[wp-hackers] Single sign-on with Wordpress & Mediawiki

Stephen Rider wp-hackers at striderweb.com
Mon Oct 29 18:36:46 GMT 2007


How well does this cover users changing?

At the least, you have to ensure that any attempts to log into  
MediaWiki are redirected to the WordPress login.

Stephen

On Oct 29, 2007, at 1:26 PM, Callum Macdonald wrote:

> Integrating WordPress and MediaWiki should be relatively simple.
>
> MediaWiki relies on a couple of cookies being set, one of them  
> contains a "key" that's set in the MW user table. So on WP login,  
> you need to update the "key", set the cookies, and you should be  
> off. I know it's that easy with WordPress.
>
> If you can use bbPress for the forum, you'll have all three from  
> one login in a snap (I reckon less than an hours work and probably  
> 40 lines of code).
>
> Cheers - Callum.
>
> Jan Bucher wrote:
>> I am working on exactly the same Setup (Vanilla, MW, WP). Until now i
>> did not care about cookies, so no help there. But a good thought:
>>
>> Vanilla has the most extensive User-System, because of the
>> Group-System (you can actually create your own roles/groups). I  
>> needed
>> that, so my starting point had to be vanilla ..
>>
>> You can now very easily hook the vanilla authentication into MW,  
>> using
>> the following 'plugin' (which by the way is not really a plugin, just
>> a howto sold as plugin):
>> http://lussumo.com/addons/index.php?PostBackAction=AddOn&AddOnID=130
>>
>> If you don't plan to use the extra-features, try bbpress. Seems to be
>> more reliable and the installation process is a lot easier than
>> vanilla.
>>
>> And if you find a good soluton ... let us know .. ;)
>>
>> Jan
>>
>> On 10/27/07, Sneaks <0vcqn5q02 at sneakemail.com> wrote:
>>
>>> thanks Callum, you've been more useful than Google!
>>>
>>> i think i'd prefer to leave the master set on WP if nothing more  
>>> than
>>> because the UI to manage users is much better.
>>>
>>> i'm actually trying to tie in three different systems for a cancer
>>> non-profit: WP, Mediawiki and Vanilla (forum software). i just  
>>> assumed
>>> nobody would have any Vanilla experience :)
>>>
>>>
>>>
>>>
>>>
>>>> We're doing it the other way, creating the users in our own  
>>>> system (in
>>>> this example MediaWiki) and then creating the WordPress cookies.  
>>>> I'm not
>>>> sure how MediaWiki works, but with WordPress if you insert the  
>>>> rows into
>>>> the user table and create the cookies, the user never has to log  
>>>> in.
>>>> WordPress handles it all on the fly
>>>>
>>>> So if you can redirect all WordPress logins to MediaWiki logins,  
>>>> then
>>>> you create the MediaWiki and WP cookies and redirect back,  
>>>> you're in
>>>> business.
>>>>
>>>> Ok, I just checked with MediaWiki version 1.11.0 and it requires  
>>>> an auth
>>>> token to be updated in the user table and set in the cookie. For  
>>>> that
>>>> reason, I'd suggest using MediaWiki's login, copy the data to  
>>>> WordPress,
>>>> and then set the WordPress cookies. WP will do the rest.
>>>>
>>>> I think MediaWiki's approach is intrinsically more secure than  
>>>> WP's, but
>>>> that's a topic for another day / thread! :)
>>>>
>>>> Cheers - Callum.
>>>>
>>>> Sneaks wrote:
>>>>
>>>>> thats an interesting idea. i suppose i could hook into the wp  
>>>>> cookie
>>>>> functions and set the mediawiki authentication cookies.
>>>>>
>>>>> last night i was playing around and set WP's cookie root to /,  
>>>>> and was
>>>>> using:
>>>>>
>>>>> include($_SERVER[DOCUMENT_ROOT]."/blog/wp-blog-header.php");
>>>>> auth_redirect();
>>>>> wp_get_current_user();
>>>>>
>>>>> in a mediawiki auth plugin. i think that direction would also  
>>>>> work,
>>>>> but i'm worried about the lack of user data in the mediawiki db.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Callum Macdonald lists.automattic.com-at-callum-macdonald.com
>>>>> |wordpress| wrote:
>>>>>
>>>>>> Logging a user into WP via the cookie is relatively simple.  
>>>>>> Check out
>>>>>> pluggable.php for the wp_setcookie() function.
>>>>>>
>>>>>> Two cookies handle the login:
>>>>>> wordpressuser_MD5OFSITEURL
>>>>>> wordpresspass_MD5OFSITEURL
>>>>>>
>>>>>> The user cookie takes the username in plain text, the pass  
>>>>>> takes a
>>>>>> double md5 of the password (just md5 what's in the user db).
>>>>>>
>>>>>> We're integrating WPMU login with another system, so we're  
>>>>>> writing
>>>>>> our users to the wp user db then setting the cookies for WP. WP
>>>>>> doesn't handle any login or logout functions.
>>>>>>
>>>>>> Cheers - Callum.
>>>>>>
>>>>>> [1]
>>>>>> http://trac.wordpress.org/browser/trunk/wp-includes/ 
>>>>>> pluggable.php?rev=6291#L458
>>>>>>
>>>>>>
>>>>>> Bertrand wrote:
>>>>>>
>>>>>>> Anyone have any idea how to share cookies from WP to  
>>>>>>> Mediawiki? I
>>>>>>> know there's lots of work out there to share db tables, but I  
>>>>>>> don't
>>>>>>> want users to have to sign in twice.
>>>>>>>
>>>>>>> The ideal would be that Mediawiki reads the cookies from WP,  
>>>>>>> but I
>>>>>>> don't know how many side effects this would have.
>>>>>>>
>>>>>>> B
>>>>>>> _______________________________________________
>>>>>>> wp-hackers mailing list
>>>>>>> wp-hackers at lists.automattic.com
>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> wp-hackers mailing list
>>>>>> wp-hackers at lists.automattic.com
>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>>
>>
>>
>>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list