Recently, while trying to get all the resources in place ahead of the project launch for Shopp I ran across an issue integrating WordPress with MediaWiki. I did a heavy amount of research on the problem and found things more or less at a standstill. The bad news is, I didn’t find a magic solution. The good news is, I did find something.
I came across a posting on the WordPress support forums that discussed the topic and linked to a blog entry from a bloke named hery (now completely changed). There he released a MediaWiki module for using WordPress as an external authorization database. Hery mentioned that he didn’t believe his module would work with PHP 5 (rats, my environment). Still hopeful, I downloaded it and gave it a go.
Following the basic instructions I got it installed and setup in MediaWiki. All of my login attempts using WordPress users and passwords completely failed with “incorrect password” but no parse errors so the code was working in PHP 5. I had already considered writing my own auth module, so I wasn’t particularly deterred by the password failure. Pouring through the code I found the problem with authenticating the passwords. In my setup, I was using the most recently released version of WordPress (2.6 at the time). I had read previously that password authentication had been radically altered by the use of a new hashing class. Sure enough, the MediaWiki auth module for WordPress was old enough it didn’t account for this.
The fix, to make a long story short, was to import the new hashing class WordPress uses for passwords in order to evaluate a hashed version of the plain text password sent by a user on the login form with the hashed version stored in the database. The fix literally required 4 lines of changes in total.
Since I was asked on the WordPress support thread to release my work. So here’s a copy of the altered AuthWordpress.php:
To use this file, you’ll need to install it in the MediaWiki extensions directory.
Then add the following lines to your MediaWiki LocalSettings.php file:
## Added for WordPress login support
require_once( 'extensions/AuthWordpress.php' );
$wgAuth = new AuthWordpress();
$wgAuth->setAuthWordpressTablePrefix('wp_'); // Should match the DB prefix in wp-config.php
$wgAuth->setAuthWordpressDBServer ('DBSERVER'); // wordpress host (eg. localhost)
$wgAuth->setAuthWordpressDBName('DBNAME'); // wordpress database
$wgAuth->setAuthWordpressUser('DBUSER'); // wordpress db username
$wgAuth->setAuthWordpressPassword('DBPASSWORD'); // wordpress db password
Be sure to change DBSERVER, DBNAME, DBUSER and DBPASSWORD to the correct settings for connecting to your WordPress database.
One final item to note. You may (or may not) need to alter the path to the WordPress PasswordHash in order for it to get imported in AuthWordpress.php correctly. In my environment MediaWiki was installed as a sub-directory inside my WordPress install (e.g. wordpress/wiki/). If yours is different, you’ll need to change AuthWordpress.php on line 59 to correct the path:
That’s it! Let me know if you used it and what bumps you had so I can clarify instructions here to help others out.