Hi guys,
As a relative noobie to mediawiki I am looking to get a little help regarding a very basic SSO project. I have a php based web site "mysite" which requires user login. I am trying to come up with a php script that does the following:
1) User logs into mysite
2) The user login scripts executes a "wikilogin.php" script
3) The wikilogin.php script logs into mywikisite and creates the required cookies in the browser
4) User can now go to mywikisite and access pages etc. without having to log into mywikisite
I am not trying to build any logic to manage user creation/change/deletion or password change. The assumption for now is simply that credentials are identical across the 2 applications.
I have tried to put together a basic "wikilogin.php" which uses the mediawiki api as follows:
a) Get a logintoken using "api?action=query&meta=tokens&type=login&format=json
b) Parse out the returned logintoken to a string variable
c) Perform the login using "api?action=clientlogin&username=joe&password=secret&logintoken=<token from step 2>"&loginreturnurl=http:mysite,org"
however I am running into the error:
"code": "badtoken", "info": "Invalid CSRF token."
I have tried to change "type"="csrf" in step 1), however then I get:
"code": "nologintoken","info": "The \"logintoken\" parameter must be set."
Below is the php - any help would be much appreciated.
Thanks
Dennis
//
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://mywikisite.org/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
"action=query&meta=tokens&type=login&format=json");
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
//echo $server_output;
$logintoken_array = json_decode($server_output);
$logintoken = $logintoken_array->query->tokens->logintoken;
echo $logintoken;
curl_setopt($ch, CURLOPT_URL,"http://mywikisite.org/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
"action=clientlogin&username=joe&password=secret&logintoken=" . $logintoken . "&loginreturnurl=http://mywikisite.org");
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
echo $server_output;
curl_close ($ch);
?>