Last modified: 2010-05-15 15:38:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 2259 - patch for User.php: login with temp.password also indicates that the e-mail address is valid
patch for User.php: login with temp.password also indicates that the e-mail a...
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.5.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
: 8289 (view as bug list)
Depends on: 866
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-28 07:29 UTC by T. Gries
Modified: 2010-05-15 15:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description T. Gries 2005-05-28 07:29:04 UTC
Tim has recently removed an outdated part in User.php.
(I first agreed to him with that but found now, that I was wrong in agreeing).

Please can a developer re-add the marked lines ? 
================================================

These two lines do the following:

When a user comes to the wiki and uses the temporary password
- which he/she could have only received via the stored e-mail address -
- this in consequence is to be regarded as an implicit confirmation of the
stored e-mail address.

then, with the two lines, the address is also confirmed for convenience.

Therefore I propose to add these lines again (which were introduced in december
2004 -within my now superseded "EAuthent" method-), which are compatible with
Brion's new EConfirm method)

Remark:
I recommend to rename globally all variables "EmailAuthenticated" (and
derivates) to "EmailConfirmed" to avoid any developers' confusion in future
versions. 
This has been apparently forgotten, when Brion has changed to the new method.
The current variables "MailAuthenticated" in CVS have nothing to any longer with
"EAuthent" but refer to "EConfirm", therefore I propose to reflect this change
in this variable names as well.


Wikinaut Tom

Test suite for this patch:
- Log in as user x
- store a valid e-mail address into preferences
- (do not use the email address confirmation token, which is now sent to you,
and do not request one)
- logout as user x
- on the login screen, enter username "x"
- click onto "mail me a temporary password"
- (receive a temp. password via mail address of step 2)
- re-login as user x using the temporary password

- in user preference, your email address is now marked as confirmed on ...
(date) ... (time)
which proves that the patch works.


===================================================================
RCS file: /home/cvsenv/root//phase3/includes/User.php,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147
--- phase3/includes/User.php	2005/05/23 20:53:46	1.146
+++ phase3/includes/User.php	2005/05/24 04:28:00	1.147
@@ -1306,17 +1306,6 @@ class User {
 		if ( 0 == strcmp( $ep, $this->mPassword ) ) {
 			return true;
 		} elseif ( ($this->mNewpassword != '') && (0 == strcmp( $ep,
$this->mNewpassword )) ) {
+                       $this->mEmailAuthenticated = wfTimestampNow();
+			$this->saveSettings();
 			return true;
 		} elseif ( function_exists( 'iconv' ) ) {
 			# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be
converted
Comment 1 Brion Vibber 2006-12-13 23:33:26 UTC
Fixed in r18319.

I also moved the check into the login form logic alongside things like on-demand
account creation from authentication plugin external data, since I wasn't too
happy about silent actions in a password checker function.
Comment 2 Brion Vibber 2006-12-18 04:33:46 UTC
*** Bug 8289 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links