Hi, I am trying to find a way to autologin users who register or login to Mediawiki to also be registered and logged into another application's user database in order to save them a second registration. I have found many extensions that do it the other way round (from another application automatically into MW), but not this case. Does anyone have a suggestion on how to go about doing this?
The second application is a php based web app with its own, very simple security model. It just needs username, password and email address.
Some use cases: #1 1. New user fills in registration page in MW 2. a) MW registers user in MW database 2. b) MW registers user in second, external (but local) database 3. User is logged into MW and logged into external application
#2 1. Existing user logs into MW 2. MW automatically logs user into other application
#3 1. User logs out of MW 2. MW logs out user from other application
#4 1. User changes password in MW 2. MW updates password in other database (there could be a variation of this use case if users use 'forgot password' and similar)
Thanks, Andi
On 9/28/07, Andreas Rindler mediawiki@jenandi.com wrote:
Hi, I am trying to find a way to autologin users who register or login to Mediawiki to also be registered and logged into another application's user database in order to save them a second registration. I have found many extensions that do it the other way round (from another application automatically into MW), but not this case. Does anyone have a suggestion on how to go about doing this?
Have you tried playing with Authentication extensions? There's some sample code on svn, under trunk/extensions/auth.
I did something like this, but it probably introduces horrible security holes.
I basically did a tiny extension that had MW update a log file that could be accessed by the other application to determine that the user was logged into MW.
<?php # Register hooks $wgHooks['UserLoginComplete'][] = 'wfRecordLoginToTmpFile' ; $wgHooks['UserLogout'][] = 'wfRecordLogoutToTmpFile' ; $wgHooks['BeforePageDisplay'][] = 'wfTouchIsLoggedInTmpFile' ;
/** * Gives extension modules a chance to create pages by exposing the PagesOnDemand hook. * @param Title $title The Title of this request. * @param Article $article The Article of this request (should usually be null). * @return true (always) */ function wfRecordLoginToTmpFile( $wgUser ) { $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); $log = file_get_contents($logfile); $test_string = $_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT'];
if (!strpos(" ".$log, $test_string)) $log .= "$test_string\n"; file_put_contents($logfile, $log); return true; }
function wfRecordLogoutToTmpFile( $wgUser ) { $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); $log = file_get_contents($logfile); $test_string = $_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']; if (strpos(" ".$log, $test_string) > 0){ #echo "erasing $logfile"; $log = str_replace($test_string, "", $log); } file_put_contents($logfile, $log); return true; }
function wfTouchIsLoggedInTmpFile( $out ) { global $wgUser; if ($wgUser->isLoggedIn()){ $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); touch($logfile); } return true; } ?>
Then I modified the second app (a blog) to check for logged in status. I think the security holes are all on the side of the second app. LDAP is probably much, much better.
Jim
On Sep 28, 2007, at 4:34 AM, Andreas Rindler wrote:
Hi, I am trying to find a way to autologin users who register or login to Mediawiki to also be registered and logged into another application's user database in order to save them a second registration. I have found many extensions that do it the other way round (from another application automatically into MW), but not this case. Does anyone have a suggestion on how to go about doing this?
The second application is a php based web app with its own, very simple security model. It just needs username, password and email address.
Some use cases: #1
- New user fills in registration page in MW
- a) MW registers user in MW database
- b) MW registers user in second, external (but local) database
- User is logged into MW and logged into external application
#2
- Existing user logs into MW
- MW automatically logs user into other application
#3
- User logs out of MW
- MW logs out user from other application
#4
- User changes password in MW
- MW updates password in other database
(there could be a variation of this use case if users use 'forgot password' and similar)
Thanks, Andi
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
===================================== Jim Hu Associate Professor Dept. of Biochemistry and Biophysics 2128 TAMU Texas A&M Univ. College Station, TX 77843-2128 979-862-4054
I am gonna look at this and see how it works.
Why is it that there are numerous extensions to bypass MW login and use an external authentication provider, but not a single one the other way round? Strange...
Thanks, Andi
On 02/10/2007, Jim Hu jimhu@tamu.edu wrote:
I did something like this, but it probably introduces horrible security holes.
I basically did a tiny extension that had MW update a log file that could be accessed by the other application to determine that the user was logged into MW.
<?php # Register hooks $wgHooks['UserLoginComplete'][] = 'wfRecordLoginToTmpFile' ; $wgHooks['UserLogout'][] = 'wfRecordLogoutToTmpFile' ; $wgHooks['BeforePageDisplay'][] = 'wfTouchIsLoggedInTmpFile' ; /** * Gives extension modules a chance to create pages by exposing the PagesOnDemand hook. * @param Title $title The Title of this request. * @param Article $article The Article of this request (should usually be null). * @return true (always) */ function wfRecordLoginToTmpFile( $wgUser ) { $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); $log = file_get_contents($logfile); $test_string = $_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']; if (!strpos(" ".$log, $test_string)) $log .= "$test_string\n"; file_put_contents($logfile, $log); return true; } function wfRecordLogoutToTmpFile( $wgUser ) { $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); $log = file_get_contents($logfile); $test_string = $_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']; if (strpos(" ".$log, $test_string) > 0){ #echo "erasing $logfile"; $log = str_replace($test_string, "", $log); } file_put_contents($logfile, $log); return true; } function wfTouchIsLoggedInTmpFile( $out ) { global $wgUser; if ($wgUser->isLoggedIn()){ $logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName(); touch($logfile); } return true; } ?>
Then I modified the second app (a blog) to check for logged in status. I think the security holes are all on the side of the second app. LDAP is probably much, much better.
Jim
On Sep 28, 2007, at 4:34 AM, Andreas Rindler wrote:
Hi, I am trying to find a way to autologin users who register or login to Mediawiki to also be registered and logged into another application's user database in order to save them a second registration. I have found many extensions that do it the other way round (from another application automatically into MW), but not this case. Does anyone have a suggestion on how to go about doing this?
The second application is a php based web app with its own, very simple security model. It just needs username, password and email address.
Some use cases: #1
- New user fills in registration page in MW
- a) MW registers user in MW database
- b) MW registers user in second, external (but local) database
- User is logged into MW and logged into external application
#2
- Existing user logs into MW
- MW automatically logs user into other application
#3
- User logs out of MW
- MW logs out user from other application
#4
- User changes password in MW
- MW updates password in other database
(there could be a variation of this use case if users use 'forgot password' and similar)
Thanks, Andi
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
===================================== Jim Hu Associate Professor Dept. of Biochemistry and Biophysics 2128 TAMU Texas A&M Univ. College Station, TX 77843-2128 979-862-4054
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 10/3/07, Andreas Rindler mediawiki@jenandi.com wrote:
Why is it that there are numerous extensions to bypass MW login and use an external authentication provider, but not a single one the other way round? Strange...
There are plenty the other way around, I'm sure. Those just don't modify MediaWiki, so they aren't classified as MediaWiki extensions and aren't listed with them. I bet someone's done a phpBB extension that authenticates using a MW database, for instance.
Of course, you could always just use LDAP or something for both.
Hoi, We have some PHP code that should allow for the authentication against A-Select. It is one of the things we really want to get done. A-Select allows for the authentication against multiple hosts.. It is open source (BSD licensed I seem to remember) and it is used on a big scale by banks, the national libraries in the Netherlands and the Dutch government..
When you are interested let me know. Thanks, GerardM
On 10/3/07, Simetrical Simetrical+wikilist@gmail.com wrote:
On 10/3/07, Andreas Rindler mediawiki@jenandi.com wrote:
Why is it that there are numerous extensions to bypass MW login and use an external authentication provider, but not a single one the other way round? Strange...
There are plenty the other way around, I'm sure. Those just don't modify MediaWiki, so they aren't classified as MediaWiki extensions and aren't listed with them. I bet someone's done a phpBB extension that authenticates using a MW database, for instance.
Of course, you could always just use LDAP or something for both.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org