WPMW

WPMW Git Source Tree

Root/AuthWP.php

1<?php
2// AuthWP.php
3// MediaWiki extension to delegate authentication and user management
4// to a local Wordpress installation.
5// See http://ciarang.com/wiki/page/WPMW for more information.
6// Version 0.3.1
7// Copyright (C) 2008-13 Ciaran Gultnieks <ciaran@ciarang.com>
8//
9// This program is free software: you can redistribute it and/or modify
10// it under the terms of the GNU Affero General Public License as published by
11// the Free Software Foundation, either version 3 of the License, or
12// (at your option) any later version.
13//
14// This program is distributed in the hope that it will be useful,
15// but WITHOUT ANY WARRANTY; without even the implied warranty of
16// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17// GNU Affero General Public License for more details.
18//
19// You should have received a copy of the GNU Affero General Public License
20// along with this program. If not, see <http://www.gnu.org/licenses/>.
21//
22
23if(!defined('MEDIAWIKI')) {
24 die('Not an entry point.');
25}
26
27// Relative path to Wordpress installation. In the default '..' we
28// have MediaWiki installed in a 'wiki' directory off the main
29// Wordpress root.
30$WP_relpath=isset($wgAuthWPRelPath)?$wgAuthWPRelPath:'..';
31
32
33// We'll derive our class from MediaWiki's AuthPlugin class...
34require_once("$IP/includes/AuthPlugin.php");
35
36
37// Bootstrap Wordpress. This seems rather foolish since surely the
38// names of things are bound to clash somewhere, but we want to be
39// able to handle everything as if Wordpress was doing it natively
40// including respecting any plugins that might be in place.
41if(php_sapi_name() != 'cli') {
42require($WP_relpath.'/wp-load.php');
43require($WP_relpath.'/wp-includes/registration.php');
44}
45
46// Wordpress has escaped all these in wp-settings.php - we need to
47// unescape them again if they weren't meant to be escaped.
48if(php_sapi_name() != 'cli' && !get_magic_quotes_gpc()) {
49$_GET = stripslashes_deep($_GET );
50$_POST = stripslashes_deep($_POST );
51$_COOKIE = stripslashes_deep($_COOKIE);
52}
53
54$wgExtensionCredits['other'][] = array(
55'path' => __FILE__,
56'name' => 'WPMW',
57'version' => '0.3.1',
58'author' => 'Ciaran Gultnieks',
59'url' => 'https://www.mediawiki.org/wiki/Extension:WPMW',
60 'descriptionmsg' => 'Provides WordPress login integration',
61);
62
63// Handler for the MediaWiki UserLoadFromSession hook. Allows users
64// already signed in to Wordpress to be automatically signed in to
65// MediaWiki. Always returns true, but sets $result to true if auth
66// has been done.
67function AuthWPUserLoadFromSession($user, &$result) {
68
69 // Abort in cli mode. Seems like it shouldn't be necessary
70 // but some cli scripts to end up here for whatever bizarre
71 // reason - runjobs is an example.
72 if(php_sapi_name() == 'cli')
73 return true;
74
75// Is there a Wordpress user with a valid session?
76$wpuser=wp_get_current_user();
77if(!$wpuser->ID)
78return true;
79
80$u=User::newFromName($wpuser->user_login);
81if(!$u)
82wp_die("Your username '".$wpuser->user_login."' is not a valid MediaWiki username");
83if(0==$u->getID()) {
84$u->addToDatabase();
85$u->setToken();
86}
87$id=User::idFromName($wpuser->user_login);
88if(!$id) {
89wp_die("Failed to get ID from name '".$wpuser->user_login."'");
90return true;
91}
92if($id==0) {
93wp_die("Wikipedia '".$wpuser->user_login."' was not found.");
94return true;
95}
96$user->setID($id);
97$user->loadFromId();
98wfSetupSession();
99$user->setCookies();
100
101// Set these to ensure synchronisation with WordPress...
102$user->setEmail($wpuser->user_email);
103$user->setRealName($wpuser->user_nicename);
104
105$user->saveSettings();
106$result=true;
107
108return true;
109}
110
111// Handler for the MediaWiki UserLogout hook.
112function AuthWPUserLogout(&$user) {
113// Log out of Wordpress as well...
114wp_logout();
115return true;
116}
117
118class AuthWP extends AuthPlugin {
119
120// Constructor
121function AuthWP(){
122
123// Add hooks...
124global $wgHooks;
125$wgHooks['UserLoadFromSession'][]='AuthWPUserLoadFromSession';
126$wgHooks['UserLogout'][] = 'AuthWPUserLogout';
127
128}
129
130
131// MediaWiki API HANDLER
132// See if the given user exists - true if so, false if not...
133function userExists($username) {
134return username_exists($username);
135}
136
137// MediaWiki API HANDLER
138// Handle authentication, returning true if the given credentials
139// are good, or false if they're bad.
140function authenticate($username,$password) {
141$credentials=array('user_login'=>$username,'user_password'=>$password);
142if(is_wp_error(wp_signon($credentials,false)))
143return false;
144return true;
145}
146
147// MediaWiki API HANDLER
148// Modify the login template...
149function modifyUITemplate(&$template) {
150$template->set('create',false);
151$template->set('usedomain',false);
152$template->set('useemail',true);
153}
154
155// MediaWiki API HANDLER
156// Always return true - tells it to automatically create a local
157// account when asked to log in a user that doesn't exist locally.
158function autoCreate() {
159return true;
160}
161
162// MediaWiki API HANDLER
163function allowEmailChange() {
164// No - change it via the WordPress interface only.
165return false;
166}
167
168// MediaWiki API HANDLER
169function allowRealNameChange() {
170// No - change it via the WordPress interface only.
171return false;
172}
173
174// MediaWiki API HANDLER
175// Always return true - users can change their passwords from
176// MediaWiki - we'll hash them and update the Wordpress DB.
177function allowPasswordChange() {
178return true;
179}
180
181// MediaWiki API HANDLER
182// Set a new password for the given user...
183function setPassword($user,$password) {
184$wpuser=get_userdatabylogin($user->mName);
185if(!$wpuser)
186return false;
187wp_set_password($password,$wpuser->user_id);
188return true;
189}
190
191// MediaWiki API HANDLER
192// Update the details of a user that's logging in - i.e. fill in any
193// details we can retrieve from the Wordpress user details...
194function updateUser(&$user) {
195$wpuser=get_userdatabylogin($user->mName);
196if(!$wpuser)
197return false;
198$user->setEmail($wpuser->user_email);
199$user->setRealName($wpuser->user_nicename);
200$user->saveSettings();
201return true;
202}
203
204// MediaWiki API HANDLER
205// Update user details in Wordpress database...
206function updateExternalDB($user) {
207// Not doing anything here (yet?)
208return true;
209}
210
211// MediaWiki API HANDLER
212// Add a user created in MediaWiki to the Wordpress database...
213function addUser($user,$password) {
214wp_create_user($user->mName,$password,$user->mEmail);
215return true;
216}
217
218// MediaWiki API HANDLER
219// Just return true meaning that logins can only be authenticated in
220// this module, and not checked against the mediawiki db...
221function strict() {
222return true;
223}
224
225// MediaWiki API HANDLER
226// As with strict(), only authenticate through this plugin.
227function strictUserAuth($username) {
228return true;
229}
230
231// MediaWiki API HANDLER
232// We can create external accounts so always return true...
233function canCreateAccounts() {
234return true;
235}
236
237}
238?>
239

Archive Download this file

Branches