I try to auto-login mediawiki by API login,but didn't know how to do.Since I already used login api get "success" status on sandbox, I think maybe I do something wrong on set cookie.Get token and login api has been revamped in version 1.27 of MediaWiki,I can't find any example code work on 1.28.Thanks for all responses and suggestion. I've been stuck for so long. I really appreciate some help here. Thanks.
Here's my code,but didn't get login token properly. System Info: Software Version MediaWiki 1.28.2 PHP 5.6.30 MariaDB 10.1.21
<?php namespace mediawiki;
// Start session session_start();
/** * How to log in mediawiki using PHP cURL? * ------------------------------------------------- */
//set login username password which already in your mediawiki database $username = 'abc'; $password = '123';
//setup url $Root = 'localhost/mediawiki'; $API_Location = "${Root}/api.php";
//setup cookie $CookieFilePath = tempnam("/tmp", "TMP0"); $expire = 60*60*24*14 + time(); $CookiePrefix = 'theprefix'; $Domain = 'localhost';
// set variables to use in curl_setopts $PostFields = "action=query&meta=tokens&type=login&format=json";
// first http post to sign in to MediaWiki $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$API_Location"); curl_setopt($ch, CURLOPT_TIMEOUT, 500); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/x-www-form-urlencoded', 'Content-Length: ' .strlen($PostFields)) ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields"); curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath); curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);
$Result = curl_exec($ch); if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>'; curl_close($ch); // curl closed
$ResultSerialized = json_decode($Result,true); $Token = $ResultSerialized["query"]["tokens"]["logintoken"];
// cookie must be set using session id from first response $_SESSION["logintoken"]=$Token; //How can I get sessionid? $sessionid=session_id(); $_SESSION["sessionid"] =$sessionid;
setcookie("${CookiePrefix}_Session",$sessionid , $expire, '/', $Domain); setcookie("${CookiePrefix}UserName",$username,$expire,'/',$Domain); setcookie("${CookiePrefix}Token", $_SESSION["logintoken"], $expire, '/', $Domain);
// second http post to finish sign in $ch = curl_init(); $PostFields="action=login&lgname=${username}&lgpassword=${password}&lgtoken=${Token}&format=json"; curl_setopt($ch, CURLOPT_URL, "$API_Location"); curl_setopt($ch, CURLOPT_TIMEOUT, 500); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/x-www-form-urlencoded', 'Content-Length: ' .strlen($PostFields)) ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_COOKIE, "${CookiePrefix}_session=$sessionid");
curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath); curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);
$Result = curl_exec($ch); if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>'; curl_close($ch); // curl closed $ResultSerialized = json_decode($Result,true);
// set persistent cookies //$LgToken = $ResultSerialized["query"]["tokens"]["logintoken"]; $LgUserID = $ResultSerialized["login"]["lguserid"]; $LgUserName = $ResultSerialized["login"]["lgusername"]; $lgstatus=$ResultSerialized["login"]["result"]; var_dump($lgstatus);
setcookie("${CookiePrefix}UserName", $LgUserName, $expire, '/', $Domain); setcookie("${CookiePrefix}UserID", $LgUserID, $expire, '/', $Domain); //setcookie("${CookiePrefix}Token", $Token, $expire, '/', $Domain);
// Delete cURL cookie unlink($CookieFilePath);
?>
I also try to use clientlogin via postman, post request exactly like example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".
Reference: stackoverflow.com/questions/14107523/how-do-i-log-into-mediawiki-using-php-curl mediawiki.org/wiki/User:Krinkle/API_PHP_cURL_example mediawiki.org/wiki/API:Login/de/1_Beispiel mediawiki.org/wiki/API:Login
On Tue, May 16, 2017 at 2:26 PM, Guangyao_Cheng guangyao@nfs.iscas.ac.cn wrote:
I try to auto-login mediawiki by API login,but didn't know how to do.Since I already used login api get "success" status on sandbox, I think maybe I do something wrong on set cookie.Get token and login api has been revamped in version 1.27 of MediaWiki,I can't find any example code work on 1.28.Thanks for all responses and suggestion. I've been stuck for so long. I really appreciate some help here. Thanks.
You are not setting any cookie that would authenticate the user (just setting username + ID is not enough for obvious reasons). You should probably just use a cookie jar instead of trying to reimplement cookie handling manually. Also you should properly encode things (what happens if the password contains an & character?)
I also try to use clientlogin via postman, post request exactly like
example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".
That means you have not submitted any set of credentials that would be meaningful for login (such as a username + password). That or the wiki is misconfigured in some weird way and there is no way to log in at all (but you'd notice that when logging in manually).
mediawiki-api@lists.wikimedia.org