[Mediawiki-l] How to require Sign In

Alistair Johnson JohnsonA at rembrandt.co.nz
Wed Apr 27 20:23:32 UTC 2005 

I posted info on how to do this back at the end of March (based on info
posted by David Cameron) .  Below is the modification I made to User.php to
achieve this.  You need to enable Windows authentication in IIS to make this
work.

You can also look at AuthPlugin to seamlessly create mediawiki users based
on another authentication mechanism, but as far as I can tell that didn't
also offer automatic logon which the below will do for you.

Al.

	function loadFromSession() {

		global $wgMemc, $wgDBname;

		if ( isset( $_SESSION['wsUserID'] ) ) {
			if ( 0 != $_SESSION['wsUserID'] ) {
				$sId = $_SESSION['wsUserID'];
			} else {
				return new User();
			}
		} else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
			$sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
			$_SESSION['wsUserID'] = $sId;
		} else if ( isset($_SERVER["AUTH_USER"])) {
		  //modification to allow logon via authentication
information
		  //passed from IIS

      global $wgUser;
      global $wgDeferredUpdateList;
      
      //get the username
      $temp = explode('DOMAINNAME', $_SERVER["AUTH_USER"]); //remove the
domain name from AUTH_USER
      if ($temp[1] == "") {
        $name = $temp[0];
      } else {
        $name = $temp[1];
      }

      //pull in the usernames and passwords we'll need for the database
lookup
      global $wgDBprefix;
      global $wgDBuser;
      global $wgDBpassword;
      global $wgDBserver;
      global $wgDBname;

      //we'll use PHP's MYSQL module to access the mediawiki database as
it's Q&D
      $link = mysql_connect($wgDBserver,$wgDBuser,$wgDBpassword);
      @mysql_select_db($wgDBname, $link) or die( "Unable to select user
database for NTLM authentication");
      $query="SELECT * FROM " . $wgDBprefix . "user WHERE LOWER(user_name) =
'" . strtolower($name) . "'";
      $result = mysql_query($query, $link);
      $row = mysql_fetch_array($result, MYSQL_ASSOC);
      mysql_close($link);
            
      //set the variables we need to transparently authenticate
      $sId                    = $row['user_id'];
      $_SESSION['wsUserID']   = $row['user_id'];
			$_SESSION['wsUserName'] = $row['user_name'];
			$_SESSION['wsToken']    = $row['user_token'];

      //set cookies with this info to make life easier for us in the future
  		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain,
$wgDBname;
		  setcookie( $wgDBname.'UserID', $row['user_id'], 0,
$wgCookiePath, $wgCookieDomain );
		  setcookie( $wgDBname.'UserName', $row['user_name'], 0,
$wgCookiePath, $wgCookieDomain );
			setcookie( $wgDBname.'Token', $row['user_token'], 0,
$wgCookiePath, $wgCookieDomain );

    } else {
			return new User();
		}
		if ( isset( $_SESSION['wsUserName'] ) ) {
			$sName = $_SESSION['wsUserName'];
		} else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) {
			$sName = $_COOKIE["{$wgDBname}UserName"];
			$_SESSION['wsUserName'] = $sName;
		} else {
			return new User();
		}

		$passwordCorrect = FALSE;
		$user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
		if($makenew = !$user) {
			wfDebug( "User::loadFromSession() unable to load
from memcached\n" );
			$user = new User();
			$user->mId = $sId;
			$user->loadFromDatabase();
		} else {
			wfDebug( "User::loadFromSession() got from cache!\n"
);
		}

		if ( isset( $_SESSION['wsToken'] ) ) {
			$passwordCorrect = $_SESSION['wsToken'] ==
$user->mToken;
		} else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) {
			$passwordCorrect = $user->mToken ==
$_COOKIE["{$wgDBname}Token"];
		} else {
			return new User(); # Can't log in from session
		}

		if ( ( strtolower($sName) == strtolower($user->mName) ) &&
$passwordCorrect ) { //modified to allow for case differences between
mediawiki and NTLM usernames
			if($makenew) {
				if($wgMemc->set( $key, $user )) {
					wfDebug( "User::loadFromSession()
successfully saved user\n" );
				} else {
					wfDebug( "User::loadFromSession()
unable to save to memcached\n" );
				}
			}
			$user->spreadBlock();
			return $user;
		}
		return new User(); # Can't log in from session
	} 

-----Original Message-----
From: Toscano, Ashley [mailto:atoscano at edmunds.com] 
Sent: Thursday, 28 April 2005 7:49 a.m.
To: MediaWiki announcements and site admin list
Subject: [Mediawiki-l] How to require Sign In


Is there a way to hook the Sign In function to Active Directory on a
corporate Windows network?  Also, how do I require that users sign in before
updating content on the wiki?

- Ashley Toscano        Office: 310-309-6431
Edmunds.com  "where smart car buyers start"
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

More information about the MediaWiki-l mailing list