Mediawiki Issue


#1

Hi,
I’m trying to integrate Mediawiki 1.28.0 with Duo. I have it all setup, I get approval in Duo, but the login never happens. When I watch the your-domain.com-error_log, I get the following error after aproving the Duo push:

PHP Notice: Undefined variable: _SESSION in /var/www/html/mediawiki/extensions/DuoAuth/SpecialDuoAuth.php on line 45, referer: http://xxxxxxxxxx.com/index.php/Special:DuoAuth

Here’s the section in question starting with line 40 >

  $wgUser->logout();
  $_SESSION['du'] = $username;
  $_SESSION['id'] = $uid;
} else if (isset($_POST["sig_response"]) && !empty($_POST["sig_response"])) {
  $duo_user = Duo::verifyResponse($wgDuoIKey, $wgDuoSKey, $wgSecretKey, $_POST["sig_response"]);
  if ($duo_user == $_SESSION['du']) {
    # TODO: should be able to do this with $wgUser->getIdFromName($_SESSION['du'])
    $wgUser->setId($_SESSION['id']);
    $wgUser->loadFromId();
    $wgUser->setCookies();
    $wgOut->redirect("$wgScript/Main Page");
  } else {
    $mediaWiki->restInPeace();
  }
} else {
  $wgOut->addWikiText("You must login to see this page.");
}

}
}
?>

If you need more info, you can download all the code from here>

I’m guessing something may have changed in the latest version of mediawki, but I don’t understand enough about how this works to really know. Any help would be very much appreciated!
Thank you!
fevin


#2

I am using php7. I’m wondering if that’s where the problem lies. As best I can tell, the _SESSION variables are cleared when the $wgUser->logout(); is run. If I comment that line out, everything runs clean. However, Duo is basically useless at that point since you can just bypass the screen all together and go to another page (since you’re still logged in).

Again, I know very little about the way the code works. I’m just trying to make this thing work. Thanks for any help you may be able to offer!
fevin