Skip to content Skip to sidebar Skip to footer
Home / Authentication / Mediawiki / Python

How To Check If A User Is Logged On In Mediawiki In A Different App?

Post a Comment
Here is the situation: I have a Mediawiki installation, and a few additional server-side scripts that require more resources and were already written in a different language (pytho

Solution 1:

mediawiki check if logged in:

<?phpglobal$wgUser;
require_once('StubObject.php');
if( StubObject::isRealObject( $wgUser ) &&  $wgUser->isLoggedIn())
{

// code or HTML

}
?>

I have also seen the following for skins (i.e. MonoBook.php), but I have not tested:

if(!$this->data['loggedin']) {

}

Warning: Make sure you test! There may be ways for people to get around the above tests... giving them access to content. I use it to simply hide the menu. If someone got around the above method I don't mind since they only see the menu.

Solution 2:

You can use the MediaWiki API to get the userinfo and parse that in XML.

Solution 3:

I can't comment on Jon's post due to lack of privileges, so I'm posting a new answer to elaborate on his about using MediaWiki API and passing cookies. Hopefully this helps someone.

You can use PHP's cURL library to pass the session cookie value as a cookie to the api.php page in your wiki (you need to create a complete URL for cURL to fetch the page). The session cookie name is either the value of $wgSessionCookie (which is set to false by default and not used) or $wgCookiePrefix . '_session' ($wgCookiePrefix is set to false by default and defaults to the database name). So based on the setup you have, use the appropriate value.

I use api.php?action=query&format=xml&meta=userinfo and then look for the user id that is returned by the wiki (Note format=xml). Id of 0 means that the user is anonymous.

Here is the complete code for the function that I use (I realize that I don't check for some possible error conditions). You will probably have to change the $session_cookie value

functionisLoggedIn()
{
  $session_cookie = 'wikidb_session';
  if(!isset($_COOKIE[$session_cookie]))
  {
    returnfalse;
  }

  $url = ((isset($_SERVER['HTTPS']))?'https://':'http://') .
         $_SERVER['HTTP_HOST'] .
         (($_SERVER['SERVER_PORT'] != 80)?':' . $_SERVER['SERVER_PORT']:'') .
         '/wiki/api.php?action=query&format=xml&meta=userinfo';

  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_COOKIE, $session_cookie . '=' . $_COOKIE[$session_cookie]);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  $ret = curl_exec($ch);
  curl_close($ch);

  return preg_match('/id="(\d+)"/',$ret,$id) && $id[1];
}

Note: If you only check whether anon="" or id="0" is returned by the api.php call, in the event that the call returns something unexpected or api.php is not at the URL, the function will report user as logged in, so it's better to check the id that is returned.

Solution 4:

All you need to do is essentially forward the session, cookies and all, to the API as if it's the user querying.

How would one go about doing that? I can access the API directly and see my login info, but if I access it via PHP, it shows me as not being logged in (anonymous user id "0"). How do I forward the session, cookies, etc. to the API via PHP to show the user's info?

Solution 5:

You can use Extension:Third party session verification to verify that a user is logged in without forwarding their session to your backend service.

You may like these posts

Post a Comment for "How To Check If A User Is Logged On In Mediawiki In A Different App?"