SMF and MediaWiki Bridge

Goss · December 19, 2010, 07:06:31 PM

I actually got it working on different databases. My issue was that I guess there was a compatibility problem between mediawiki 1.16 and the bridge. I'd just misunderstood the versions that a fix I read about was for.

But after I made the following change to AUTH_SMF.php, it works just fine now.

Code Select

//                      $wgHooks['AutoAuthenticate'][] = 'AutoAuthenticateSMF'; //original line
                       $wgHooks['UserLoadFromSession'][] = 'AutoAuthenticateSMF'; //fixed line

Edit:
Oh, and I'm having a new issue now. I'm using mediawiki 1.16 and it seems like user preferences are not saving. I try to make a change in the preferences, but there is no "saved" message and it has no effect on the wiki. Removing the bridge removes the issue. I have also tried this on a version installed on the same database as the forum and on a version that is on a different database.

Goss · December 26, 2010, 10:39:21 PM

I've reinstalled from scratch, but I'm still having the same issue with saving settings. I am using mediawiki 1.16. Has anybody else experienced this problem? The bridge seems to work just fine (though I apparently need to delete my cookies first?). However, while the bridge is installed no changes I make to user preferences will save.

thiru123 · December 30, 2010, 11:52:34 PM

hi,

Thanks to sharing information.......

Goss · January 05, 2011, 03:36:53 PM

Any ideas? I've noticed that the mediawiki for this forum does not have the same issue and they are using the same wiki version and, from what I've read, this bridge as a base for their own.

Kindred · January 05, 2011, 03:52:50 PM

the "bridge" which we are using here is significantly modified from anything which has been distributed.

augrunt · January 06, 2011, 12:23:14 AM

Using Invers version on SMF 2.0 RC4 and MediaWiki 1.16.1 and Redirection after Login is not working and Logout continues to suffer from those "session verification" errors.

Any ideas?

augrunt · January 06, 2011, 09:58:38 AM

I have come across the fix guys...

For those encountering the issue with "Session Verification" errors. This is the problem.
http://www.simplemachines.org/community/index.php?topic=374064.msg2666071#msg2666071

Redirection on Logout works correctly now and so does my Logout and Login. Login redirection however is still not working... but oh well, this is the major problem!

Farjo · January 10, 2011, 09:15:30 PM

Hi guys and thanks for all the info., getting there slowly but steadily

Am using SMF 2.0 RC4 and MediaWiki 1.16.0 and have progressed to the stage where I can log into SMF and the member is also logged into MW

However...
1. when I log out of SMF I am still logged into MW,

2. there is also a strange one where if I log out of MW I see the login link; I then go back to SMF to find I'm logged out - all good. But then when I go back to MW I am logged in again! There seems to be a cache thing with this second one as when I F5 I am logged out.

Any clues for these two?

Paracelsus · January 11, 2011, 07:12:25 AM

Quote from: Farjo on January 10, 2011, 09:15:30 PM
Hi guys and thanks for all the info., getting there slowly but steadily

Am using SMF 2.0 RC4 and MediaWiki 1.16.0 and have progressed to the stage where I can log into SMF and the member is also logged into MW

However...
1. when I log out of SMF I am still logged into MW,

2. there is also a strange one where if I log out of MW I see the login link; I then go back to SMF to find I'm logged out - all good. But then when I go back to MW I am logged in again! There seems to be a cache thing with this second one as when I F5 I am logged out.

Any clues for these two?

Yeah, it happens the same thing in MW 1.13, so it's probably some cache issue that has been there since this bridge was originally produced.

Goss · January 12, 2011, 09:04:22 AM

Quote from: Farjo on January 10, 2011, 09:15:30 PM
Am using SMF 2.0 RC4 and MediaWiki 1.16.0 and have progressed to the stage where I can log into SMF and the member is also logged into MW

Quick question for you, since I'm using the same versions for both SMF and MediaWiki. The bridge on my end seems to function fine, but user preferences on the wiki do not save when a member tries to change them. Are you experiencing that same bug?

Farjo · January 12, 2011, 09:30:39 AM

Seems to work for me. What preferences are you losing?

Goss · January 18, 2011, 10:25:35 AM

All of them. Any change in preferences at all aren't being saved. There is no "Preferences Saved" message popping up after you hit the save button.

At first, the settings seem to still be there. But if I leave the preferences area and then come back, everything is back to how it was before I tried to change them.

gngf123 · January 21, 2011, 02:29:28 PM

EDIT:

Thanks for all the support guys, I got it working in the end. An extra fix can be seen in my post a couple of posts down.

Biology Forums · January 21, 2011, 03:39:16 PM

Bridge number 1 says:

4. Open LocalSettings.php and add the following changes to the bottom of the file(before the ?>).

There is no ?> in the localsettings.php file $:-\$

gngf123 · January 22, 2011, 08:55:34 AM

Quote from: Invers on May 29, 2010, 01:43:06 PM
Hello, here is a fix for session verification fail.
Manual instruction:
go to line 329 Auth_SMF.php
you should see something like that:
Code Select Expand
function UserLogoutSMF(&$user) { smf_sessionSetup(); smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . '=' . $_SESSION['rand_code']); }

Change it to:
Code Select Expand
function UserLogoutSMF(&$user) { smf_sessionSetup(); if(isset($_SESSION['session_value'])) smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . '=' . $_SESSION['session_value']); else smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . '=' . $_SESSION['rand_code']); }
After that, you shouldn't see any more "Session verification failed. Please try logging out and back in again, and then try again." error

For lazy people, I attached already modified Auth_SMF.php. but be careful because:
It wont work with mediawiki older than 1.13
I did not test it on smf 1.1.11
I was testing it on my setup which is SMF 2 RC3 and MediaWiki 1.15.3. Aside from not doing redirects from logout/login pages back to wiki, it was working fine for me.

So it would be great if someone with smf 1.1.11 tested it ^^

Now all that is left are redirects from login/logout/registration pages back to wiki. But... I have no idea how that works in smf and what is going on with that wiki extension...

----------

Here I will try to explain what was the cause of this ""Session verification failed. Please try logging out and back in again, and then try again." error
Look at this code.
Code Select Expand
function smf_sessionSetup() { global $wgCookiePath; // Clean out the existing session. This should have no affect // since we are going to redirct the user to the SMF page. session_destroy(); session_start(); // Load up the SMF session and set the redirect URL. if(isset($_COOKIE['PHPSESSID'])) session_decode(smf_sessionRead($_COOKIE['PHPSESSID'])); // No exisiting session, create one else { // Grab us a unique ID for SMF. session_regenerate_id(); // Needed for SMF checks. $_SESSION['rand_code'] = md5(session_id() . rand()); $_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; die('rand code ='.$_SESSION['rand_code'].''); $_COOKIE['PHPSESSID'] = session_id(); setcookie('PHPSESSID', session_id(), time() + 3600, $wgCookiePath, '', 0); } }
It looks like that if "if(isset($_COOKIE['PHPSESSID']))" returned true, then the variable $_SESSION['rand_code'], was never set anywhere, so logout function was using non-existent variable. therefore after logout attempt from wiki all we saw was "Session verification failed. Please try logging out and back in again, and then try again."

Good idea, didn't quite work for me, but I fixed it:

Original:

Code Select

	
function UserLogoutSMF(&$user) {
		smf_sessionSetup();	
		if(isset($_SESSION['session_value']))
		smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . '=' . $_SESSION['session_value']);
		else
		smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . '=' . $_SESSION['rand_code']);
	}

New:

Code Select

	
function UserLogoutSMF(&$user) {
		smf_sessionSetup();	
		if(isset($_SESSION['session_value']))
		smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . 'sesc=' . $_SESSION['session_value']);
		else
		smf_redirectWrapper('logout_url', 'logout;' . $_SESSION['session_var'] . 'sesc=' . $_SESSION['rand_code']);
	}

The key was to analyzing the session logout URL that SMF gives, and changing the above script accordingly. All I needed to do was add "sesc" infront of the =.

Goss · January 22, 2011, 01:37:11 PM

After messing around with the files some more today I disabled the SMFLogin by turning it to false. I assume that disabling that would allow me to log on with my forum information already in the wiki database directly instead of going through SMF for verification. I wanted to see if logging in that way would give me the same user preferences error I've been getting.

When I did that, if I tried to log in to the wiki, after submitting my account information I would receive the following error message:

QuoteFrom Marked Wiki
Jump to: navigation, search
Login error
There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again.

Could that have something to do with my user preferences issue?

Edit: And another weird bug with this active. If I try to import a file to the wiki, no matter the size, I get the following error:

QuoteImport failed: Loss of session data. Please try again.

Importing works if I remove the modification.

I've attached my Auth_SMF.php file to this post. Anybody want to take a look?

gngf123 · January 24, 2011, 01:07:21 PM

okay here is a little problem.

Despite having sessions working brilliantly on other devices, when using my android phone it doesn't seem to sign me into the wiki.

Biology Forums · January 24, 2011, 10:53:35 PM

Can someone please post their localsettings.php file, I'm really exhausted at this point

Goss · January 25, 2011, 01:01:07 AM

I'm starting to think that my issues are somehow related to my database or something. I reinstalled my wiki and the bridge, but I'm still having the same issues.

If I have the SMFLogin disabled, I either get a "wrong password" error or the following error: "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please hit "back" and reload the page you came from, then try again." This happens if I use an account that originated on the wiki or if I try to log in on an account that was pulled from the SMF database. I went into the extension file and turned on new password email generations. And if I submitted that twice it got me past the "session hijacking error" and allowed me to log in after resetting my password (and I could change my preferences then). But if I logged out and went back, I'd get the wrong password and session hijacking errors again.

If I turn off the mod entirely, logging in works just fine again.

I am at a loss. x.x

Farjo · January 25, 2011, 02:42:48 AM

Goss, just to let you know I logged in as a regular member and added a signature - it is still there after I have logged out/in and been elsewhere $:-\$

News:

SMF and MediaWiki Bridge