MediaWiki: Difference between revisions

From code/src wiki
Jump to navigationJump to search
m (Reverted edits by 77.247.28.142 (Talk) to last revision by Michael)
 
Line 6: Line 6:


  require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");
  require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");
MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL.  The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:
function otherPage($out) {
    return true;
}


_Note:_ An [[SSL]]-enabled VirtualHost is required in your Apache config.
_Note:_ An [[SSL]]-enabled VirtualHost is required in your Apache config.


Original code obtained from the code examples of the book [http://www.oreilly.com/catalog/9780596519681/  MediaWiki] by Daniel J. Barrett.
Original code obtained from the code examples of the book [http://www.oreilly.com/catalog/9780596519681/  MediaWiki] by Daniel J. Barrett.

Latest revision as of 11:32, 12 March 2013

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file:

require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");

MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:

function otherPage($out) {
    return true;
}

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.