Hi,
I've searched on the meta-wiki and googled for the last two days, but I can't seem to manage to be able to create a wiki-user from an outside script.
My questions are:
1) I'm using the following code to generate the wiki password (as far as I can tell it's identical as in the wiki source [1.5]).
$wiki_password = md5($wiki_user_id . "-" . md5($_POST['password1']) );
2) the table user_rights. Setting the correspondent id to 'user' or 'sysop' doesn't solve the problem either. The right value for this is just "user" is it not?
3) Right now, in the user table, I'm setting user_id, user_name, user_real_name, user_password, and user_email. Do I need to set user_options as well? Any others?
Any help much appreciated, Henno
Henno,
I do not know, if this helps, but I have in EnotifWiki (= Mediawiki1.5 rc3) an option "Auto-account creation and auto-login".
See also http://bugzilla.wikipedia.org/show_bug.cgi?id=1360 There is a flowchart, which says more than 1000 words ;-) http://bugzilla.wikipedia.org/attachment.cgi?id=385&action=view
This is not an external script, but can help you to design one. Tom
Henno van Arkel schrieb:
Hi,
I've searched on the meta-wiki and googled for the last two days, but I can't seem to manage to be able to create a wiki-user from an outside script.
My questions are:
- I'm using the following code to generate the wiki password (as far
as I can tell it's identical as in the wiki source [1.5]).
$wiki_password = md5($wiki_user_id . "-" . md5($_POST['password1']) );
- the table user_rights. Setting the correspondent id to 'user' or
'sysop' doesn't solve the problem either. The right value for this is just "user" is it not?
- Right now, in the user table, I'm setting user_id, user_name,
user_real_name, user_password, and user_email. Do I need to set user_options as well? Any others?
Any help much appreciated, Henno _______________________________________________ Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Henno van Arkel wrote:
Hi,
I've searched on the meta-wiki and googled for the last two days, but I can't seem to manage to be able to create a wiki-user from an outside script.
My questions are:
- I'm using the following code to generate the wiki password (as far
as I can tell it's identical as in the wiki source [1.5]).
$wiki_password = md5($wiki_user_id . "-" . md5($_POST['password1']) );
- the table user_rights. Setting the correspondent id to 'user' or
'sysop' doesn't solve the problem either. The right value for this is just "user" is it not?
- Right now, in the user table, I'm setting user_id, user_name,
user_real_name, user_password, and user_email. Do I need to set user_options as well? Any others?
Any help much appreciated, Henno
What is the problem ? If it can't authenticate you might want to add some debugs statements in User:checkPassword .
Hi,
What is the problem ? If it can't authenticate you might want to add some debugs statements in User:checkPassword .
I compared the user info to a working account, the password's the problem.
I've read the code, and from what I gather, the password is created as: $password = md5(md5("{$user_id}-{$user_password}")); (password salt set to true of course).
If I try to create the valid account's password like this though, I get a different result. The problem lies here...
I guess I'll keep digging the code with a fresh pair of eyes tomorrow...
Take care, Henno
Henno van Arkel wrote:
Hi,
What is the problem ? If it can't authenticate you might want to add some debugs statements in User:checkPassword .
I compared the user info to a working account, the password's the problem.
I've read the code, and from what I gather, the password is created as: $password = md5(md5("{$user_id}-{$user_password}")); (password salt set to true of course).
Try: $password = md5("{$user_id}-".md5($user_password));
-- brion vibber (brion @ pobox.com)
On Sunday 28 August 2005 21:59, Brion Vibber wrote:
Try: $password = md5("{$user_id}-".md5($user_password));
How much safer this exactly is than simply md5($user_password)? I'm not a cryptography expert, but I'd say not much, as someone who manages to read a database will likely have usernames in addition to md5s, so it would not be much harder to crack them (only twice as slow, it seems to me).
Nikola Smolenski wrote:
Try: $password = md5("{$user_id}-".md5($user_password));
How much safer this exactly is than simply md5($user_password)?
It's much safer. The MD5 of the username serves as a salt, essentially defeating the possibility of an adversary using rainbow tables (precomputed hashes) to trivially recover the actual passwords.
-IK
wikitech-l@lists.wikimedia.org