Last modified: 2010-05-15 15:38:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T4259, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 2259 - patch for User.php: login with temp.password also indicates that the e-mail address is valid
patch for User.php: login with temp.password also indicates that the e-mail a...
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
: 8289 (view as bug list)
Depends on: 866
  Show dependency treegraph
Reported: 2005-05-28 07:29 UTC by T. Gries
Modified: 2010-05-15 15:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description T. Gries 2005-05-28 07:29:04 UTC
Tim has recently removed an outdated part in User.php.
(I first agreed to him with that but found now, that I was wrong in agreeing).

Please can a developer re-add the marked lines ? 

These two lines do the following:

When a user comes to the wiki and uses the temporary password
- which he/she could have only received via the stored e-mail address -
- this in consequence is to be regarded as an implicit confirmation of the
stored e-mail address.

then, with the two lines, the address is also confirmed for convenience.

Therefore I propose to add these lines again (which were introduced in december
2004 -within my now superseded "EAuthent" method-), which are compatible with
Brion's new EConfirm method)

I recommend to rename globally all variables "EmailAuthenticated" (and
derivates) to "EmailConfirmed" to avoid any developers' confusion in future
This has been apparently forgotten, when Brion has changed to the new method.
The current variables "MailAuthenticated" in CVS have nothing to any longer with
"EAuthent" but refer to "EConfirm", therefore I propose to reflect this change
in this variable names as well.

Wikinaut Tom

Test suite for this patch:
- Log in as user x
- store a valid e-mail address into preferences
- (do not use the email address confirmation token, which is now sent to you,
and do not request one)
- logout as user x
- on the login screen, enter username "x"
- click onto "mail me a temporary password"
- (receive a temp. password via mail address of step 2)
- re-login as user x using the temporary password

- in user preference, your email address is now marked as confirmed on ...
(date) ... (time)
which proves that the patch works.

RCS file: /home/cvsenv/root//phase3/includes/User.php,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147
--- phase3/includes/User.php	2005/05/23 20:53:46	1.146
+++ phase3/includes/User.php	2005/05/24 04:28:00	1.147
@@ -1306,17 +1306,6 @@ class User {
 		if ( 0 == strcmp( $ep, $this->mPassword ) ) {
 			return true;
 		} elseif ( ($this->mNewpassword != '') && (0 == strcmp( $ep,
$this->mNewpassword )) ) {
+                       $this->mEmailAuthenticated = wfTimestampNow();
+			$this->saveSettings();
 			return true;
 		} elseif ( function_exists( 'iconv' ) ) {
 			# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be
Comment 1 Brion Vibber 2006-12-13 23:33:26 UTC
Fixed in r18319.

I also moved the check into the login form logic alongside things like on-demand
account creation from authentication plugin external data, since I wasn't too
happy about silent actions in a password checker function.
Comment 2 Brion Vibber 2006-12-18 04:33:46 UTC
*** Bug 8289 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.