问题
Here is the situation:
I have a mediawiki installation, and a few additional server-side scripts that require more resources and were already written in a different language (python). The python code will be very loosely coupled with the mediawiki code (only called by clicking on a link here or there)
What I would like is that when a GET or POST command is sent to the server to execute a python script, I would like to check to see if a user is already logged in to mediawiki. If not, I would like to just redirect them to the mediawiki login page. Any ideas?
There are several articles on integrating mediawiki with other PHP frameworks like drupal and forum software, but that is more than i need.
What is the best way to do this? -check for cookies somehow (is this secure?) -does the mediawiki db keep track of who is logged in?
Thanks
回答1:
You can use the MediaWiki API to get the userinfo and parse that in XML.
回答2:
I can't comment on Jon's post due to lack of privileges, so I'm posting a new answer to elaborate on his about using MediaWiki API and passing cookies. Hopefully this helps someone.
You can use PHP's cURL library to pass the session cookie value as a cookie to the api.php page in your wiki (you need to create a complete URL for cURL to fetch the page). The session cookie name is either the value of $wgSessionCookie (which is set to false by default and not used) or $wgCookiePrefix . '_session' ($wgCookiePrefix is set to false by default and defaults to the database name). So based on the setup you have, use the appropriate value.
I use api.php?action=query&format=xml&meta=userinfo and then look for the user id that is returned by the wiki (Note format=xml). Id of 0 means that the user is anonymous.
Here is the complete code for the function that I use (I realize that I don't check for some possible error conditions). You will probably have to change the $session_cookie value
function isLoggedIn()
{
$session_cookie = 'wikidb_session';
if(!isset($_COOKIE[$session_cookie]))
{
return false;
}
$url = ((isset($_SERVER['HTTPS']))?'https://':'http://') .
$_SERVER['HTTP_HOST'] .
(($_SERVER['SERVER_PORT'] != 80)?':' . $_SERVER['SERVER_PORT']:'') .
'/wiki/api.php?action=query&format=xml&meta=userinfo';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIE, $session_cookie . '=' . $_COOKIE[$session_cookie]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$ret = curl_exec($ch);
curl_close($ch);
return preg_match('/id="(\d+)"/',$ret,$id) && $id[1];
}
Note: If you only check whether anon="" or id="0" is returned by the api.php call, in the event that the call returns something unexpected or api.php is not at the URL, the function will report user as logged in, so it's better to check the id that is returned.
回答3:
mediawiki check if logged in:
<?php
global $wgUser;
require_once('StubObject.php');
if( StubObject::isRealObject( $wgUser ) && $wgUser->isLoggedIn())
{
// code or HTML
}
?>
I have also seen the following for skins (i.e. MonoBook.php), but I have not tested:
if(!$this->data['loggedin']) {
}
Warning: Make sure you test! There may be ways for people to get around the above tests... giving them access to content. I use it to simply hide the menu. If someone got around the above method I don't mind since they only see the menu.
回答4:
All you need to do is essentially forward the session, cookies and all, to the API as if it's the user querying.
How would one go about doing that? I can access the API directly and see my login info, but if I access it via PHP, it shows me as not being logged in (anonymous user id "0"). How do I forward the session, cookies, etc. to the API via PHP to show the user's info?
来源:https://stackoverflow.com/questions/2170990/how-to-check-if-a-user-is-logged-on-in-mediawiki-in-a-different-app