I am gonna look at this and see how it works.
Why is it that there are numerous extensions to bypass MW login and
use an external authentication provider, but not a single one the
other way round? Strange...
Thanks,
Andi
On 02/10/2007, Jim Hu <jimhu(a)tamu.edu> wrote:
I did something like this, but it probably introduces
horrible
security holes.
I basically did a tiny extension that had MW update a log file that
could be accessed by the other application to determine that the user
was logged into MW.
<?php
# Register hooks
$wgHooks['UserLoginComplete'][] = 'wfRecordLoginToTmpFile' ;
$wgHooks['UserLogout'][] = 'wfRecordLogoutToTmpFile' ;
$wgHooks['BeforePageDisplay'][] = 'wfTouchIsLoggedInTmpFile' ;
/**
* Gives extension modules a chance to create pages by exposing the
PagesOnDemand hook.
* @param Title $title The Title of this request.
* @param Article $article The Article of this request (should usually
be null).
* @return true (always)
*/
function wfRecordLoginToTmpFile( $wgUser ) {
$logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName();
$log = file_get_contents($logfile);
$test_string =
$_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT'];
if (!strpos(" ".$log, $test_string)) $log .=
"$test_string\n";
file_put_contents($logfile, $log);
return true;
}
function wfRecordLogoutToTmpFile( $wgUser ) {
$logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName();
$log = file_get_contents($logfile);
$test_string =
$_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT'];
if (strpos(" ".$log, $test_string) > 0){
#echo "erasing $logfile";
$log = str_replace($test_string, "", $log);
}
file_put_contents($logfile, $log);
return true;
}
function wfTouchIsLoggedInTmpFile( $out ) {
global $wgUser;
if ($wgUser->isLoggedIn()){
$logfile = '/path_to_tmp/tmp/mwlogin/'.$wgUser->getName();
touch($logfile);
}
return true;
}
?>
Then I modified the second app (a blog) to check for logged in
status. I think the security holes are all on the side of the second
app. LDAP is probably much, much better.
Jim
On Sep 28, 2007, at 4:34 AM, Andreas Rindler wrote:
Hi,
I am trying to find a way to autologin users who register or login to
Mediawiki to also be registered and logged into another application's
user database in order to save them a second registration. I have
found many extensions that do it the other way round (from another
application automatically into MW), but not this case. Does anyone
have a suggestion on how to go about doing this?
The second application is a php based web app with its own, very
simple security model. It just needs username, password and email
address.
Some use cases:
#1
1. New user fills in registration page in MW
2. a) MW registers user in MW database
2. b) MW registers user in second, external (but local) database
3. User is logged into MW and logged into external application
#2
1. Existing user logs into MW
2. MW automatically logs user into other application
#3
1. User logs out of MW
2. MW logs out user from other application
#4
1. User changes password in MW
2. MW updates password in other database
(there could be a variation of this use case if users use 'forgot
password' and similar)
Thanks,
Andi
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/wikitech-l