Sean Monahan

Recently I was charged with integrating our content management system our company is developing with MediaWiki.  Specifically, we wanted the appearance of a single account for both our CMS and MediaWiki.  Since our CMS is were all the action happens and MediaWiki is serving as a user manual I decided to have our CMS also handle account management for MediaWiki.

To accomplish this our CMS requires three additional features.  It must:

1. Create user accounts for our MediaWiki user manual.
2. Update user accounts for our MediaWiki user manual.
3. Disable (not delete – more on this later) user accounts for our MediaWiki user manual.

These three features will in turn require some helper function to do some behind-the-scenes work for us.  These are:

1. A getUserId function to return user IDs.
2. A generatePass function to generate random passwords.
3. A connectToDb function to connect to the MediaWiki database.

To accomplish my goal I built a PHP5 class MediaWikiManager.  The class provides public methods for creating users, updating users, updating passwords and disabling users.

Usage

The first thing you need to do is set the constants DBPASS, DBUSER, DBHOST and DBNAME to match your MediaWiki database information.  Once you’ve done that simply create yourself an instance of the MediaWikiManager class.

$manager = new MediaWikiManager();

To create a new user you need the user’s first name, last name, user name, email address and password.  Once you have this information, creating the MediaWiki account takes just a single line.

$mediaWikiId = $manager->CreateUser($firstname, $lastname, $username, $email, $password);

CreateUser() will return the user ID that MediaWiki assigns your newly created user.  You can store the MediaWiki user ID and use it to update and disable the user later.  This isn’t a requirement though, as you only need the user name to manage user accounts with this class.  An important note here is that the MediaWikiManager class does not enforce unique user names.  Our CMS does all the work to ensure that user names are unique, so I can simply pass CreateUser() any user name and know it will be unique.  Your situation may vary.

To update an existing user you will need the user’s first name, last name, user name, email and, optionally, password and MediaWiki user ID.

// Update with no optional parameters.

$updated = $manager->UpdateUser($firstname, $lastname, $username, $email);

// Update with password

$updated = $manager->UpdateUser($firstname, $lastname, $username, $email, $password);

// Update with MediaWiki user ID and no password.  Pass null to any optional parameter you want to skip.

$updated = $manager->UpdateUser($firstname, $lastname, $username, $email, null, $uid);

Our CMS requires user account passwords to be changed periodically.  So our most common account updates are to the password alone.  As such, MediaWikiManager provides methods for updating only the account password.

// Update the password with the user name

$updated = $manager->UpdatePasswordByName($username, $password);

// Update the password with the MediaWiki user ID

$updated = $manager->UpdatePasswordById($uid, $password);

Finally, we need to be able to disable accounts entirely.

// Disable account by user name

$disabled = $manager->DisableUserByName($username);

// Disable account by MediaWiki ID

$disabled = $manager->DisableUserById($uid);

Full documentation for the class can be found here.

The class can be downloaded from here.

MediaWikiManager by Sean Monahan is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

A note on disabling user accounts.

On of the strengths of MediaWiki is that it stores a complete history of all additions, revision, deletions, etc made by users.  The caveat to this is that user accounts cannot be deleted due to the relational nature of the database behind MediaWiki.  If you want to “delete” an account the recommended method to produce a garbage password and update the account in question with said password.  By doing this, everyone is locked out of the account effectively deleting it.