RE: [Mediawiki-l] HTTP_REMOTE_USER and MediaWiki - MediaWiki-l

1 May 2005


      You should be able to modify the code I attach below to look at the
HTTP_REMOTE_USER variable instead of the variable.
Cheers,
Al.
-----Original Message-----
From: Stephen J. Scheck [mailto:ss543@cornell.edu] 
Subject: [Mediawiki-l] HTTP_REMOTE_USER and MediaWiki
Our organization has a global authentication system, which can be set up to
propagate to web applications via the CGI HTTP_REMOTE_USER variable.
I want to set up MediaWiki to use this, so that if HTTP_REMOTE_USER is set,
it automatically uses it as if a user with the same name had logged in
normally.
------------------------------------------------------------------------
Stephen J. Scheck                             Email: ss543@cornell.edu
Network Administrator                         Phone: 607.255.6278
Department of Chemistry and Chemical Biology  www.chem.cornell.edu/crcf/
-----Original Message-----
From: Alistair Johnson [mailto:JohnsonA@rembrandt.co.nz] 
Sent: Thursday, 28 April 2005 8:24 a.m.
To: MediaWiki announcements and site admin list
Subject: RE: [Mediawiki-l] How to require Sign In
I posted info on how to do this back at the end of March (based on info
posted by David Cameron) .  Below is the modification I made to User.php to
achieve this.  You need to enable Windows authentication in IIS to make this
work.
You can also look at AuthPlugin to seamlessly create mediawiki users based
on another authentication mechanism, but as far as I can tell that didn't
also offer automatic logon which the below will do for you.
Al.
function loadFromSession() {
global $wgMemc, $wgDBname;
if ( isset( $_SESSION['wsUserID'] ) ) {
    		if ( 0 != $_SESSION['wsUserID'] ) {
    			$sId = $_SESSION['wsUserID'];
    		} else {
    			return new User();
    		}
    	} else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
    		$sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
    		$_SESSION['wsUserID'] = $sId;
    	} else if ( isset($_SERVER["AUTH_USER"])) {
    	  //modification to allow logon via authentication
information
    	  //passed from IIS
global $wgUser;
      global $wgDeferredUpdateList;
//get the username
      $temp = explode('DOMAINNAME', $_SERVER["AUTH_USER"]); //remove the
domain name from AUTH_USER
      if ($temp[1] == "") {
        $name = $temp[0];
      } else {
        $name = $temp[1];
      }
//pull in the usernames and passwords we'll need for the database
lookup
      global $wgDBprefix;
      global $wgDBuser;
      global $wgDBpassword;
      global $wgDBserver;
      global $wgDBname;
//we'll use PHP's MYSQL module to access the mediawiki database as
it's Q&D
      $link = mysql_connect($wgDBserver,$wgDBuser,$wgDBpassword);
      @mysql_select_db($wgDBname, $link) or die( "Unable to select user
database for NTLM authentication");
      $query="SELECT * FROM " . $wgDBprefix . "user WHERE LOWER(user_name) =
'" . strtolower($name) . "'";
      $result = mysql_query($query, $link);
      $row = mysql_fetch_array($result, MYSQL_ASSOC);
      mysql_close($link);
//set the variables we need to transparently authenticate
      $sId                    = $row['user_id'];
      $_SESSION['wsUserID']   = $row['user_id'];
    		$_SESSION['wsUserName'] = $row['user_name'];
    		$_SESSION['wsToken']    = $row['user_token'];
//set cookies with this info to make life easier for us in the future
    	global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain,
$wgDBname;
    	  setcookie( $wgDBname.'UserID', $row['user_id'], 0,
$wgCookiePath, $wgCookieDomain );
    	  setcookie( $wgDBname.'UserName', $row['user_name'], 0,
$wgCookiePath, $wgCookieDomain );
    		setcookie( $wgDBname.'Token', $row['user_token'], 0,
$wgCookiePath, $wgCookieDomain );
} else {
    		return new User();
    	}
    	if ( isset( $_SESSION['wsUserName'] ) ) {
    		$sName = $_SESSION['wsUserName'];
    	} else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) {
    		$sName = $_COOKIE["{$wgDBname}UserName"];
    		$_SESSION['wsUserName'] = $sName;
    	} else {
    		return new User();
    	}
$passwordCorrect = FALSE;
    	$user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
    	if($makenew = !$user) {
    		wfDebug( "User::loadFromSession() unable to load
from memcached\n" );
    		$user = new User();
    		$user->mId = $sId;
    		$user->loadFromDatabase();
    	} else {
    		wfDebug( "User::loadFromSession() got from cache!\n"
);
    	}
if ( isset( $_SESSION['wsToken'] ) ) {
    		$passwordCorrect = $_SESSION['wsToken'] ==
$user->mToken;
    	} else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) {
    		$passwordCorrect = $user->mToken ==
$_COOKIE["{$wgDBname}Token"];
    	} else {
    		return new User(); # Can't log in from session
    	}
if ( ( strtolower($sName) == strtolower($user->mName) ) &&
$passwordCorrect ) { //modified to allow for case differences between
mediawiki and NTLM usernames
    		if($makenew) {
    			if($wgMemc->set( $key, $user )) {
    				wfDebug( "User::loadFromSession()
successfully saved user\n" );
    			} else {
    				wfDebug( "User::loadFromSession()
unable to save to memcached\n" );
    			}
    		}
    		$user->spreadBlock();
    		return $user;
    	}
    	return new User(); # Can't log in from session
    }
-----Original Message-----
From: Toscano, Ashley [mailto:atoscano@edmunds.com]
Sent: Thursday, 28 April 2005 7:49 a.m.
To: MediaWiki announcements and site admin list
Subject: [Mediawiki-l] How to require Sign In
Is there a way to hook the Sign In function to Active Directory on a
corporate Windows network?  Also, how do I require that users sign in before
updating content on the wiki?
- Ashley Toscano        Office: 310-309-6431
Edmunds.com  "where smart car buyers start"
_______________________________________________