Last modified: 2011-03-13 17:46:02 UTC
Hello, I have installed Mediawiki 1.3.9 at saturday. I want a limited numbers of authors for this wiki, so I followed the description on url: "http://meta.wikimedia.org/wiki/Preventing_Access". Using: $wgWhitelistAccount = array ( "sysop" => 1, "developer" => 1 ); $wgWhitelistEdit = true; It works quite right with WikiSysop, but other accounts can login with the right password or no password (field is blank). Login with wrong passwords are not working. It is only a configuration error or is it a bug in the script? So long. Daniel Gohlke
Did these accounts already exist before you added the two lines to the config?
Yes they did. I created these accounts as WikiSysop via <nowiki>[[Special:Userlogin]]</nowiki> sending me and other authors a password via email. I found this out, when I work on a Windows machine, and typing "enter" all the time.
What's the exact sequence you used in creating accounts? Did you leave the password fields blank when creating the accounts? This would set an initial empty password, allowing login with no password.
Yes, I did not set a password. The system generate a password and sent it via e-mail, isn't it? First I choose a username for each author and nothing else. Then I sent it. Each author got an email with username and password. I the initial empty password also available?
Yes, the initial password is available at the same time. The "I forgot my password" button is available for any user. If it is hit, the user can log in using either his old password or the password he received via mail. If we wouldn't allow both passwords, hitting the button would allow denial-of-service attacks. Assign an initial non-empty password to prevent logins without a password.
Changing all WONTFIX high priority bugs to lowest priority (no mail should be generated since I turned it off for this.)