Mediawiki API & phpbb3 Single Sign On

[phliptrip]

The old solution i used to use for this no longer works due to changes in mediawiki requiring a token to be acquired and attached to the session, I've tried updating this to retreive the token, but I'm a sysadmin not a coder by trade and it's largely unfortunately beyond my current ken (I can get the data back, but even when I'm using regex I know is correct (ran it through a regex checker vs the info being returned by curl and it correctly marks and shows the array with correct info) it returns nothing in the actual app.. and if it did I don't know enough about structuring cookies, sessionids, and tokens to probably be able to fix it beyond that.

 

The original code that worked prior to the authentication api changes was:

<?php
if(isset($_POST['logmein'])) {
define('IN_PHPBB', true);
$phpbb_root_path = './forums/';     //Path to forum
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if($user->data['is_registered'])
{
    echo 'Already logged on';
}
else
{
    $username = request_var('lgname', '', true);
    $password = request_var('lgpassword', '', true);
    $autologin = (!empty($_POST['autologin'])) ? true : false;

// Media Wiki

$ch=curl_init();
$postfield = "lgname=$username&lgpassword=$password";
$url = "http://localhost/wiki/api.php?action=login"; //url to wiki's api

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1); 
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfield);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

preg_match_all('/^Set-Cookie: (.*?)=(.*?);/m', curl_exec($ch), $m);
curl_close($ch);
$cookiename = $m[1];
$cookievalue = $m[2];
$cookieexpire = time() + 2592000;
$cookiepath = "/";
$cookiesecure = "0";
$cookiehttponly = "1";
$i = '-1';

// If is not needed for production server, can't have cookie's domain equal to localhost in my tests

if ($_SERVER['HTTP_HOST'] == 'localhost') {
foreach ($m[1] as $value) {
$i = $i+1;
setcookie($cookiename[$i], $cookievalue[$i], $cookieexpire, $cookiepath, NULL, $cookiesecure, $cookiehttponly);
}
}
else {
// If for production server remove all in between these comments
$cookiedomain = ".uvnc.com";
foreach ($m[1] as $value) {
$i = $i+1;
setcookie($cookiename[$i], $cookievalue[$i], $cookieexpire, $cookiepath, $cookiedomain, $cookiesecure, $cookiehttponly);
}
}
// phpbb
$result = $auth->login($username, $password, $autologin);
}
}?>


<?php
if(isset($_POST['logmein'])) {
if ($result['status'] == LOGIN_SUCCESS)
    {
echo 'Success';
unset($_POST['logmein']);
    }
    else
    {
echo 'Fail';
    }
}
?>
<form method="POST" action="">
<input type="text" name="lgname" size="40" /><br />
<input type="password" name="lgpassword"  size="40" /><br />
<input type="submit" value="Log In" name="logmein" />
</form>  

 

I attempted to extract the token by looking at the data returned--

 

$curl_data = curl_exec($ch);

print "---- $curl_data ----";
preg_match('/ (?P<token>\[token\] => )(?P<data>\w*) /', $curl_data, $curl_match);
print "++++" . $curl_match['data'] . "++++";

preg_match_all('/^Set-Cookie: (.*?)=(.*?);/m', $curl_data, $m);

 

I've tried changing the format of the returned api from xmlfm, to phpfm, and txt... and no matter what i can't match the token information.  I'm at a loss.  If someone has a better solution for media wiki external login and setting the cookie i'm open ears!  I've already got the user integration mod working between phpbb and media wiki so the un/pw match but i'm trying to avoid making everyone login once to forum and once to wiki... i'd rather just do both on a custom login page to avoid the annoyances.

[dvt85]

BUMP!!!

 

Can anyone help me with this also...

 

 

V