All geek questions in one place

How to check if a user is registered in media shows in another application?

Here is the situation:

I have a mediawiki installation and some additional server-side scripts that require more resources and have already been written in another language (python). The python code will be very loosely linked to the mediawiki code (only called by clicking on the link here or there)

I would like that when a GET or POST command is sent to the server to execute a python script, I would like to check if the user has already been registered in the mediawiki. If not, I would just like to redirect them to the mediawiki login page. Any ideas?

There are several articles on integrating MediaWiki with other PHP frameworks such as drupal and the forum, but this is more than what I need.

  What is the best way to do this?
 -check for cookies somehow (is this secure?)
 -does the mediawiki db keep track of who is logged in?

thanks

+4
source share
4 answers

You can use the MediaWiki API to get userinfo and parse it in XML.

+1
source

I cannot comment on Jon's post due to lack of privileges, so I am posting a new answer to explain in detail about its use of the MediaWiki API and the transmission of cookies. Hope this helps someone.

You can use the PHP cURL library to transfer the session cookie value as a cookie to the api.php page on your wiki (you need to create the full URL for cURL to get the page). The session cookie name is the value of $ wgSessionCookie (which is set and not used by default) or $wgCookiePrefix . '_session' $wgCookiePrefix . '_session' ($ wgCookiePrefix is ​​set to false by default and the database name is used by default). Therefore, based on the setting, use the appropriate value.

I use api.php?action=query&format=xml&meta=userinfo , and then look for the user ID that is returned by the wiki (Note format = xml ). The identifier 0 means that the user is anonymous.

Here is the complete code for the function used (I understand that I am not checking some possible error conditions). You probably have to change the value of $ session_cookie

 function isLoggedIn() { $session_cookie = 'wikidb_session'; if(!isset($_COOKIE[$session_cookie])) { return false; } $url = ((isset($_SERVER['HTTPS']))?'https://':'http://') . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80)?':' . $_SERVER['SERVER_PORT']:'') . '/wiki/api.php?action=query&format=xml&meta=userinfo'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_COOKIE, $session_cookie . '=' . $_COOKIE[$session_cookie]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $ret = curl_exec($ch); curl_close($ch); return preg_match('/id="(\d+)"/',$ret,$id) && $id[1]; }

Note. If you only check if anon = "or id =" 0 "is returned by calling api.php, in case the call returns something unexpected or api.php is not in the URL, the function will notify the user of the login so it’s better to check the returned id.

+1
source

mediawiki check if you are logged in:

 <?php global $wgUser; require_once('StubObject.php'); if( StubObject::isRealObject( $wgUser ) && $wgUser->isLoggedIn()) { // code or HTML } ?>

I also saw the following for skins (i.e. MonoBook.php), but I have not tested:

 if(!$this->data['loggedin']) { }

Attention! Make sure you check! There may be ways for people to get around the above tests ... giving them access to content. I use it to just hide the menu. If someone has circumvented the above method, I don't mind, because they only see the menu.

+1
source

All you have to do is forward the session, cookies, and everything to the API, as if it were requesting the user.

How to do it? I can access the API directly and see my login details, but if I access it through PHP, it shows that I am not registered (anonymous user ID is "0"). How to forward a session, cookies, etc. In the API via PHP to show user information?

0
source

Source: https://habr.com/ru/post/1299866/

More articles:


All Articles