MediaWiki

From code/src wiki
Jump to navigationJump to search

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file: 

require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");

MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows: 

function otherPage($out) {
    return true;
}

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.

Retrieved from "https://www.codesrc.com/mediawiki/index.php?title=MediaWiki&oldid=177"