DCCWikipedia Authentication

DCCWiki, a community DCC encyclopedia.

Newer version

A newer version has been released by Maarten van Dantzich over at the MediaWiki website. These pages will remain here for historical purposes.

Version Snapshots

Snapshots of versions so that you can get your version up and running. Please see these pages for instructions on various versions. Below are "snapshots" in time. I may not be running your combination, but you should be able to piece together whatever you are running.

Latest versions this code works on:

  • Drupal 4.6 branch
  • MediaWiki 1.6.7

Drupal 5.1 is already out. So, I guess this software if not being maintained anymore.

No one has posted anything. This module works with 4.6 and mediawiki 1.6 series. If anyone updates it, please update this page since alot of websites seem to point here. -Tazzytazzy

Not support by original author

This module is no longer supported by the original author as it's no longer needed. Welcome to support it yourself and use this as a base of information for others - or at least include a link so that others can download it.

I believe, as it stands, the script will work fine with Drupal 4.7 branch, not sure about MediaWiki 1.7 or 1.8 branches.

Todo

  • Include Drupal userid in the cookie so MediaWiki can properly associate a successfull cookie session transfer in the log entry.

Purpose

I (TazzyTazzy) have written a module for Drupal and an extension for MediaWiki 1.6 that allows MediaWiki to access a Drupal user table for authentication. This works for sites that use Drupal as their primary site, and the Wiki as a subdomain (i guess it would also work on a sub-path - untested). This setup also allows for single sign-on from a drupal session to a wiki session. At this time, i don't have plans to implement a single sign on from a wiki site to a drupal site, although someone can sign onto the wiki site, accessing the drupal table, directly.

With single signon, the drupal module creates a cookie which is then read by the mediawiki extension. This cookie contains user information, and original login IP address. This information is then encrypted. On the MediaWiki side, the cookie is decrypted, the ip address is matched up, and if it checks out, creates a new MediaWiki session. The cookie is also destroyed after the login since it's no longer needed (or desired to re-login at each webpage visit).

It's possible to just install the MediaWiki extension without the Drupal module, if desired. This will stop the single sign-on. Single sign-on can also be disabled by disabling the mediawiki.module from the Admin->modules area.

Disclaimer

Warning: I'm not a Drupal expert, nor a MediaWiki expert. If you find a better solution, or ways to make this work better, see a flaw, please post it on the disccssion page. Use at your own risk. Backup your files and your database before continuing.

Installation directions

First:

  • Copy the AuthDrupal.php as AuthDrupal.php, crypto.php as crypto.php, and Drupal.php as Drupal.php to your mediawiki1.6/extensions directory.
  • Change the database settings in AuthDrupal.php:
    • Namely, just the two settings for the "$db_table" and "$db_prefix" which should point to your drupal table and if you have a drupal_prefix.
    • It should be noted, that the MediaWiki database username needs to have access to READ/Write (select/update) the drupal tables.
    • MediaWiki will now update the last login time stamp within the drupal system. This helps to monitor for active/inactive users on the drupal site for users that primarily use the wiki portion of a site. MediaWiki also needs access to write to the watchdog table.
  • Lastly, change the crypt key in crypto.php file:
    • Change $key in the crypto.php (both copies need to match, make a symbolic link if possible, so that your site has a unique $key. Change this line:
 function phpFreaksCrypto($key = '!!!!ChamgeMe!!!', $iv = false, $algorithm = 'tripledes', $mode = 'ecb')

Second:

  • Copy Crypto.php file to your drupal/modules folder and mediawiki1.6/extensions folder.

Third:

  • Copy Mediawiki.module to your drupal/modules folder.
  • Simply enable this module in the admin->modules area of your drupal site to start creating cookies for the AuthDrupal.php extension to use.

Fourth:

  • For some reason the folks over at MediaWiki insist on having uppcase first letter usernames, even though the username is coming from a mediawiki authentication hook. This will cause username conflicts and users with lower case names. You'll need to modify this file: mediawiki1.6/includes/User.php Comment out the following lines to match this:
        function newFromName( $name ) {
                # Force usernames to capital
                global $wgContLang;
#               $name = $wgContLang->ucfirst( $name );

                # Clean up name according to title rules
                $t = Title::newFromText( $name );
#               if( is_null( $t ) ) {
#                       return null;
#               }
                # Reject various classes of invalid names
                $canonicalName = $t->getText();
                global $wgAuth;
                $canonicalName = $wgAuth->getCanonicalName( $t->getText() );
                if( !User::isValidUserName( $canonicalName ) ) {
                        return null;
                }

                $u = new User();
                $u->setName( $canonicalName );
                $u->setId( $u->idFromName( $canonicalName ) );
                return $u;
        }

And:

        function idFromName( $name ) {
                $fname = "User::idFromName";
                $nt = Title::newFromText( $name );
#               if( is_null( $nt ) ) {
#                       # Illegal name
#                       return null;
#               }
                $dbr =& wfGetDB( DB_SLAVE );
                $s = $dbr->selectRow(
        'user',
        array( 'user_id' ),
        array( 'user_name' => $name ),
        $fname );
                if ( $s === false ) {
                        return 0;
                } else {
                        return $s->user_id;
                }
        }

The last function to modify. There are some minor changes, best to copy/paste this revised function (MediaWiki 1.6.7):

        function isValidUserName( $name ) {
                global $wgContLang, $wgMaxNameChars;


                if ( $name == ''
                || User::isIP( $name )
                || strpos( $name, '/' ) !== false
                || strlen( $name ) > $wgMaxNameChars )
                        return false;
                return true;

                // Ensure that the name can't be misresolved as a different title,
                // such as with extra namespace keys at the start.
                $parsed = Title::newFromText( $name );
                if( is_null( $parsed )
                        || $parsed->getNamespace()
                        || strcmp( $name, $parsed->getPrefixedText() ) )
                        return false;


                // Check an additional blacklist of troublemaker characters.
                // Should these be merged into the title char list?
                $unicodeBlacklist = '/[' .
                        '\x{0080}-\x{009f}' . # iso-8859-1 control chars
                        '\x{00a0}' .          # non-breaking space
                        '\x{2000}-\x{200f}' . # various whitespace
                        '\x{2028}-\x{202f}' . # breaks and control chars
                        '\x{3000}' .          # ideographic space
                        '\x{e000}-\x{f8ff}' . # private use
                        ']/u';
                if( preg_match( $unicodeBlacklist, $name ) ) {
                        return false;
                }

                return true;
        }

Lastly:

  • Modify LocalSettings.php:
    • Add this to the end of your LocalSettings.php:
# Use Drupal Authentication
require_once( 'extensions/AuthDrupal.php' );
$wgAuth = new AuthDrupal();

Please register your site

Please add a line to the Mediwiki Auth Disccusion page if you use this module. I'd like to see if anyone is using this and check out their site.