DiscuzX3.2批量添加用户脚本

有需求往DiscuzX3.2中批量添加用户，搜到一个脚本，

http://blog.csdn.net/zhongping136/article/details/46730191

但是测试无法添加成功，分析了下原因：

1. 打印返回页面，发现报错：

抱歉，您的请求来路不正确或表单验证串不符，无法提交

搜了下这句话的位置，在文件：Discuz!X3.2\source\language\lang_message.php 第240行

错误原因是“submit_invalid”，应该是验证了Referer和formhash

2. formhash在脚本中已经有了，所以应该是Referer的问题，此处暴力点，直接把错误的判断返回正确即可。

代码位置：Discuz!X3.2\source\class\helper\helper_form.php 第34行

把 else 中的代码改成：

//showmessage('submit_invalid');return TRUE;

(添加完用户后，一定要记得再改回来！！！)

3.再跑脚本，成功批量插入用户

附：

# encoding: utf-8'''Created on 2015年7月1日@author: ZhongPing'''import urllibimport urllib2import cookielibimport reclass Adder(object):    '''    classdocs    '''    home_url = ''    admin_user = ''    admin_password = ''    formhash = ''    def __init__(self, url, admin_user, admin_password):        '''        Constructor        '''        self.home_url = url + "?"        self.admin_user = admin_user        self.admin_password = admin_password        # 初始化一个CookieJar来处理Cookie        self.cookieJar=cookielib.CookieJar()        # 实例化一个全局opener        self.opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cookieJar))        self.headers ={            "Host":"localhost",             "Referer": url        }    def login(self):        '''         管理员登录系统        '''        # 登陆用户名和密码        data={            "admin_username":self.admin_user,            "admin_password":self.admin_password,            'frames':'yes',            'admin_questionid':'0',            'submit':'提交'        }        # urllib进行编码        post_data=urllib.urlencode(data)                url = self.home_url        req=urllib2.Request(url,post_data,self.headers)        result = self.opener.open(req)        url = self.home_url+'action=members&operation=add'        req=urllib2.Request(url)        result = self.opener.open(req)        tpage = result.read()        i = tpage.find('<input type="hidden" name="formhash" value="')        tpage = tpage[i:100+i]        pattern = re.compile(r'<input type="hidden" name="formhash" value="(\w+)" />')        match = pattern.match(tpage)        formhash = ''        if match:            formhash = match.groups()[0]        self.formhash = formhash        #print(self.formhash)    def adduser(self,uname,upwd,uemail,ugrpid = '10',emailnotify = '0',addsubmit = '提交'):        '''        添加用户        '''        url = ""        url = self.home_url+('action=members&operation=add')        values = {'formhash':self.formhash,                  'newusername':uname,                  'newpassword':upwd,                  'newemail':uemail,                  'newgroupid':ugrpid,                  'emailnotify':emailnotify,                  'addsubmit':addsubmit        }        data = urllib.urlencode(values)         req=urllib2.Request(url,data,self.headers)        response = self.opener.open(req)        the_page = response.read()        i = the_page.find('<h3>Discuz! 提示</h3><div class="infobox"><h4 class="infotitle2">用户')        if (i>0):            print(("用户"+uname+"添加成功！").decode("utf8"))        else:            print(("用户"+uname+"添加失败！").decode("utf8"))    def addusers(self,users):        '''        批量添加用户        users : [{'newusername':newusername,                  'newpassword':newpassword,                  'newemail':newemail,                  'newgroupid':'10',                  'emailnotify':'0',                  'addsubmit':'addsubmit'                  },                ....]        '''        self.login()        for u in users:            if (hasattr(u, "newgroupid") and hasattr(u, "emailnotify") and hasattr(u, "addsubmit")) :                self.adduser(u['newusername'], u['newpassword'], u['newemail'], u['newgroupid'], u['emailnotify'], u['addsubmit'])            else:                self.adduser(u['newusername'], u['newpassword'], u['newemail'])def readtxt(file):    users = []    fo = open(file)    lines = fo.readlines()    for l in lines:        if len(l)>0 :             u = l.split(",")             if len(u) == 6:                 users.append({'newusername':u[0],                               'newpassword':u[1],                               'newemail':u[2],                               'newgroupid':u[3],                               'emailnotify':u[4],                               'addsubmit':u[5]                                                           })             if len(u) == 3:                 users.append({'newusername':u[0],                               'newpassword':u[1],                               'newemail':u[2]                                                        })                     return users       def main():    file = 'user.txt'    home_url = 'http://localhost/upload/admin.php'    admin = 'admin'    pwd = '123456'    adder = Adder(home_url,admin,pwd)        users = readtxt(file)    adder.addusers(users)if __name__ == '__main__':    main()    pass 

1. 在Main()函数中需要根据实际情况修改相关参数：

file：包括用户信息的文件。 
home_url：管理后台的访问路径。 
pwd：管理员的访问密码。

2.用户信息文件按顺序存储用户信息（用户名，密码，邮箱，用户组，是否通知，addsubmit）。可以按如下两种方式组织：

包含全部信息：

test1,123456,test1@test.com,10,0,addsubmittest2,123456,test2@test.com,10,0,addsubmittest3,123456,test3@test.com,10,0,addsubmittest4,123456,test4@test.com,10,0,addsubmit

也可以只需要部分信息：

test1,123456,test1@test.comtest2,123456,test2@test.comtest3,123456,test3@test.comtest4,123456,test4@test.com