см. Также https://www.mediawiki.org/wiki/User:Krinkle/API_PHP_cURL_example
простой код:
// Retrieves email address and password from sign-in form
$Username = array_key_exists('username',$_REQUEST)?$_REQUEST['username']:'';
$Password = array_key_exists('password',$_REQUEST)?$_REQUEST['password']:'';
$Action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:'';
$API_Location = "";
//copied from LocalSettings.php
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wiki";
$wgDBuser = "myuser";
$wgDBpassword = "12312312";
$CookiePrefix = 'wiki';
$expire = 60*60*24*365*5 + time();
$CooiePath= null; //='/';
$CookieDomain = null; //'example.com';
function encodeURIComponent($str) {
$revert = array('%21'=>'!', '%2A'=>'*', '%27'=>"'", '%28'=>'(', '%29'=>')');
return strtr(rawurlencode($str), $revert);
class curl_onHeaders
public $result=array();
function onHeader( $curl, $header_line ) {
return strlen($header_line);
function curl($method,$url,$data=false,$headers=false)
//$url ="http://example.com";
//$data = "The updated text message";
//$headers=array(); $headers[] = 'Accept: text/html';
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data); // any post data, a string like param1=a¶m2=b
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); //for updating we have to use PUT method.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$onHeader = new curl_onHeaders();
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array(&$onHeader, 'onHeader'));
$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$object = new stdClass();
$object->result = $result;
$object->code = $code;
$object->headers = $onHeader->result;
throw new Exception("curl error: ". curl_error($ch));
//$object->error =curl_error($ch);
return $object;
function getcookies($headers)
foreach( $headers as $header)
if (preg_match('/^Set-Cookie:\s*([^;]*)/mi', $header, $cookie) == 1)
$cookies = $cookie[1];
$cookies .="; ".$cookie[1];
return $cookies;
function mearge_cookies($old,$new)
// cookies like session are sent only once from server, multiple cookies generally can be mearged with "; "
// a cookie jar is prefered but this code generally fine.
// folowing code does not handle expires
// cookie format: https://msdn.microsoft.com/en-us/library/windows/desktop/aa384321(v=vs.85).aspx
// Set-Cookie: <name>=<value>[; <name>=<value>]...
// [; expires=<date>][; domain=<domain_name>]
// [; path=<some_path>][; secure][; httponly]
// <date> format:
// DAY The day of the week (Sun, Mon, Tue, Wed, Thu, Fri, Sat).
// DD The day in the month (such as 01 for the first day of the month).
// MMM The three-letter abbreviation for the month (Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec).
// YYYY The year.
// HH The hour value in military time (22 would be 10:00 P.M., for example).
// MM The minute value.
// SS The second value.
foreach($cookies_strs_to_merge as $cookies_str)
foreach(preg_split("/\\s*;\\s*/",$cookies_str) as $cookie)
if($cookie_name=='domain') continue;
if($cookie_name=='expires') continue;
if($cookie_name=='path') continue;
else if($cookie=='secure' )continue;
else if($cookie=='httponly' )continue;
foreach($cookiesa as $cookie_name=>$cookie_value)
$cookies.=($cookies===''?'':'; ').$cookie_name.'='.$cookie_value;
return $cookies;
mysql_connect($wgDBserver, $wgDBuser, $wgDBpassword) or die('Could not connect: ' . mysql_error());
if($Action == 'login')
// Query to retrieve username from database based on email. It is implied that authentication has already succeeded.
$Query = "SELECT Username FROM `$wgDBname`.Accounts WHERE Email = '".mysql_escape_string($Username)."'";
$ResultSet = mysql_query($Query);
$ResultArray = mysql_fetch_array($ResultSet);
$Username = $ResultArray[0]; // Username
// first http post to sign in to MediaWiki
$result = unserialize($res->result);
$Token = $result[login][token];
// cookie must be set using session id from first response
$WikiSessionID = $result[login][sessionid];
setcookie("${CookiePrefix}_session", $WikiSessionID, $expire, $CooiePath, $CookieDomain);
// second http post to finish sign in
if ($result["login"]["result"] == "NeedToken") {
$res=curl("POST",$API_Location,"action=login&lgname=".encodeURIComponent($Username)."&lgpassword=".encodeURIComponent($Password)."&lgtoken=".encodeURIComponent($Token)."&format=php",array('Cookie: '.$lastcookies));
$result = unserialize($res->result);
if ($result["login"]["result"] == "Success") {
$error = 'ok';
// set persistent cookies
$LgToken = $result["login"]["lgtoken"];
$LgUserID = $result["login"]["lguserid"];
$LgUserName = $result["login"]["lgusername"];
$cookieprefix = $result["login"]["cookieprefix"];
if($cookieprefix!=$CookiePrefix) throw new Exception('notice a wrong cookie prefix');
setcookie("${CookiePrefix}UserName", $LgUserName, $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}UserID", $LgUserID, $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}Token", $LgToken, $expire, $CooiePath, $CookieDomain);
} else if ($result["login"]["result"] == "NeedToken") {
$error = "Error 005: Token error. second request.";
} else if ($result["login"]["result"] == "NoName") {
$error = "The username can not be blank";
} else if ($result["login"]["result"] == "Illegal") {
$error = "You provided an illegal username";
} else if ($result["login"]["result"] == "NotExists") {
$error = "The username you provided doesn't exist";
} else if ($result["login"]["result"] == "EmptyPass") {
$error = "The password can not be blank";
} else if ($result["login"]["result"] == "WrongPass" || $result["login"]["result"] == "WrongPluginPass") {
$error = "The password you provided is incorrect";
} else if ($result["login"]["result"] == "CreateBlocked") {
$error = "Autocreation was blocked from this IP address";
} else if ($result["login"]["result"] == "Throttled") {
$error = "You've logged in too many times in a short time. Try again later.";
} else if ($result["login"]["result"] == "mustbeposted") {
$error = "Error 004: Logindata was not send correctly";
} else if ($result["login"]["result"] == "Blocked") {
$error = "This account is blocked.";
} else if ($result["login"]["result"]){
$error = "Error 001: An unknown event occurred.";
} else {
$error = "Error 002: An unknown event occurred.";
echo $error;
if($Action == "logout")
// first http post to sign in to MediaWiki
$_session = array_key_exists("${CookiePrefix}_session",$_COOKIE)?$_COOKIE["${CookiePrefix}_session"]:'';
$UserName = array_key_exists("${CookiePrefix}UserName",$_COOKIE)?$_COOKIE["${CookiePrefix}UserName"]:'';
$UserID = array_key_exists("${CookiePrefix}UserID",$_COOKIE)?$_COOKIE["${CookiePrefix}UserID"]:'';
$Token = array_key_exists("${CookiePrefix}Token",$_COOKIE)?$_COOKIE["${CookiePrefix}Token"]:'';
$headers=array( "Cookie: ".
"${CookiePrefix}_session=".encodeURIComponent($_session)."; ".
"${CookiePrefix}UserName=".encodeURIComponent($UserName)."; ".
"${CookiePrefix}UserID=".encodeURIComponent($UserID)."; ".
"${CookiePrefix}Token=".encodeURIComponent($Token) );
$LogoutReturn = unserialize($res->result);
// destroys persistent cookies and ends session
$expire = time() - 60*60*24*90;
setcookie('Session', '', $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}_session", '', $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}UserName", '', $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}UserID", '', $expire, $CooiePath, $CookieDomain);
setcookie("${CookiePrefix}Token", '', $expire, $CooiePath, $CookieDomain);
echo "logout";
function checklogin()
global $CookiePrefix,$wgDBname;
if( array_key_exists("${CookiePrefix}_session",$_COOKIE)
&& array_key_exists("${CookiePrefix}UserID",$_COOKIE)
$UserID = intval($_COOKIE["${CookiePrefix}UserID"]);
$UserName = array_key_exists("${CookiePrefix}UserName",$_COOKIE)?$_COOKIE["${CookiePrefix}UserName"]:'';
$Token = array_key_exists("${CookiePrefix}Token",$_COOKIE)?$_COOKIE["${CookiePrefix}Token"]:'';
($result=mysql_query("Select user_name,user_real_name,user_email,user_token,user_token,(Select ug_user from `$wgDBname`.user_groups WHERE ug_group='sysop' and ug_user=user.user_id) as perms from `$wgDBname`.user user WHERE user_id=$UserID"))||die(mysql_error());
if ($udata!=null)
if ( $udata->perms!=null )
$level = 1;
echo "different username. cookie vs db. can not auto login from mediawiki";
return null;
if($Token!=$udata->user_token) {
echo "different token. cookie vs db. can not auto login from mediawiki";
return null;
return array(
'UniqueID' => $UserID,
'Name' => $UserName,
'Title' => $udata->user_real_name==""?NULL:$udata->user_real_name,
'Email' => $udata->user_email==""?'no@email.com':$udata->user_email,
'Admin' => $level
return null;
welcome <?=$user['Title']? $user['Title']:$user['Name'] ?>. <br>
<a href="<?=$_SERVER['PHP_SELF']?>?action=logout">logout</a>
