API:Login

From MediaWiki.org

Jump to: navigation, search
Tools clipart.png This page is part of the MediaWiki API documentation.
Languages Language: 

English  • Deutsch  • Español  • Français  • 日本語  • Русский  • 中文
MediaWiki API


Login gets several tokens that are needed by the server to recognize logged-in user. In every call to api.php, the cookie set by this request must be passed. The cookies last for around a month and you should check that you need to log in based on detecting that you're not logged in (rather than logging once per session, for example).

Contents

[edit] Example request

Note: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=login requires POST requests; GET requests will cause an error. Logging in

api.php ? action=login & lgname=Bob & lgpassword=secret
<?xml version="1.0" encoding="utf-8"?>
<api>
  <login
    result="Success"
    lguserid="12345"
    lgusername="Bob"
    lgtoken="b5780b6e2f27e20b450921d9461010b4"
    cookieprefix="enwiki"
    sessionid="08nj1ioefhlvmdjfor5to3mvv5"
  />
</api>

You might need to add the query parameter lgdomain, containing your domain name for authentication, if you're using an authentication plug-in like Extension:LDAP Authentication.

[edit] Constructing cookies manually

A successful action=login request will set the right cookies. If your wiki is not using the CentralAuth extension, you can also construct them from the data returned. In the example above, you'd set the following cookies:

  • enwikiUserName = Bob (from the lgusername field)
  • enwikiUserID = 12345 (from the lguserid field)
  • enwikiToken = b5780b6e2f27e20b450921d9461010b4 (from the lgtoken field)
  • enwiki_session = 08nj1ioefhlvmdjfor5to3mvv5 (from the sessionid field)

Note that the enwiki part is different for every wiki, and is returned in the cookieprefix field.

When CentralAuth is enabled, as on Wikimedia wikis, the above method will not work. In that case, the only usable option is to parse the Set-Cookie: headers in the HTTP response.

[edit] Errors

Errors are returned in the result field. Possible values are:

  • NoName
    • You didn't set the lgname parameter
  • Illegal
    • You provided an illegal username
  • NotExists
    • The username you provided doesn't exist
  • EmptyPass
    • You didn't set the lgpassword parameter or you left it empty
  • WrongPass
    • The password you provided is incorrect
  • WrongPluginPass
    • Same as WrongPass, returned when an authentication plugin rather than MediaWiki itself rejected the password
  • CreateBlocked
    • The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation
  • Throttled
    • You've logged in too many times in a short time. See also throttling
  • Blocked
    • User is blocked
  • mustbeposted
    • The login module requires a POST request

[edit] Throttling

For security reasons, this module is throttled. By default, you get to login 5 times in 300 seconds, but this may vary from one wiki to another. When you exceed this limit, your login will fail (even if it's otherwise correct) with result="Throttled" and the number of seconds you need to wait in the wait field.

[edit] External links

Retrieved from "http://www.mediawiki.org/wiki/API:Login"