Chris, if you check archives of this list you'll see I've posted a solution to the NTLM passthrough authentication issue a few times for MW1.4. Anyway, our code that does this is below.
Cheers,
Al.
function loadFromSession() { global $wgMemc, $wgDBname;
if ( isset( $_SESSION['wsUserID'] ) ) { if ( 0 != $_SESSION['wsUserID'] ) { $sId = $_SESSION['wsUserID']; } else { return new User(); } } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) { $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] ); $_SESSION['wsUserID'] = $sId; } else if ( isset($_SERVER["AUTH_USER"])) { //Rembrandt modification to allow logon via authentication information //passed from IIS
global $wgUser; global $wgDeferredUpdateList;
//get the username $temp = explode('domainname', strtolower($_SERVER["AUTH_USER"])); //remove the domain name from AUTH_USER if ($temp[1] == "") { $name = $temp[0]; } else { $name = $temp[1]; } if (substr($username,0,1) == "\") { $username = substr($username,1);}
//pull in the usernames and passwords we'll need for the database lookup global $wgDBprefix; global $wgDBuser; global $wgDBpassword; global $wgDBserver; global $wgDBname;
//we'll use PHP's MYSQL module to access the mediawiki database $link = mysql_connect($wgDBserver,$wgDBuser,$wgDBpassword); @mysql_select_db($wgDBname, $link) or die( "Unable to select user database for NTLM authentication"); $query="SELECT * FROM " . $wgDBprefix . "user WHERE LOWER(user_name) = '" . strtolower($name) . "'"; $result = mysql_query($query, $link); $row = mysql_fetch_array($result, MYSQL_ASSOC); mysql_close($link);
//set the variables we need to transparently authenticate $sId = $row['user_id']; $_SESSION['wsUserID'] = $row['user_id']; $_SESSION['wsUserName'] = $row['user_name']; $_SESSION['wsToken'] = $row['user_token'];
//set cookies with this info to make life easier for us in the future global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname; setcookie( $wgDBname.'UserID', $row['user_id'], 0, $wgCookiePath, $wgCookieDomain ); setcookie( $wgDBname.'UserName', $row['user_name'], 0, $wgCookiePath, $wgCookieDomain ); setcookie( $wgDBname.'Token', $row['user_token'], 0, $wgCookiePath, $wgCookieDomain );
} else { return new User(); } if ( isset( $_SESSION['wsUserName'] ) ) { $sName = $_SESSION['wsUserName']; } else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) { $sName = $_COOKIE["{$wgDBname}UserName"]; $_SESSION['wsUserName'] = $sName; } else { return new User(); }
$passwordCorrect = FALSE; $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" ); if($makenew = !$user) { wfDebug( "User::loadFromSession() unable to load from memcached\n" ); $user = new User(); $user->mId = $sId; $user->loadFromDatabase(); } else { wfDebug( "User::loadFromSession() got from cache!\n" ); }
if ( isset( $_SESSION['wsToken'] ) ) { $passwordCorrect = $_SESSION['wsToken'] == $user->mToken; } else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) { $passwordCorrect = $user->mToken == $_COOKIE["{$wgDBname}Token"]; } else { return new User(); # Can't log in from session }
if ( ( strtolower($sName) == strtolower($user->mName) ) && $passwordCorrect ) { //modified to allow for case differences between mediawiki and NTLM usernames if($makenew) { if($wgMemc->set( $key, $user )) { wfDebug( "User::loadFromSession() successfully saved user\n" ); } else { wfDebug( "User::loadFromSession() unable to save to memcached\n" ); } } $user->spreadBlock(); return $user; }
return new User(); # Can't log in from session }
-----Original Message----- From: Chris McIntosh [mailto:cmcintosh@gmail.com] Sent: Thursday, 17 November 2005 7:19 a.m. To: mediawiki-l@wikimedia.org Subject: [Mediawiki-l] Re: Intranet Single Signon
I should add more information.
$wgIP is set to the login name of the user. So what I am doing here is checking if that login name is already a vaild user if so load it, else create a new account with that name.
All that works well, as I said before only problem I have been able to find is saving the preferences. Can't seem to get that token set right. I think it is some sort of session issue since my code executes on each load, but I am not sure.
Any help would be appreciated,
Thanks Chris McIntosh
On 11/16/05, Chris McIntosh cmcintosh@gmail.com wrote:
I am modifying the source code to allow our internal Intranet users to automatically log in to the wiki based on their username applied by
apache.
I do this by using mod_ntlm to get their NTLM credentials and then want to seemlessly log them in.
The problem I am having is setting up the user variable (wgUser) properly. I have tried the following.
For now I have it near the bottom of Setup.php just to test around line 300.
if ( $wgUseRemoteUser) { if ($userid = $wgUser->idFromName($wgIP)) { $wgUser->setId($userid); $wgUser->loadFromDatabase(); } else { $wgUser = $wgUser->newFromName($wgIP); $wgUser->setId($wgUser->getMaxId()); $wgUser->addToDatabase(); } $wgUser->setToken() ; $wgUser->setCookies(); }
The problem with this approach is I can't change any preferences for this user. Everything else seems fine but if I try and change a setting like Underline links, the preference page won't save. I have tracked that down to the edit token not being set properly, but I am not sure how to set it. If I remove the check in SpecialPreferences where it calls matchEditToken then everything works fine.
Any advice?
Thanks Chris McIntosh
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org