I try to auto-login mediawiki by API login,but didn't know how to do.Since I already used login api get "success" status on sandbox, I think maybe I do something wrong on set cookie.Get token and login api has been revamped in version 1.27 of MediaWiki,I can't find any example code work on 1.28.Thanks for all responses and suggestion. I've been stuck for so long. I really appreciate some help here. Thanks.
Here's my code,but didn't get login token properly.
System Info:
Software Version
MediaWiki 1.28.2
PHP 5.6.30
MariaDB 10.1.21
<?php
namespace mediawiki;
// Start session
session_start();
/**
* How to log in mediawiki using PHP cURL?
* -------------------------------------------------
*/
//set login username password which already in your mediawiki database
$username = 'abc';
$password = '123';
//setup url
$Root = 'localhost/mediawiki';
$API_Location = "${Root}/api.php";
//setup cookie
$CookieFilePath = tempnam("/tmp", "TMP0");
$expire = 60*60*24*14 + time();
$CookiePrefix = 'theprefix';
$Domain = 'localhost';
// set variables to use in curl_setopts
$PostFields = "action=query&meta=tokens&type=login&format=json";
// first http post to sign in to MediaWiki
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded',
'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);
$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed
$ResultSerialized = json_decode($Result,true);
$Token = $ResultSerialized["query"]["tokens"]["logintoken"];
// cookie must be set using session id from first response
$_SESSION["logintoken"]=$Token;
//How can I get sessionid?
$sessionid=session_id();
$_SESSION["sessionid"] =$sessionid;
setcookie("${CookiePrefix}_Session",$sessionid , $expire, '/', $Domain);
setcookie("${CookiePrefix}UserName",$username,$expire,'/',$Domain);
setcookie("${CookiePrefix}Token", $_SESSION["logintoken"], $expire, '/', $Domain);
// second http post to finish sign in
$ch = curl_init();
$PostFields="action=login&lgname=${username}&lgpassword=${password}&lgtoken=${Token}&format=json";
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded',
'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_COOKIE, "${CookiePrefix}_session=$sessionid");
curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);
$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed
$ResultSerialized = json_decode($Result,true);
// set persistent cookies
//$LgToken = $ResultSerialized["query"]["tokens"]["logintoken"];
$LgUserID = $ResultSerialized["login"]["lguserid"];
$LgUserName = $ResultSerialized["login"]["lgusername"];
$lgstatus=$ResultSerialized["login"]["result"];
var_dump($lgstatus);
setcookie("${CookiePrefix}UserName", $LgUserName, $expire, '/', $Domain);
setcookie("${CookiePrefix}UserID", $LgUserID, $expire, '/', $Domain);
//setcookie("${CookiePrefix}Token", $Token, $expire, '/', $Domain);
// Delete cURL cookie
unlink($CookieFilePath);
?>
I also try to use clientlogin via postman, post request exactly like example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".
Reference:
stackoverflow.com/questions/14107523/how-do-i-log-into-mediawiki-using-php-curl
mediawiki.org/wiki/User:Krinkle/API_PHP_cURL_example
mediawiki.org/wiki/API:Login/de/1_Beispiel
mediawiki.org/wiki/API:Login