login - How to only allow approved users to log in to my wiki? -

-

i have added column in wikidatabase in user table called approved_account. standard value on column 0 (zero).

i add exception when user tries log in wiki, such if approved_account = 0 login attempt denied.

does know how , should place if statement?

edit: i've come far. using abortlogin hook, since need verify if statement true every time user tries log in.

however, code won't let anyone in. blocks login attempts, if have correct value in approved_account field. can me fix this?

<?php /**  * prevent user accessing file directly , provide helpful  * message explaining how install extension. */ if ( !defined( 'mediawiki' ) ) {     echo <<<eot install test extension, put following line in localsettings.php file:  require_once( "$ip/extensions/approvedaccount.php" ); eot;     exit( 1 ); }  // extension credits show on special:version $wgextensioncredits['parserhook'][] = array(     'name' => 'approved account extension',     'description' => 'prevent login',     'author' => 'me',     'url' => 'http://www.mediawiki.org/wiki/extension:approvedaccount' ); $wghooks['abortlogin'][] = 'approvedaccount::onabortlogin';  class approvedaccount {     public static function onabortlogin( $user, $password, &$retval ) {     global $wgout, $wguser;      $dbr = wfgetdb( db_slave );     $res = $dbr->select(     'user',                                     // $table     array( 'user_name', 'approved_account' ),   // $vars (columns of table)     'user_name = "'.$wguser.'"',                // $conds     __method__,                                 // $fname = 'database::select',     array( 'order by' => 'user_name asc' )      // $options = array()     );      $output = '';     foreach( $res $row ) {     $output .= 'användarnamn: ' . $row->user_name . ' , approved account: ' . $row->approved_account . ".";     }      if ($row->approved_account = "1"){     //$this->loaddefaults();     //  return false;     header("location: http://hbg-whirlpool.emea.stream.corp/index.php?title=special:userlogout&returnto=main+page");     exit();  // need exit after location header sent     }    } }

you simple authplugin, overriding strictuserauth() method return true users match condition.

however, suspect you're approaching problem wrong way. why not define new user group, say, approved, , add corresponding record user_groups table approved users? won't able prevent unapproved users logging in, can prevent them making edits granting edit permission approved group, this:

$wggrouppermissions['*']['edit'] = false; $wggrouppermissions['user']['edit'] = false; $wggrouppermissions['approved']['edit'] = true;

(if wanted, revoke read permission unapproved users too, please read warnings restricting read access in mediawiki first.)

edit: see couple of problems abortlogin hook.

  • doing 301 redirect , exit() in middle of hook not idea. sure, will abort login, that's not how hook meant used. rather, should have hook function return false indicate login should aborted or true proceed normal login checks.

  • in case, you're doing exit() when approved_account column 1, presumably when don't want abort login.

  • ...or, rather, you're doing exit() always, because used assignment operator = instead of comparison operator == in condition, causing true. (don't worry, that's common bug in php , other c-like languages. 1 way avoid in habit of using "yoda conditionals" 1 == $row->approved_account, produce error if leave out 1 =, since can't assign 1.)

  • also, concatenating user object string won't produce meaningful; and, if did, there sql injection vulnerability there. , besides, hook parameters include user object, should use instead of global $wguser (which might stale during login anyway).

i admit of stuff poorly documented. besides abortlogin docs, i'd suggest looking @ general mediawiki hook documentation, actual way hook called specialuserlogin.php. database access, i'd point database wrapper function docs; unfortunately, method documentation pages giving 404 errors right now, you'd again need look directly in source documentation.

anyway, i'd rewrite hook this:

public static function onabortlogin( $user, $password, &$retval, &$msg ) {     $dbr = wfgetdb( db_slave );     $row = $dbr->selectrow(         'user',         'approved_account',         array( 'user_id' => $user->getid() ),         __method__     );      if ( !$row || !$row->approved_account ) {         $retval = loginform::aborted;  // default, let's sure         $msg = 'login-abort-not-approved';  // optional: custom error message         return false;     }     else {         // account approved, return true proceed other login checks         return true;     } }

if want custom message, you'll need create page mediawiki:login-abort-not-approved on wiki. (if wanted turn proper mediawiki extension, provide default message in i18n file, that's overkill here.)

edit 2: yes, can add many hooks want in extension. (in fact, don't need extension, it's fine define simple site-specific hooks directly in localsettings.php if want.) think work addnewaccount hook log user out, although must note haven't tested this:

public static function onaddnewaccount( $user, $byemail ) {     global $wguser;     // try log out new user if they're logged in     if ( $user->getname() == $wguser->getname() ) $user->logout();     return true; }

the if clause there because addnewaccount called when user creates new account while logged in pre-existing account, in case logging them out original account unwelcome surprise. (technically, if ( $user == $wguser ) ought suffice, explicitly comparing usernames rather object references seems safer.)

note logging new user out @ point kind of yanks carpet out under new user creation code, unusual things may happen. example, suspect user creation log may end saying "newusername created new user account newusername", , "account created" page may temporarily show user logged in, though they're not.

it cleaner somehow avoid auto-login behavior in first place, don't see obvious way without patching specialuserlogin.php: check determines whether new user automatically logged in if ( $this->getuser()->isanon() ), checks whether user logged in. faking somehow (which ugly kluge in itself) doesn't seem practical, far can tell.

if don't mind patching mediawiki core, though, replacing condition if ( false ) (or if ( false && $this->getuser()->isanon() ), if want keep self-documenting) should trick. note still keep addnewaccount hook backup, in case forget reapply patch after upgrading or something.


Comments

Post a Comment

Popular posts from this blog

sql - VB.NET Operand type clash: date is incompatible with int error -

-
i trying display records table named staffpresentee database using clause... i using visual studio 2010... the table design follows- .......fieldname..................datatype........allownull 1......staff_id (fk).............numeric(18,0)......yes 2.......date........................date.............no 3......present.....................char(1)..........yes note type of 2nd field date , not datetime... i want display records table have today's date int 'date' field... current query is- cmd = new sqlclient.sqlcommand("select * staffpresentee date=" & date.now.date, cn) dr = cmd.executereader for dr = cmd.executereader error "operand type clash: date incompatible int" i tried select * staffpresentee query without clause runs correctly. try putting date value in sigle quotes maybe. cmd = new sqlclient.sqlcommand("select * staffpresentee date='" & _
Read more

SVG stroke-linecap doesn't work for circles in Firefox? -

-
i've got problem svg stroke-linecap attribute. i've got circular progress bar in angularjs , set outer circle (blue one) have rounded "ends". @ fiddle . <svg ... height="130" width="130"> <!-- ngif: background --> <circle ... ng-if="background" fill="#fff" class="ng-scope" stroke-width="13" stroke="#cc3399" r="57.5" cy="65" cx="65" stroke-linecap="round" /> <!-- end ngif: background --> <circle ... fill="none" stroke-dashoffset="36.12831551628261" stroke-dasharray="361.28315516282623" stroke-width="13" stroke="#432db3" stroke-linecap="round" r="57.5" cy="65" cx="65" transform="rotate(-89.9, 65, 65)" /> </svg> how can that?
Read more

python - TypeError: Scalar value for argument 'color' is not numeric in openCV -

-
here code im = cv2.imread('luffy.jpg') gray = cv2.cvtcolor(im,cv2.color_bgr2gray) ret,thresh = cv2.threshold(gray,127,255,0) contours,h = cv2.findcontours(thresh,cv2.retr_tree,cv2.chain_approx_simple) cnt in contours: moment = cv2.moments(cnt) c_y = moment['m10']/(moment['m00']+0.01) c_x = moment['m01']/(moment['m00']+0.01) centroid_color = im[c_x,c_y] centroid_color = np.array((centroid_color[0],centroid_color[1],centroid_color[2])) print type(centroid_color) cv2.fillpoly(im,cnt,centroid_color) i getting error on last line try , pass centroid_color color argument. <type 'numpy.ndarray'> , have been able pass data type cv2.fillpoly color in other instances, not sure why having problem here. fillpoly() expects iterable, i.e. put cnt in brackets. believe duplicate of https://stackoverflow.com/a/17582850/5818240 . moreover, centroid color variable contains strings. need convert them i
Read more