I posted info on how to do this back at the end of March (based on info posted by David Cameron) . Below is the modification I made to User.php to achieve this. You need to enable Windows authentication in IIS to make this work.
You can also look at AuthPlugin to seamlessly create mediawiki users based on another authentication mechanism, but as far as I can tell that didn't also offer automatic logon which the below will do for you.
Al.
function loadFromSession() {
global $wgMemc, $wgDBname;
if ( isset( $_SESSION['wsUserID'] ) ) { if ( 0 != $_SESSION['wsUserID'] ) { $sId = $_SESSION['wsUserID']; } else { return new User(); } } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) { $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] ); $_SESSION['wsUserID'] = $sId; } else if ( isset($_SERVER["AUTH_USER"])) { //modification to allow logon via authentication information //passed from IIS
global $wgUser; global $wgDeferredUpdateList;
//get the username $temp = explode('DOMAINNAME', $_SERVER["AUTH_USER"]); //remove the domain name from AUTH_USER if ($temp[1] == "") { $name = $temp[0]; } else { $name = $temp[1]; }
//pull in the usernames and passwords we'll need for the database lookup global $wgDBprefix; global $wgDBuser; global $wgDBpassword; global $wgDBserver; global $wgDBname;
//we'll use PHP's MYSQL module to access the mediawiki database as it's Q&D $link = mysql_connect($wgDBserver,$wgDBuser,$wgDBpassword); @mysql_select_db($wgDBname, $link) or die( "Unable to select user database for NTLM authentication"); $query="SELECT * FROM " . $wgDBprefix . "user WHERE LOWER(user_name) = '" . strtolower($name) . "'"; $result = mysql_query($query, $link); $row = mysql_fetch_array($result, MYSQL_ASSOC); mysql_close($link);
//set the variables we need to transparently authenticate $sId = $row['user_id']; $_SESSION['wsUserID'] = $row['user_id']; $_SESSION['wsUserName'] = $row['user_name']; $_SESSION['wsToken'] = $row['user_token'];
//set cookies with this info to make life easier for us in the future global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname; setcookie( $wgDBname.'UserID', $row['user_id'], 0, $wgCookiePath, $wgCookieDomain ); setcookie( $wgDBname.'UserName', $row['user_name'], 0, $wgCookiePath, $wgCookieDomain ); setcookie( $wgDBname.'Token', $row['user_token'], 0, $wgCookiePath, $wgCookieDomain );
} else { return new User(); } if ( isset( $_SESSION['wsUserName'] ) ) { $sName = $_SESSION['wsUserName']; } else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) { $sName = $_COOKIE["{$wgDBname}UserName"]; $_SESSION['wsUserName'] = $sName; } else { return new User(); }
$passwordCorrect = FALSE; $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" ); if($makenew = !$user) { wfDebug( "User::loadFromSession() unable to load from memcached\n" ); $user = new User(); $user->mId = $sId; $user->loadFromDatabase(); } else { wfDebug( "User::loadFromSession() got from cache!\n" ); }
if ( isset( $_SESSION['wsToken'] ) ) { $passwordCorrect = $_SESSION['wsToken'] == $user->mToken; } else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) { $passwordCorrect = $user->mToken == $_COOKIE["{$wgDBname}Token"]; } else { return new User(); # Can't log in from session }
if ( ( strtolower($sName) == strtolower($user->mName) ) && $passwordCorrect ) { //modified to allow for case differences between mediawiki and NTLM usernames if($makenew) { if($wgMemc->set( $key, $user )) { wfDebug( "User::loadFromSession() successfully saved user\n" ); } else { wfDebug( "User::loadFromSession() unable to save to memcached\n" ); } } $user->spreadBlock(); return $user; } return new User(); # Can't log in from session }
-----Original Message----- From: Toscano, Ashley [mailto:atoscano@edmunds.com] Sent: Thursday, 28 April 2005 7:49 a.m. To: MediaWiki announcements and site admin list Subject: [Mediawiki-l] How to require Sign In
Is there a way to hook the Sign In function to Active Directory on a corporate Windows network? Also, how do I require that users sign in before updating content on the wiki?
- Ashley Toscano Office: 310-309-6431 Edmunds.com "where smart car buyers start" _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org