[wp-hackers] Single sign-on with Wordpress & Mediawiki

Callum Macdonald lists.automattic.com at callum-macdonald.com
Fri Oct 26 20:22:54 GMT 2007


We're doing it the other way, creating the users in our own system (in 
this example MediaWiki) and then creating the WordPress cookies. I'm not 
sure how MediaWiki works, but with WordPress if you insert the rows into 
the user table and create the cookies, the user never has to log in. 
WordPress handles it all on the fly.

So if you can redirect all WordPress logins to MediaWiki logins, then 
you create the MediaWiki and WP cookies and redirect back, you're in 
business.

Ok, I just checked with MediaWiki version 1.11.0 and it requires an auth 
token to be updated in the user table and set in the cookie. For that 
reason, I'd suggest using MediaWiki's login, copy the data to WordPress, 
and then set the WordPress cookies. WP will do the rest.

I think MediaWiki's approach is intrinsically more secure than WP's, but 
that's a topic for another day / thread! :)

Cheers - Callum.

Sneaks wrote:
> thats an interesting idea. i suppose i could hook into the wp cookie 
> functions and set the mediawiki authentication cookies.
>
> last night i was playing around and set WP's cookie root to /, and was 
> using:
>
> include($_SERVER[DOCUMENT_ROOT]."/blog/wp-blog-header.php");
> auth_redirect();
> wp_get_current_user();
>
> in a mediawiki auth plugin. i think that direction would also work, 
> but i'm worried about the lack of user data in the mediawiki db.
>
>
>
>
>
> Callum Macdonald lists.automattic.com-at-callum-macdonald.com 
> |wordpress| wrote:
>> Logging a user into WP via the cookie is relatively simple. Check out 
>> pluggable.php for the wp_setcookie() function.
>>
>> Two cookies handle the login:
>> wordpressuser_MD5OFSITEURL
>> wordpresspass_MD5OFSITEURL
>>
>> The user cookie takes the username in plain text, the pass takes a 
>> double md5 of the password (just md5 what's in the user db).
>>
>> We're integrating WPMU login with another system, so we're writing 
>> our users to the wp user db then setting the cookies for WP. WP 
>> doesn't handle any login or logout functions.
>>
>> Cheers - Callum.
>>
>> [1] 
>> http://trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?rev=6291#L458 
>>
>>
>> Bertrand wrote:
>>> Anyone have any idea how to share cookies from WP to Mediawiki? I 
>>> know there's lots of work out there to share db tables, but I don't 
>>> want users to have to sign in twice.
>>>
>>> The ideal would be that Mediawiki reads the cookies from WP, but I 
>>> don't know how many side effects this would have.
>>>
>>> B
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>>
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>



More information about the wp-hackers mailing list