Let's say I have a v1.11 wiki at www.mydomain.com/wiki/Main_Page, with source and all in /w as seems to be standard. I want to provide users logged in to the wiki with a set of data management forms, say at www.mydomain.com/maint/index.php (and other .php files under / maint). I'd like to use the wiki login for /maint authentication, and grab the username and userid to put in the database for auditing purposes, as well as controlling access to the forms. In other words, once users successfully log into the wiki, their session info is used to control access by other .php scripts under the same domain.
I have very little php session experience, and so am not sure where to start. Do my /maint .php files do a session_start(), and if so, what cookies to I look for to get username and userid? Can I just check for the username and userid cookies directly (and if so, what are they called), or is that open to spoofing? I've looked at my own Firefox cookies and see no PHPSESSID, so there must be some other session id thingy somewhere.
I must be overlooking the obvious. Any help appreciated.
Well, I've been able to decipher the appropriate cookies -- there's a mediawiki prefix AND an ISP prefix as well. Though I can't seem to do much with the <prefixes>_session cookie, I can read <prefixes>UserName and <prefixes>UserId, so as long as those two are always set when one logs in to the wiki then I'm fine. I guess.
On Oct 8, 2007, at 3:36 PM, dKosopedia admin wrote:
Let's say I have a v1.11 wiki at www.mydomain.com/wiki/Main_Page, with source and all in /w as seems to be standard. I want to provide users logged in to the wiki with a set of data management forms, say at www.mydomain.com/maint/index.php (and other .php files under / maint). I'd like to use the wiki login for /maint authentication, and grab the username and userid to put in the database for auditing purposes, as well as controlling access to the forms. In other words, once users successfully log into the wiki, their session info is used to control access by other .php scripts under the same domain.
I have very little php session experience, and so am not sure where to start. Do my /maint .php files do a session_start(), and if so, what cookies to I look for to get username and userid? Can I just check for the username and userid cookies directly (and if so, what are they called), or is that open to spoofing? I've looked at my own Firefox cookies and see no PHPSESSID, so there must be some other session id thingy somewhere.
I must be overlooking the obvious. Any help appreciated.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
dKosopedia admin wrote:
Well, I've been able to decipher the appropriate cookies -- there's a mediawiki prefix AND an ISP prefix as well. Though I can't seem to do much with the <prefixes>_session cookie, I can read <prefixes>UserName and <prefixes>UserId, so as long as those two are always set when one logs in to the wiki then I'm fine. I guess.
And easily spoofable. The right way would be using the mediawiki users infrastructure, which means many files: WebStart.php WebRequest.php User.php ...
On Oct 10, 2007, at 10:07 AM, Platonides wrote:
dKosopedia admin wrote:
Well, I've been able to decipher the appropriate cookies -- there's a mediawiki prefix AND an ISP prefix as well. Though I can't seem to do much with the <prefixes>_session cookie, I can read <prefixes>UserName and <prefixes>UserId, so as long as those two are always set when one logs in to the wiki then I'm fine. I guess.
And easily spoofable. The right way would be using the mediawiki users infrastructure, which means many files: WebStart.php WebRequest.php User.php ...
Yes, this is what I was afraid of. I was looking for a pointer to how to use the existing infrastructure, and was hoping I wouldn't have to include very many files. Doesn't look like that's the case.
mediawiki-l@lists.wikimedia.org