The password cannot be blank. So, we define a
universal
password for all accounts. The code below will automatically
login for accounts that I manually create. It is not yet
automatically creating accounts.
You should use a randomly created password, or blank the password out
later in the authentication plugin's initUser() function. It is possible
for people to manually log in using SpecialUserlogin and the
authenticate function. This would allow people to log in as anyone. To
get an idea of how to do this, look at the SSLAuthentication plugin, the
Shibboleth plugin, or my plugin. The former two create a random
password, the latter blanks out the password.
function Auth_remote_user_hook() {
global $wgUser;
global $wgRequest;
global $_REQUEST;
// Universal Password for all users
$pass = "1Some2Secret3Password4"; // 1Some2Secret3Password4
// HTTP refer to login page
$httprefer = "Location: http" .
(isset($_SERVER['HTTPS'])
&& $_SERVER['HTTPS'] == "on" ? "s" :
"") .
"://" . $_SERVER['SERVER_NAME'] . ":" .
$_SERVER['SERVER_PORT'] .
( isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI']
: "/" .
( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
( $_SERVER['QUERY_STRING'] ? "?" . $_SERVER['QUERY_STRING']
: "" )
: "" )
);
I don't really see the need for the httprefer variable, more on that
below.
// For a few special pages, don't do anything.
$title = $wgRequest->getVal('title') ;
if ($title == 'Special:Userlogout' || $title ==
'Special:Userlogin') {
return;
}
// Do nothing if session is valid
$wgUser = User::loadFromSession();
if ($wgUser->isLoggedIn()) {
return;
}
// Do little if user already exists
// (set the _REQUEST variable so that Login knows we're
authenticated) $username = get_current_user(); $u =
User::newFromName( $username ); if (is_null($u)) {
# Invalid username or some other error -- force login, just return
return;
}
$wgUser = $u;
if ($u->getId() != 0) {
// Populate the userlogin form's username and password
(Userlogin.php)
$_REQUEST['wpName'] = $username;
$_REQUEST['wpPassword'] = $pass;
header($httprefer);
I don't get this part... Why are you changing request variables and
sending out headers? I don't think you should be doing this.
// Make call to load session name, otherwise can't save
if( !isset($wgCommandLineMode) && !isset(
$_COOKIE[session_name()] ) ) {
User::SetupSession();
}
// Set the cookies, save the settings, and return
$wgUser->setCookies();
$wgUser->saveSettings();
return;
}
// Ok, now we need to create a user.
$wgUser->setPassword=$pass;
include 'includes/SpecialUserlogin.php'; $form = new
LoginForm( $wgRequest ); $form->initUser( $wgUser );
$form->mName = $username;
$form->mPassword = $pass;
$form->mRetype = $pass;
$form->mCreateaccount = true;
$form->mRemember = true;
$form->mRealName = $username;
Why are you setting this stuff after you create the user
(form->initUser)? And why aren't you doing it through the authentication
plugin's initUser() function? Normally all of this stuff is set before
the user is created.
header($httprefer);
Again. It is a little strange to be sending out headers here.
$wgUser->setCookies();
$wgUser->saveSettings();
return;
}
You aren't setting up a session for the new user... Call
$wgUser->setupSession(); before you call setCookies().
V/r,
Ryan Lane