[wp-hackers] Single sign-on with Wordpress & Mediawiki
spencerp
spencerp1 at gmail.com
Mon Oct 29 21:33:34 GMT 2007
Stephen Rider wrote:
> How well does this cover users changing?
>
> At the least, you have to ensure that any attempts to log into
> MediaWiki are redirected to the WordPress login.
>
> Stephen
That's what I was talking about on my post ( http://spencerp.net/id/43
). I manually edited MW files to ensure in every which way that the
users were directed to my WP blog login/registration pages.
"However, there is a downside, and that is people can’t register
directly on my MediaWiki. If they tried too, it would give the following
error message:
“Login error:
There was either an external authentication database error or you are
not allowed to update your external account.”
Well, since I’m awesome like that! I’ve come up with a work around for
this! And here below is what I had done..
1. Edited the MediaWiki:Sidebar by adding in my own custom Register
link, pointing to the Blog’s register page.
2. Edited some of the MediaWiki: (Logouttext, Createaccount, some
Login”whatever files”, Nologin, Notloggedin, and maybe a few others)
files - Removing all the “create account” references. So the “Login /
Create Account” link was chopped down to just “Login”.. Same goes for
the one found on the actual login page..
3. Replaced those “create account” words/calls with custom text saying
“Please click on the register link in the sidebar. Once you’ve created
an account through my blog’s register page, you’ll get an email with the
details. Once registered, your username and password will allow you to
login on the Codex.”
However, it shouldn't be this complicated though. Like Callum said below
in here, "MediaWiki relies on a couple of cookies being set, one of them
contains a "key" that's set in the MW user table. So on WP login, you
need to update the "key", set the cookies, and you should be off. I know
it's that easy with WordPress."
If WP can use a similar "cookie/key" as MW does, it should be fairly
easy for someone to make up a plugin. Have the MW registrations/logins,
WP registrations/logins and so forth, controlling/using the same tables
for such things. Example; If a user only has WP and bbPress installed,
then that plugin wouldn't really be needed because as someone said in
this discussion previously... that you would just need to set a couple
variables in the bbPress config file and you're off.
BUT, if a user wants to use MW, WP, and bbPress, they would need this
"plugin". Install this plugin, it then basically makes the MW user table
use WP's, then from WP's, it's controlling them all. So if Joe
registers/logins on MW, it will be fine because it's already using the
WP user table. Or, if Joe registers/logs in on WP blog, he'd already be
logged in/registered on MW too. Same goes for bbPress logins/
registrations.
From what I get, WP and bbPress already makes it easy for users to
control their registrations and logins. The only one that needs some
help with this, is MW. Or, any other software for that matter. Too bad
there couldn't be a way to make up a huge "main plugin", that has
control settings for various forms of softwares. phpBB, MW, etc etc...
Install this plugin some where, or just "uncomment" a section of the
plugin, upload it, or activate it and have it "force" the other
softwares user tables to use WP's.
Or, (since I'm not sure if WP has keys/cookies and what-not) if there's
a way to just add those things to WP from now on? Or, if that plugin
could do it, it would add those needed things to the WP users table when
activated? I'm not sure though, just was throwing out some things on my
mind...
>
> On Oct 29, 2007, at 1:26 PM, Callum Macdonald wrote:
>
>> Integrating WordPress and MediaWiki should be relatively simple.
>>
>> MediaWiki relies on a couple of cookies being set, one of them
>> contains a "key" that's set in the MW user table. So on WP login, you
>> need to update the "key", set the cookies, and you should be off. I
>> know it's that easy with WordPress.
>>
>> If you can use bbPress for the forum, you'll have all three from one
>> login in a snap (I reckon less than an hours work and probably 40
>> lines of code).
>>
>> Cheers - Callum.
>>
>> Jan Bucher wrote:
>>> I am working on exactly the same Setup (Vanilla, MW, WP). Until now i
>>> did not care about cookies, so no help there. But a good thought:
>>>
>>> Vanilla has the most extensive User-System, because of the
>>> Group-System (you can actually create your own roles/groups). I needed
>>> that, so my starting point had to be vanilla ..
>>>
>>> You can now very easily hook the vanilla authentication into MW, using
>>> the following 'plugin' (which by the way is not really a plugin, just
>>> a howto sold as plugin):
>>> http://lussumo.com/addons/index.php?PostBackAction=AddOn&AddOnID=130
>>>
>>> If you don't plan to use the extra-features, try bbpress. Seems to be
>>> more reliable and the installation process is a lot easier than
>>> vanilla.
>>>
>>> And if you find a good soluton ... let us know .. ;)
>>>
>>> Jan
>>>
>>> On 10/27/07, Sneaks <0vcqn5q02 at sneakemail.com> wrote:
>>>
>>>> thanks Callum, you've been more useful than Google!
>>>>
>>>> i think i'd prefer to leave the master set on WP if nothing more than
>>>> because the UI to manage users is much better.
>>>>
>>>> i'm actually trying to tie in three different systems for a cancer
>>>> non-profit: WP, Mediawiki and Vanilla (forum software). i just assumed
>>>> nobody would have any Vanilla experience :)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> We're doing it the other way, creating the users in our own system
>>>>> (in
>>>>> this example MediaWiki) and then creating the WordPress cookies.
>>>>> I'm not
>>>>> sure how MediaWiki works, but with WordPress if you insert the
>>>>> rows into
>>>>> the user table and create the cookies, the user never has to log in.
>>>>> WordPress handles it all on the fly
>>>>>
>>>>> So if you can redirect all WordPress logins to MediaWiki logins, then
>>>>> you create the MediaWiki and WP cookies and redirect back, you're in
>>>>> business.
>>>>>
>>>>> Ok, I just checked with MediaWiki version 1.11.0 and it requires
>>>>> an auth
>>>>> token to be updated in the user table and set in the cookie. For that
>>>>> reason, I'd suggest using MediaWiki's login, copy the data to
>>>>> WordPress,
>>>>> and then set the WordPress cookies. WP will do the rest.
>>>>>
>>>>> I think MediaWiki's approach is intrinsically more secure than
>>>>> WP's, but
>>>>> that's a topic for another day / thread! :)
>>>>>
>>>>> Cheers - Callum.
>>>>>
>>>>> Sneaks wrote:
>>>>>
>>>>>> thats an interesting idea. i suppose i could hook into the wp cookie
>>>>>> functions and set the mediawiki authentication cookies.
>>>>>>
>>>>>> last night i was playing around and set WP's cookie root to /,
>>>>>> and was
>>>>>> using:
>>>>>>
>>>>>> include($_SERVER[DOCUMENT_ROOT]."/blog/wp-blog-header.php");
>>>>>> auth_redirect();
>>>>>> wp_get_current_user();
>>>>>>
>>>>>> in a mediawiki auth plugin. i think that direction would also work,
>>>>>> but i'm worried about the lack of user data in the mediawiki db.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Callum Macdonald lists.automattic.com-at-callum-macdonald.com
>>>>>> |wordpress| wrote:
>>>>>>
>>>>>>> Logging a user into WP via the cookie is relatively simple.
>>>>>>> Check out
>>>>>>> pluggable.php for the wp_setcookie() function.
>>>>>>>
>>>>>>> Two cookies handle the login:
>>>>>>> wordpressuser_MD5OFSITEURL
>>>>>>> wordpresspass_MD5OFSITEURL
>>>>>>>
>>>>>>> The user cookie takes the username in plain text, the pass takes a
>>>>>>> double md5 of the password (just md5 what's in the user db).
>>>>>>>
>>>>>>> We're integrating WPMU login with another system, so we're writing
>>>>>>> our users to the wp user db then setting the cookies for WP. WP
>>>>>>> doesn't handle any login or logout functions.
>>>>>>>
>>>>>>> Cheers - Callum.
>>>>>>>
>>>>>>> [1]
>>>>>>> http://trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?rev=6291#L458
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Bertrand wrote:
>>>>>>>
>>>>>>>> Anyone have any idea how to share cookies from WP to Mediawiki? I
>>>>>>>> know there's lots of work out there to share db tables, but I
>>>>>>>> don't
>>>>>>>> want users to have to sign in twice.
>>>>>>>>
>>>>>>>> The ideal would be that Mediawiki reads the cookies from WP, but I
>>>>>>>> don't know how many side effects this would have.
>>>>>>>>
>>>>>>>> B
>>>>>>>> _______________________________________________
>>>>>>>> wp-hackers mailing list
>>>>>>>> wp-hackers at lists.automattic.com
>>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> wp-hackers mailing list
>>>>>>> wp-hackers at lists.automattic.com
>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> wp-hackers mailing list
>>>>>> wp-hackers at lists.automattic.com
>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>
>>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>>
>>>
>>>
>>>
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list