Hi,
When AuthPlugin::updateUser() is called I would think that the preferences that have not changed would be left unchanged in the local MW DB but that is not the case. Here's my code:
function updateUser( &$user ) { if (is_array($this->acct)) { $user->setOption('nickname', $username); if (isset($this->acct['displayName'])) $user->setRealName($this->acct['displayName']); if (isset($this->acct['mail'])) $user->setEmail($this->acct['mail']); $user->setPassword(NULL); $user->saveSettings(); return true; } return false; }
It seems that even though only the nickname, real name and email address are updated, all other preferences are reset. How am I supposed to update only a few fields without wrecking the prefs? From looking at LdapAuthenticate.php it's not clear to me that it handles this situation any differently.
Also, when trying to update preferences, if AuthPlugin::updateExternalDB() returns false an error is displayed:
"There was either an external authentication database error or you are not allowed to update your external account."
Why does this error occur? I do not want to store preferences externally. Why does MW not store preferences locally regardless of what updateExternalDB returns?
Thanks for any help, Mike
Also, when trying to update preferences, if AuthPlugin::updateExternalDB() returns false an error is displayed:
"There was either an external authentication database error or you are not allowed to update your external account."
Why does this error occur? I do not want to store preferences externally. Why does MW not store preferences locally regardless of what updateExternalDB returns?
Since I wrote that part in, I guess I'll comment on it...
updateExternalDB() is exactly what the name implies. It is for updating an external database, meaning not MediaWiki's. In the case of LDAPAuthentication, it updates the user's LDAP entry.
If for some reason the function fails to update the external database (and returns false), that error message should be reported.
Why are you returning false from that function if you aren't using it? Just return true (the default).
V/r,
Ryan Lane
On 11/15/07, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
Why are you returning false from that function if you aren't using it? Just return true (the default).
That was it. That just solved all of my problems (minus the beer belly). No more error an preferences are save as I would expect.
Thanks Ryan, Mike
I am running php version 5.16, apache version 2.2.2 and Mediawiki version 1.9.3 on a Fedora Core 5 system.
I decided to follow the directions to use img_auth.php to secure my images in the /images directory. I followed the directions in http://www.mediawiki.org/wiki/Manual:Image_Authorisation and have been successful in:
-preventing direct web access to the images in the images/ directory (e.g., http://mywiki/images/d/d2/filename.jpg). -allowed uploading based on group permissions (e.g., only logged in users can upload). -Upload works fine.
In other words, it seemed to work well, until I checked accessing the URL that includes img_auth.php in the path (e.g., http://mywiki/img_auth.php/d/d2/filename.jpg). In this case I can see the file. I am not logged in. I added $wgWhitelistRead = true; to the LocalSettings.php file since I had seen that mentioned on some archives as needed but with no result. I can still access the images using that path. I have also checked that the PHP supports PATH_INFO which is the method I used on the Manual:Image_Authorisation web site.
Any ideas appreciated since what I have now is no better than what I had before, security via obscurity.
-Jim
-----Original Message----- From: Michael B Allen [mailto:ioplex@gmail.com] Sent: Thursday, November 15, 2007 1:11 PM To: mediawiki-l Subject: [Mediawiki-l] AuthPlugins and Overwriting Preferences
Hi,
When AuthPlugin::updateUser() is called I would think that the preferences that have not changed would be left unchanged in the local MW DB but that is not the case. Here's my code:
function updateUser( &$user ) { if (is_array($this->acct)) { $user->setOption('nickname', $username); if (isset($this->acct['displayName'])) $user->setRealName($this->acct['displayName']); if (isset($this->acct['mail'])) $user->setEmail($this->acct['mail']); $user->setPassword(NULL); $user->saveSettings(); return true; } return false; }
It seems that even though only the nickname, real name and email address are updated, all other preferences are reset. How am I supposed to update only a few fields without wrecking the prefs? From looking at LdapAuthenticate.php it's not clear to me that it handles this situation any differently.
Also, when trying to update preferences, if AuthPlugin::updateExternalDB() returns false an error is displayed:
"There was either an external authentication database error or you are not allowed to update your external account."
Why does this error occur? I do not want to store preferences externally. Why does MW not store preferences locally regardless of what updateExternalDB returns?
Thanks for any help, Mike
-- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org