Topic on Project:Support desk

62.153.239.66 (talkcontribs)

Hi,

while i'm trying to auto-login user, my script allows to login automatically. but when i go to the page, i'm not logged in. Here is my script. What can be the problem?

<?php

error_reporting(E_ALL);

session_start();

/*

 * To change this license header, choose License Headers in Project Properties.

 * To change this template file, choose Tools | Templates

 * and open the template in the editor.

 */

//require_once "includes/SimpleHttpRequest.php";

# $_Post[~] from B2B

# ~ wpName, wpPassword, key, sessionId

$wiki = 'http://cwiki/wiki/';

$redirectURL = $wiki."index.php?title=Spezial:Anmelden&amp;action=submitlogin&amp;type=login&amp;returnto=Hauptseite";

$api = $wiki.'api.php?';

$retry = false;

$wpName = $_POST['wpName'];

//$wpName = 'Test_A';

$wpPassword = $_POST['wpPassword'];

//$wpPassword = 'gasdfww200';

echo("<br>name: ".$wpName);

echo("<br>pw: ".$wpPassword);

//echo(print_r($_POST,true));

$retry = $res = null;

if ( true /*checkB2BAuthentication()*/ )

{

    $retry = LogIN( $wpName, $wpPassword);    

    echo("<br>retry = ".($retry?"true":"false"));

    if ($retry)

        $res = LogIN ( $wpName, $wpPassword);

    if ($res !== null && $retry !== null)

        echo(1);//header("Location: ".$redirectURL);

    else

        echo($res.".".$retry)."\n";

        //header("Location: ".$wiki);

}

else{

    return false;

}      

function LogIN($wpName, $wpPassword)

{  

    global $wiki;

    //$api = $wiki.'api.php?';

    $api = $wiki."index.php/Spezial:Anmelden";

    $retry = false;

    $cokiefile = "/var/lib/php/session/pAAuth_lg";    

    $a = getToken($api, "login",$cokiefile);

    $json_a = substr($a, strpos($a,'batchcomplete')-2);

    $json_b = json_decode($json_a,true);

    //echo(print_r($json_a,true));

    $token = $json_b['query']['tokens']['logintoken'];

    //echo("\n<br>Logintoken: ".$token."\n");    

    $data = array(

        'action'               => 'clientlogin',

        'loginreturnurl'       => $wiki,

        'logintoken'           => $token,  

        'username'             => $wpName,

        'password'             => $wpPassword,

        'rememberMe'           => 1);     

    /*

    $data = array(

        'authAction'      => 'login',

        'title'              => 'Spezial:Anmelden', //Holen (engl/Deusch)

        'wpEditToken'      => '+\\',

        'wpLoginToken'      => $token,

        'wpName'          => $wpName,

        'wpPassword'      => $wpPassword,

        'wploginattempt'  => 'Anmelden'); //Holen (engl/Deutsch)

    */

    $ch = curl_init($api);

    # Form data string, automatically urlencode

    $postString = http_build_query($data, '', '&');

    # Setting our options

    curl_setopt($ch, CURLOPT_POST, 1);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $postString);

    curl_setopt($ch, CURLOPT_COOKIEJAR,$cokiefile);

    curl_setopt($ch, CURLOPT_COOKIEFILE, $cokiefile);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    # Get the response

    $response = curl_exec($ch);

    curl_close($ch);   

    $myfile3 = fopen("output/Auth_RESPONSE.txt","w");

    fwrite($myfile3,print_r($response,true));

    fclose($myfile3);    

    if (strpos($response,'PASS') !== false)

    {

        echo("<br>".$wpName." logged in!\n");

        header("Location: http://cwiki/wiki/index.php?title=Spezial:Anmelden&amp;action=submit&amp;type=login&amp;returnto=Hauptseite");

        return false;

    }

    else if (strpos($response, 'RESTART') !== false

            || strpos($response,'FAIL')!== false)

    {        

        return AutoCreateAccount($wpName, $wpPassword);

    }

    else {

        echo("<br>ERROR. See logs!\n");

        return null;

    }

}

function AutoCreateAccount( $wpName, $wpPassword)

{  

    global $wiki;

    $api = $wiki.'api.php?';

    $retry = false;    

    $cokiefile = "/var/lib/php/session/pAAuth_cra";        

    $a = getToken($api, "createaccount",$cokiefile);

    $ja = json_decode(substr($a, strpos($a,'batchcomplete')-2),true);

    $createtoken = $ja['query']['tokens']['createaccounttoken'];    

    //echo("<br>Createtoken: ".$createtoken."\n");    

    $data = array(

        'action'               => 'createaccount',

        'createreturnurl'      => $wiki,          

        'username'             => $wpName,

        'password'             => $wpPassword,

        'retype'               => $wpPassword,

        'createtoken'          => $createtoken);     

    $ch = curl_init($api);

    # Form data string, automatically urlencode

    $postString = http_build_query($data, '', '&');

    # Setting our options

    curl_setopt($ch, CURLOPT_POST, 1);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $postString);

    curl_setopt($ch, CURLOPT_COOKIEJAR,$cokiefile);

    curl_setopt($ch, CURLOPT_COOKIEFILE, $cokiefile);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    # Get the response

    $response = curl_exec($ch);

    curl_close($ch);   

    $myfile3 = fopen("output/Create_RESPONSE.txt","w");

    fwrite($myfile3,print_r($response,true));

    fclose($myfile3);

    //echo("\nm".$response."\n");

    if (strpos($response, 'PASS') !== false)

    {

        echo("created account for ".$wpName."\n");

        return true;

    }

    else{

        echo("<br>ERROR. See logs\n");

        return null;

    }       

}

function getToken($apiURL, $type, $cokiefile)

{   

    $get = array(

            'action'        => 'query',

            'meta'          => 'tokens',

            'type'          => $type,

            'format'        => 'json');    

    $curl = curl_init($apiURL);

    $curlstring = http_build_query($get);

    curl_setopt($curl, CURLOPT_POST, 1);

    curl_setopt($curl, CURLOPT_POSTFIELDS, $curlstring);

    curl_setopt($curl, CURLOPT_COOKIEJAR,$cokiefile);

    curl_setopt($curl, CURLOPT_COOKIEFILE, $cokiefile);

    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

    $result = curl_exec($curl);

    curl_close($curl);

    return $result;

}

function checkB2BAuthentication()

{

    global $paB2BConnection,$b2bKey, $wgRequest;    

    if ($_POST['key'] !== $b2bKey)

    {

        echo("B2B Authentication failed.");

        return false;

    }

    else

    {

        $paB2BConnection['Parameters']  = 'cmd=authenticate&sessionId='.$wgRequest->getVal('sessionId');

        echo ("...authenticate");

        echo ("<br>");

        echo ($paB2BConnection[Host]);

        echo ("<br>");        

        echo ($paB2BConnection[Port]);        

        echo ("<br>");

        echo ($paB2BConnection[URL]);        

        echo ("<br>");

        $myRequest = new SimpleHttpRequest($paB2BConnection);

        $responseGET = $myRequest->doRequest(SimpleHttpRequest::HTTP_GET);

        //echo ($responseGET[Content]);

        echo ("<br>");        

        $auth = simplexml_load_string($responseGET[Content]);

        if($auth->response->authentication ==  'false')

        {

            echo("B2B Authentication failed.");

            return false;

        }            

        if($auth->response->authentication == 'ok')

        {

            return true;            

        }

        else{

            echo("unknown error.");

            return false;

        }

    }

}

Ciencia Al Poder (talkcontribs)

Do you expect the script (run from a command line console or web app) to login, but also the user be logged in when browsing the wiki through the browser? That won't work, since login needs a cookie on the client (user browser or script), but that cookie is lost on the script and not shared by the browser, so the browser doesn't have the login state.

Even if the script is run on a website and sends back to the browser the cookies delivered by the wiki, the script needs to be at least on the same domain (and adjust $wgCookiePrefix or even $wgCookieDomain), otherwise the browser won't share this cookie to the wiki.