automated login for mediawiki 1.18.2 in php [solved+code]

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    php|uber.leet Forum Index // General
View previous topic :: View next topic  
Author Message
coder1



Joined: 25 Apr 2012
Posts: 4

PostPosted: Fri May 04, 2012 1:47 am    Post subject: automated login for mediawiki 1.18.2 in php [solved+code] Reply with quote
i dont have a website so i'd like to share my code here, no warranty given and you might want to add some more error handling/messages, hf:

Code:

function do_post_request($url, $data, $optional_headers = null)   {
   $params = array('http' => array(
                     'method' => 'POST',
                     'content' => $data));
   
   if ($optional_headers !== null) {
      $params['http']['header'] = $optional_headers;
   }
   
   $ctx = stream_context_create($params);
   
   if (!$fp = @fopen($url, 'r', false, $ctx)) return FALSE;
   $response = @stream_get_contents($fp);
         
   return $response;   
}

function mediawiki_login($username, $password) {
      /*
       *  STEP 1: request mediawiki login via api
       */
       
       $url='/wiki/api.php'; // EDIT THIS TO POINT TO YOUR WIKI API!
      $data=http_build_query(array('format'=>'json',
               'action'   =>'login',
               'lgname'   =>$username,
               'lgpassword'=>$password));
      $headers="Content-type: application/x-www-form-urlencoded\r\n".
            "Content-length: ".strlen($data)."\r\n".
            "Connection: close\r\n";
      
      $contents=do_post_request($url, $data, $headers);                  
      if ($contents===FALSE) return FALSE;
      
      $mwdata = json_decode($contents, true);    
      // check if the api answers as expected
      if($mwdata["login"]["result"] != "NeedToken"){
         return FALSE;         
      }
      
      $token=         $mwdata['login']['token'];
      $cookieprefix=   $mwdata['login']['cookieprefix'];
      $sessionid=      $mwdata['login']['sessionid'];
      
      /*
       *  STEP 2: send token using sessionid cookie
       */
      $data=http_build_query(array('format'=>'json',
                     'action' =>'login',
                     'lgname'   =>$username,
                     'lgpassword'=>$password,
                     'lgtoken' => $token));
      
      $headers="Content-type: application/x-www-form-urlencoded\r\n".
                  "Content-length: ".strlen($data)."\r\n".
                  "Cookie: ".$cookieprefix."_session=".$sessionid."\r\n".
                  "Connection: close\r\n";
      
      $contents=do_post_request($url, $data, $headers);
      if ($contents===FALSE) return FALSE;
      
      $mwdata = json_decode($contents, true);
      if($mwdata["login"]["result"] != "Success") return FALSE;
      
      // login success, set the mediawiki cookies
      $cookieprefix=   $mwdata['login']['cookieprefix'];
      $sessionid=      $mwdata['login']['sessionid'];
      $userid=      $mwdata['login']['lguserid'];
      $username=      $mwdata['login']['lgusername'];
      setcookie($cookieprefix.'UserID', $userid, 0, '/', '.yourdomain.tld', FALSE, TRUE); // INSERT YOUR DOMAIN
      setcookie($cookieprefix.'UserName', $username, 0, '/', '.yourdomain.tld', FALSE, TRUE);
      setcookie($cookieprefix.'_session', $sessionid, 0, '/', '.yourdomain.tld', FALSE, TRUE);
      
      return TRUE;
   }


Edit: forgot to replace some global variables that i used


Last edited by coder1 on Sat May 26, 2012 2:13 am; edited 3 times in total
Back to top
View user's profile Send private message
coder1



Joined: 25 Apr 2012
Posts: 4

PostPosted: Fri May 04, 2012 1:48 am    Post subject: Reply with quote
btw, this does not replace the auth plugin. it does work well together with auth plugin, though.
Back to top
View user's profile Send private message
root
Site Admin


Joined: 24 Jun 2005
Posts: 471

PostPosted: Tue May 08, 2012 10:40 am    Post subject: Reply with quote
Thanks coder1,

What file does this code go into/replace?

I see the two methods but I do not see anything that talks about the callers. So how do you suggest people implement this into their site?
Back to top
View user's profile Send private message
root
Site Admin


Joined: 24 Jun 2005
Posts: 471

PostPosted: Tue May 08, 2012 10:48 am    Post subject: Reply with quote
I wonder if you can call the login command on api.php directly so you do not have to do another http request.
Although your method does solve the name space issue that kept me from doing a true single sign on (SSO) solution.
Back to top
View user's profile Send private message
coder1



Joined: 25 Apr 2012
Posts: 4

PostPosted: Sat May 26, 2012 2:10 am    Post subject: Reply with quote
the code can reside in any file in your website, it's pretty much standalone, just call mediawiki_login() when a user has authenticated.
i think the general idea in an api is to use its interface and not call functions inside of its modules, but it probably could save you from doing post requests.
on the other hand, you will most likely have to change your code once the api code changes, while when doing post requests, you will only have to work on it again when the api interface changes.

greetings, c1
Back to top
View user's profile Send private message
blak3r



Joined: 30 Apr 2013
Posts: 1

PostPosted: Tue Apr 30, 2013 9:41 pm    Post subject: Reply with quote
@coder1 Thanks for the code. Looks like it's gonna do the trick for me.

Pretty cool I didn't have to hack around with any plugins for mediawiki to get my SSO working.
Back to top
View user's profile Send private message
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    php|uber.leet Forum Index // General All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

alexisBlue v1.2 // Theme Created By: Andrew Charron and Web Hosting Bluebook
Powered by phpBB © 2001, 2002 phpBB Group