Elgg Authentication Plugin for MediaWiki

Requirements

This plugin has been tested with the following:

• PHP 5.0.2 (should work with 4.3.x versions or later)
• MySQL 5.0.2 (should work with earlier versions)
• Elgg 0.4
• MediaWiki 1.6.3 (assumed to work with versions at least as old as 1.4.9)

Installation

IMPORTANT: The Elgg instance and the MediaWiki instance must reside in the same domain.

1. Create a subdirectory under /extensions named elgg.
2. Extract these files into /extensions/elgg.
3. Open <mediawiki_dir>/extensions/elgg/constants.php in a text editor and make sure the following settings are configured correctly:
   • ELGG_PATH: the path to access Elgg relative to the server. For example, if the URL to Elgg is http://www.myhost.com/elgg-0.4, then enter "elgg-0.4" (without the quotation marks).
   • ELGG_MW_ELGG_WIKI_COOKIE_EXPIRY: the number of seconds before MediaWiki cookies expire. When these cookies expire, the plugin will force an authentication check against the Elgg database. If the check passes, the cookies are recreated automatically.
   • ELGG_DB_HOST: the hostname of the machine hosting the Elgg database.
   • ELGG_DB_NAME: the name of the Elgg database.
   • ELGG_DB_USER: the user name with permissions on the Elgg database.
   • ELGG_DB_PASSWORD: the password of the Elgg database user.

   You may want to change the other settings, but generally it isn't required. You can refine the permissions by configuring the following:

   • ELGG_MW_PUBLIC_ACTIONS: comma-delimited list of wiki actions that can be performed without being logged in to Elgg. DO NOT INCLUDE SPACES.
   • ELGG_MW_PUBLIC_PAGE_ACTIONS: an associative array of page titles and their comma-delimited public actions. DO NOT INCLUDE SPACES. This takes precedence over ELGG_MW_PUBLIC_ACTIONS.
4. Open <mediawiki_dir>/LocalSettings.php in a text editor and add the following lines immediately before the PHP end-code delimiter (the "?>"):
   

           require_once('extensions/elgg/ElggAuthPlugin.php');
   
           $wgAuth = new ElggAuthPlugin();
   

How It Works

Anyone can view any page in the wiki without logging in. All other actions require a valid Elgg authentication cookie and the user must not be banned from Elgg. When a user tries to perform a non-view action to a page, the plugin first checks for the Elgg authentication cookie ("elggperm"). If the cookie is missing, the user is denied access to the page and redirected to the Elgg login page. If the cookie exists, the plugin uses the cookie value to generate a hash which is used to look up the user in the Elgg database. If the user is valid and has not been banned, the plugin creates the necessary cookies in MediaWiki and starts a session. If the user does not exist in the Elgg database, the user is redirected to the Elgg login page.

If the user exists in the Elgg database, but does not exist in the MediaWiki database, a new account is created automatically. Once this is done, the user is redirected to the appropriate wiki page.

The Elgg authentication cookie check is performed each time the user tries to perform an action in the wiki. This means that if the user logs out of Elgg, she will be denied access to the wiki until she logs in to Elgg again.

The user account lookup is only performed if the MediaWiki cookies do not exist. This means that if a user is logged in to Elgg and MediaWiki and is subsequently banned while still logged in, he will be denied access to Elgg but continue to have access to the wiki until the MediaWiki cookies expire.

Thus, to ensure that the user's status in Elgg is rechecked at a reasonable interval, the default MediaWiki cookie expiry is reduced to one hour.