Last modified: 2011-03-13 17:46:02 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T3448, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 1448 - Login with no Password
Login with no Password
Status: RESOLVED WONTFIX
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.3.x
PC Linux
: Lowest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-01 22:32 UTC by Daniel Gohlke
Modified: 2011-03-13 17:46 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Daniel Gohlke 2005-02-01 22:32:30 UTC
Hello,

I have installed Mediawiki 1.3.9 at saturday. I want a limited numbers of
authors for
this wiki, so I followed the description on url:
"http://meta.wikimedia.org/wiki/Preventing_Access".

Using:
  $wgWhitelistAccount = array ( "sysop" => 1, "developer" => 1 );
  $wgWhitelistEdit = true;

It works quite right with WikiSysop, but other accounts can login with the right
password or no password (field is blank). Login with wrong passwords are not
working.
It is only a configuration error or is it a bug in the script?

So long.
   Daniel Gohlke
Comment 1 JeLuF 2005-02-01 22:42:37 UTC
Did these accounts already exist before you added the two lines to the config?
Comment 2 Daniel Gohlke 2005-02-02 09:35:16 UTC
Yes they did. I created these accounts as WikiSysop via
<nowiki>[[Special:Userlogin]]</nowiki> sending me and other authors a password
via email. I found this out, when I work on a Windows machine, and typing
"enter" all the time.

Comment 3 Brion Vibber 2005-02-02 09:57:46 UTC
What's the exact sequence you used in creating accounts?

Did you leave the password fields blank when creating the accounts? 
This would set an initial empty password, allowing login with no 
password.
Comment 4 Daniel Gohlke 2005-02-02 10:51:30 UTC
Yes, I did not set a password. The system generate a password and sent it via
e-mail, isn't it?
First I choose a username for each author and nothing else. Then I sent it. Each
author got an email with username and password.
I the initial empty password also available?
Comment 5 JeLuF 2005-02-04 22:57:43 UTC
Yes, the initial password is available at the same time.


The "I forgot my password" button is available for any user. If it is hit, the
user can log in using either his old password or the password he received via
mail. If we wouldn't allow both passwords, hitting the button would allow
denial-of-service attacks.

Assign an initial non-empty password to prevent logins without a password.
Comment 6 Mark A. Hershberger 2011-03-13 17:46:02 UTC
Changing all WONTFIX high priority bugs to lowest priority (no mail should be generated since I turned it off for this.)

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links