.append({'newusername':u[0],
'newpassword':u[1],
'newemail':u[2],
'newgroupid':u[3],
'emailnotify':u[4],
'addsubmit':u[5]
})
if len(u) == 3:
users.append({'newusername':u[0],
'newpassword':u[1],
'newemail':u[2]
})
return users
def main():
file = 'user.txt'
home_url = 'http://localhost/upload/admin.php'
admin = 'admin'
pwd = '123456'
adder = Adder(home_url,admin,pwd)
users = readtxt(file)
adder.addusers(users)
if __name__ == '__main__':
main()
pass
1. 在Main()函數中需要根據實際情況修改相關參數:
file:包括用戶信息的文件。
home_url:管理後臺的訪問路徑。
pwd:管理員的訪問密碼。
2.用戶信息文件按順序存儲用戶信息(用戶名,密碼,郵箱,用戶組,是否通知,addsubmit)。可以按如下兩種方式組織:
包含全部信息:
test1,123456,[email protected],10,0,addsubmit
test2,123456,[email protected],10,0,addsubmit
test3,123456,[email protected],10,0,addsubmit
test4,123456,[email protected],10,0,addsubmit
也可以只需要部分信息:
test1,123456,[email protected]
test2,123456,[email protected]
test3,123456,[email protected]
test4,123456,[email protected]