Topic on Project:Support desk

Hello,

the procedure that I follow is this:

- require login token with this http request:

http://localhost/mediawiki-1.28.2/api.php?action=query&meta=tokens&type=login

- start a http Post request with a test page written in php:

<?php

$url = 'http://localhost/mediawiki-1.28.2/api.php?action=login';

$data = array('lgname' => 'Ulisse', 'lgpassword' => 'itaca', 'lgtoken' => "4ae0db11ef80a42e29411c39f8c8a3f8595a09e8+\\");

// use key 'http' even if you send the request to https://...

$options = array(

    'http' => array(

        'header'  => "Content-type: application/x-www-form-urlencoded\r\n",

        'method'  => 'POST',

        'content' => http_build_query($data)

    )

);

$context  = stream_context_create($options);

$result = file_get_contents($url, false, $context);

if ($result === FALSE) { /* Handle error */ }

var_dump($result);

The result is:

{
"warnings": {
"login": {
"*": "Fetching a token via action=login is deprecated. Use action=query&meta=tokens&type=login instead."
}
},
"login": {
"result": "NeedToken",
"token": "edc7dace7148aeeed21dbeb0a54b0d43595a0a1f+\\"
}
}

Anyone help me?

You need to provide the cookies returned from the meta=tokens api call

Hello Ciencia...

here my consideration to your suggested way:

From debugger console of browser I see in the Header request the cookie available (in the header response i can't see nothing):

my_wikiUserName=Ulisse; my_wiki_session=6hmabg9nl6dlp35uniik14ilt90p9t4v; my_wikiUserName=Ulisse; Ulisse_Stampa=filtri=Mandante: PRATICHE - Itacapital Kruk,N. Contratto: PRATICHE = 257,; my_wiki_session=6hmabg9nl6dlp35uniik14ilt90p9t4v

Now I call the http://localhost/mediawiki-1.28.2/api.php?action=login providing in the header request the cookie read above but in the result nothing is changed.

ok now i'm logged in but i receive this json:

{
  "warnings": {
       "login": {
           "*": "Main-account login via action=login is deprecated and may stop working without warning. To continue login with action=login, see Special:BotPasswords. To safely continue using main-account login, see action=clientlogin."
       }
   },
   "login": {
       "result": "Success",
       "lguserid": 4,
       "lgusername": "Ulisse"
   }
}

But...when I redirect to the default page on http://localhost/mediawiki-1.28.2/ I see that I'm not logged in. How can I reach my goal?

@Ciencia Al Poder

Nothing else?

If you're using the api, why do you redirect to a non-api entry point? Anyway, you should send the same cookies to be logged in.

@Ciencia Al Poder I have my site and i want that the user of my site can login automatically in my mediawiki site.

I think that my goal is reached using api...there are alternative to this way?

In the next days I will try to send the cookies received.

You must ensure the cookie is sent to the user, but of course this means the cookie needs to be visible for both sites. The best way would be if both sites are on the same domain, like app.example.com and wiki.example.com, you can set the cookie with the "example.com" domain which will be visible to both sites. You probably want to adjust MediaWiki so their cookies follow the same domain pattern, otherwise they'll overwrite yours probably causing duplicate session IDs.

Hi @Ciencia Al Poder

Ciencia: If you're using the api, why do you redirect to a non-api entry point? Anyway, you should send the same cookies to be logged in.

--> When I obtain the success result from the API Login, i'll try to send the cookie used in the login phase in a request to main page of my wiki but i loose the login state.

Ciencia: You must ensure the cookie is sent to the user, but of course this means the cookie needs to be visible for both sites. The best way would be if both sites are on the same domain, like app.example.com and wiki.example.com, you can set the cookie with the "example.com" domain which will be visible to both sites. You probably want to adjust MediaWiki so their cookies follow the same domain pattern, otherwise they'll overwrite yours probably causing duplicate session IDs.

--> My site and my wikiSite are in two different domain.

How can I reach my goal?

You can't set a cookie for a domain different than the current domain being requested. The browser will reject it.

The only way would be if your script is in the same domain than the wiki