how to set cookie properly when I using login api?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

how to set cookie properly when I using login api?

Guangyao_Cheng
I try to auto-login mediawiki by API login,but didn't know how to do.Since I already used login api get "success" status on sandbox, I think maybe I do something wrong on set cookie.Get token and login api has been revamped in version 1.27 of MediaWiki,I can't find any example code work on 1.28.Thanks for all responses and suggestion. I've been stuck for so long. I really appreciate some help here. Thanks.

Here's my code,but didn't get login token properly.
System Info:
Software     Version
MediaWiki     1.28.2
PHP     5.6.30
MariaDB 10.1.21

<?php
namespace mediawiki;


// Start session
session_start();

/**
 * How to log in mediawiki using PHP cURL?
 * -------------------------------------------------
 */

//set login username password which already in your mediawiki database
$username = 'abc';
$password = '123';

//setup url
$Root = 'localhost/mediawiki';
$API_Location = "${Root}/api.php";

//setup cookie
$CookieFilePath = tempnam("/tmp", "TMP0");
$expire = 60*60*24*14 + time();
$CookiePrefix = 'theprefix';
$Domain = 'localhost';

// set variables to use in curl_setopts
$PostFields = "action=query&meta=tokens&type=login&format=json";

// first http post to sign in to MediaWiki
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded',
    'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");
curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);

$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed

$ResultSerialized = json_decode($Result,true);
$Token = $ResultSerialized["query"]["tokens"]["logintoken"];

// cookie must be set using session id from first response
$_SESSION["logintoken"]=$Token;
//How can I get sessionid?
$sessionid=session_id();
$_SESSION["sessionid"] =$sessionid;

setcookie("${CookiePrefix}_Session",$sessionid , $expire, '/', $Domain);
setcookie("${CookiePrefix}UserName",$username,$expire,'/',$Domain);
setcookie("${CookiePrefix}Token", $_SESSION["logintoken"], $expire, '/', $Domain);

// second http post to finish sign in
$ch = curl_init();
$PostFields="action=login&lgname=${username}&lgpassword=${password}&lgtoken=${Token}&format=json";
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
       'Content-Type: application/x-www-form-urlencoded',
        'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_COOKIE, "${CookiePrefix}_session=$sessionid");

curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);

$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed
$ResultSerialized = json_decode($Result,true);

// set persistent cookies
//$LgToken = $ResultSerialized["query"]["tokens"]["logintoken"];
$LgUserID = $ResultSerialized["login"]["lguserid"];
$LgUserName = $ResultSerialized["login"]["lgusername"];
$lgstatus=$ResultSerialized["login"]["result"];
var_dump($lgstatus);

setcookie("${CookiePrefix}UserName", $LgUserName, $expire, '/', $Domain);
setcookie("${CookiePrefix}UserID", $LgUserID, $expire, '/', $Domain);
//setcookie("${CookiePrefix}Token", $Token, $expire, '/', $Domain);

// Delete cURL cookie
unlink($CookieFilePath);

?>


I also try to use clientlogin via postman, post request exactly like example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".

Reference:
stackoverflow.com/questions/14107523/how-do-i-log-into-mediawiki-using-php-curl
mediawiki.org/wiki/User:Krinkle/API_PHP_cURL_example
mediawiki.org/wiki/API:Login/de/1_Beispiel
mediawiki.org/wiki/API:Login
 

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|

Re: how to set cookie properly when I using login api?

Gergo Tisza
On Tue, May 16, 2017 at 2:26 PM, Guangyao_Cheng <[hidden email]> wrote:
I try to auto-login mediawiki by API login,but didn't know how to do.Since I already used login api get "success" status on sandbox, I think maybe I do something wrong on set cookie.Get token and login api has been revamped in version 1.27 of MediaWiki,I can't find any example code work on 1.28.Thanks for all responses and suggestion. I've been stuck for so long. I really appreciate some help here. Thanks.

You are not setting any cookie that would authenticate the user (just setting username + ID is not enough for obvious reasons). You should probably just use a cookie jar instead of trying to reimplement cookie handling manually.
Also you should properly encode things (what happens if the password contains an & character?)

I also try to use clientlogin via postman, post request exactly like example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".

That means you have not submitted any set of credentials that would be meaningful for login (such as a username + password). That or the wiki is misconfigured in some weird way and there is no way to log in at all (but you'd notice that when logging in manually).

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api