How do I auto-login mediawiki using API login or clientlogin?

Question

Most guides I can find work on early than version1.27. Feeling so confuse about how to set cookies?How can I get sessionid?
Here's my code,but didn't get login token properly.
System Info:
Software    Version
MediaWiki    1.28.2
PHP    5.6.30
MariaDB 10.1.21

<?php
namespace mediawiki;


// Start session
session_start();

/**
 * How to log in mediawiki using PHP cURL?
 * -------------------------------------------------
 */

//set login username password which already in your mediawiki database
$username = 'abc';
$password = '123';

//setup url
$Root = 'localhost/mediawiki';
$API_Location = "${Root}/api.php";

//setup cookie
$CookieFilePath = tempnam("/tmp", "TMP0");
$expire = 60*60*24*14 + time();
$CookiePrefix = 'theprefix';
$Domain = 'localhost';

// set variables to use in curl_setopts
$PostFields = "action=query&meta=tokens&type=login&format=json";

// first http post to sign in to MediaWiki
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded',
    'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");

curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);

$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed

$ResultSerialized = json_decode($Result,true);
$Token = $ResultSerialized["query"]["tokens"]["logintoken"];

// cookie must be set using session id from first response
$_SESSION["logintoken"]=$Token;
//How can I get sessionid?
$sessionid=session_id();
$_SESSION["sessionid"] =$sessionid;

setcookie("${CookiePrefix}_Session",$sessionid , $expire, '/', $Domain);
setcookie("${CookiePrefix}UserName",$username,$expire,'/',$Domain);
setcookie("${CookiePrefix}Token", $_SESSION["logintoken"], $expire, '/', $Domain);

// second http post to finish sign in
$ch = curl_init();
$PostFields="action=login&lgname=${username}&lgpassword=${password}&lgtoken=${Token}&format=json";
curl_setopt($ch, CURLOPT_URL, "$API_Location");
curl_setopt($ch, CURLOPT_TIMEOUT, 500);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
       'Content-Type: application/x-www-form-urlencoded',
        'Content-Length: ' .strlen($PostFields))
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$PostFields");
curl_setopt($ch, CURLOPT_COOKIE, "${CookiePrefix}_session=$sessionid");

curl_setopt($ch, CURLOPT_COOKIEJAR, $CookieFilePath);
curl_setopt($ch, CURLOPT_COOKIEFILE, $CookieFilePath);

$Result = curl_exec($ch);
if(curl_exec($ch) === false) echo '<br>Curl error: ' . curl_error($ch).'<br>';
curl_close($ch); // curl closed
$ResultSerialized = json_decode($Result,true);

// set persistent cookies
//$LgToken = $ResultSerialized["query"]["tokens"]["logintoken"];
$LgUserID = $ResultSerialized["login"]["lguserid"];
$LgUserName = $ResultSerialized["login"]["lgusername"];
$lgstatus=$ResultSerialized["login"]["result"];
var_dump($lgstatus);

setcookie("${CookiePrefix}UserName", $LgUserName, $expire, '/', $Domain);
setcookie("${CookiePrefix}UserID", $LgUserID, $expire, '/', $Domain);
//setcookie("${CookiePrefix}Token", $Token, $expire, '/', $Domain);

// Delete cURL cookie
unlink($CookieFilePath);

?>

I also try to use clientlogin via postman, post request exactly like example on mediawiki.org/wiki/API:Login ,but result: "authmanager-authn-no-primary".

Reference:

AbyxDev · Answer 1 · 2018-07-20T13:24:42.430

0

To log in, you need to first GET a logintoken:

$query_string = '?action=query&meta=tokens&type=login&format=json';
...// sparing curl_exec details
$ResultSerialized = json_decode($Result, true);
$Token = $ResultSerialized['query']['tokens']['logintoken'];

Then, you POST the logintoken as well as your username and password:

$post_data = "?action=login&lgname=$username&lgpassword=password&logintoken=$Token&format=json";

And you should be logged in! As long as you keep the same cookie session between all requests, you should be able to use logged-in actions.

edited Jul 20 '18 at 13:24

answered Jul 12 '17 at 10:52

AbyxDev

1,363
16
30

I know this is old, but I'm trying to do the same thing with ASP.net/C#. I'm having a hard time understanding how to go about it. I posted this yesterday: https://stackoverflow.com/questions/52260761/log-into-my-mediawiki-site-when-specific-users-are-logged-into-my-website-on-a-d?noredirect=1#comment91472607_52260761 I apologize if posting my link on a similar topic is not allowed. – Jerry Warra Sep 11 '18 at 20:22
I'm getting this error response: `"error": { "code": "mustpostparams", "info": "The following parameter was found in the query string, but must be in the POST body: lgpassword." }` – yiddishe-kop May 26 '20 at 07:35
@Yehuda The error message explains the problem: you need to put the POST data in the POST body. This will be different depending on what language or HTTP library you're using; search up how to specify POST data for whatever you're on. – AbyxDev May 28 '20 at 11:07
I did exactly that, I used Postman (API client/tester). Still always some error [invalid token - when I just got the token]. In the end I found this node package "nodemw", and everything just works. I guess this will stay a mystery to me... – yiddishe-kop May 28 '20 at 12:58

How do I auto-login mediawiki using API login or clientlogin?

1 Answers1