Last modified: 2011-03-13 17:46:02 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 1448 - Login with no Password
Login with no Password
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
PC Linux
: Lowest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2005-02-01 22:32 UTC by Daniel Gohlke
Modified: 2011-03-13 17:46 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Daniel Gohlke 2005-02-01 22:32:30 UTC

I have installed Mediawiki 1.3.9 at saturday. I want a limited numbers of
authors for
this wiki, so I followed the description on url:

  $wgWhitelistAccount = array ( "sysop" => 1, "developer" => 1 );
  $wgWhitelistEdit = true;

It works quite right with WikiSysop, but other accounts can login with the right
password or no password (field is blank). Login with wrong passwords are not
It is only a configuration error or is it a bug in the script?

So long.
   Daniel Gohlke
Comment 1 JeLuF 2005-02-01 22:42:37 UTC
Did these accounts already exist before you added the two lines to the config?
Comment 2 Daniel Gohlke 2005-02-02 09:35:16 UTC
Yes they did. I created these accounts as WikiSysop via
<nowiki>[[Special:Userlogin]]</nowiki> sending me and other authors a password
via email. I found this out, when I work on a Windows machine, and typing
"enter" all the time.

Comment 3 Brion Vibber 2005-02-02 09:57:46 UTC
What's the exact sequence you used in creating accounts?

Did you leave the password fields blank when creating the accounts? 
This would set an initial empty password, allowing login with no 
Comment 4 Daniel Gohlke 2005-02-02 10:51:30 UTC
Yes, I did not set a password. The system generate a password and sent it via
e-mail, isn't it?
First I choose a username for each author and nothing else. Then I sent it. Each
author got an email with username and password.
I the initial empty password also available?
Comment 5 JeLuF 2005-02-04 22:57:43 UTC
Yes, the initial password is available at the same time.

The "I forgot my password" button is available for any user. If it is hit, the
user can log in using either his old password or the password he received via
mail. If we wouldn't allow both passwords, hitting the button would allow
denial-of-service attacks.

Assign an initial non-empty password to prevent logins without a password.
Comment 6 Mark A. Hershberger 2011-03-13 17:46:02 UTC
Changing all WONTFIX high priority bugs to lowest priority (no mail should be generated since I turned it off for this.)

Note You need to log in before you can comment on or make changes to this bug.