Extension:HttpAuth
From MediaWiki.org
 Release status: unknown |
|
|---|---|
| Implementation | User identity |
| Description | Automatically authenticates from Apache HttpAuth credentials. |
| Author(s) | Jeremiah Orem |
| Version | .7a (1-29-2007) |
| MediaWiki | 1.5 and up |
| Download | http://people.mozilla.com/~oremj/HttpAuthPlugin.php |
| Parameters | (see below) |
Contents |
[edit] Overview
This extension only works with MediaWiki instances setup behind HTTP authentication. It pulls usernames from $_SERVER['PHP_AUTH_USER']. The extension will then either log the user on to MediaWiki if the user name exists in the database or create a new user if it does not.
[edit] Installation
Drop the extension in WIKIROOT/extensions/HttpAuthPlugin.php
Edit LocalSettings.php and add:
if (!empty($_SERVER['PHP_AUTH_USER'])) { require_once("$IP/extensions/HttpAuthPlugin.php"); $wgAuth = new HttpAuthPlugin(); $wgHooks['AutoAuthenticate'][] = array($wgAuth,'autoAuthenticate'); }
also remember to add session_start(); at the top of the page.
Note: If authentification does not work try to replace 'PHP_AUTH_USER' with 'REMOTE_USER' in the code above and in HttpAuthPlugin.php
[edit] Name Substitution
This extension also supports name substitution. For example if the user's Http Auth username is foo and the user would like their wiki name to be bar we can do this:
$wgAuth->addNameSub('foo','bar');
Do this directly after instantiating the object $wgAuth
[edit] Allowing Anonymous Browsing
If you want to allow anonymous users to browse the site without hitting a basic auth popup and you have clean URLs configured you can place some code like this near the top of your LocalSettings.php script:
function redirect($path) { $host = strlen($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:$_SERVER['SERVER_NAME']; header('Location: http://'.$host.$path); header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); exit; } if ($_GET['title'] == 'Special:Userlogin') { redirect('/Special:Userlogin?returnto='.$_GET['returnto']); } if (strpos($_SERVER['REQUEST_URI'], '/Special:Userlogin') !== false) { if ($_GET['returnto']) { redirect('/'.$_GET['returnto']); } else { redirect('/Main_Page'); } }
This will make sure that whenever a user clicks the 'log on' link they are redirected to /Special:Userlogin (if necessary). Apache can then be configured with the authentication inside a <Location "/Special:Userlogin"> directive, which will pop up the authentication box for that URL only. Finally, when they reach that URL (having authenticated) we redirect them to wherever they came from, if that information was provided by the link. The user should then be logged in.
Note: This code has not been tested in multiple server configurations - expect to need to tweak this code for your specific setup! Also note, this does not easily allow users to log out.
[edit] When it doesn't work
This plugin code fails with MediaWiki version 1.12.0 and PHP version 5.1.6 though this ammend may be applicable to other versions as well.
In the autoAuthenticate function you need to change the line that reads:
$this->initUser(&$user);
so that it now reads this:
$this->initUser($user);
Plus you need to change the function definition for initUser so that instead of:
function initUser( &$user ) {
it now reads:
function initUser( $user )
otherwise you get an error about pass by reference syntax which has been deprecated for PHP5.
Back in the autoAuthenticate function you need to change the one line that currently reads:
return 0;
to:
return false;
Plus add a new line after the last saveSettings line which reads:
return true;
I think this is because of some kind of change in either PHP's default return values or the MediaWiki API for auth plugins has become stricter.
Also - I've no idea what someone's going on about when they mention start_session earlier in this document... All I had to do was paste the one block of code in to the bottom of my LocalSettings.php and be done with it.
