Last modified: 2010-05-15 15:37:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T4126, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 2126 - Unable to set new password after using emailed password (= temporary password can only be used once)
Unable to set new password after using emailed password (= temporary password...
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.5.x
All All
: Normal major with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
http://test.leuksman.com/index.php/Sp...
:
Depends on:
Blocks: 1002
  Show dependency treegraph
 
Reported: 2005-05-09 21:08 UTC by lɛʁi לערי ריינהארט
Modified: 2010-05-15 15:37 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description lɛʁi לערי ריינהארט 2005-05-09 21:08:46 UTC
Hi!

Imagine this scenario: You forgot your password and activate: "Mail me a new
password".

You are not able to assigne a new password. NEIGHER by letting "Old password"
empty NOR using the password received by e-mail. (message: The password you
entered is incorrect. Please try again.)

This failed at
- http://test.leuksman.com/index.php/Special:Userlogin
- http://jadesukka.homelinux.org:8180/betawiki/Special:Userlogin

IT WORKED at http://en.wikipedia.org/wiki/Special:Userlogin (using the e-mailed
password as "Old password").

Kind regards Reinhardt [[user:gangleri]]
Comment 1 JeLuF 2005-05-23 15:53:40 UTC
You can't change the password at Special:Userlogin, go to Special:Preferences to
change your password.
Comment 2 Zigger 2005-05-23 15:58:11 UTC
(In reply to comment #1)
Special:Preferences needs the old password, which is no longer valid after login.
Comment 3 Anders Wegge Jakobsen 2005-05-23 16:00:41 UTC
(In reply to comment #1)
> You can't change the password at Special:Userlogin, go to Special:Preferences to
> change your password.

I think Reihardt is referring to the place where the new password is mailed from.

I can confirm the description. The problem is that in order to change the
password in Special:Preferences, the old password must be given. In this case,
the old password is neither blank, nor the one received by mail. It's the one
that was forgotten.
Comment 4 T. Gries 2005-05-23 20:14:58 UTC
hello all.
here the solution.

In /includes/User.php
function checkpassword()
please comment out the marked line:

			# use the temporary one-time password only once: clear it now !
####			$this->mNewpassword = '';    caused bugzilla 2126 - preventing the re-use
of temp passw
                        $this->saveSettings();


I have introduced the clearance of the temporary password, so that it can be
only used once, but overlooked the side effect which is now reported (that
nobody can use the temp password for a second time, in order to _change_ or set
a new password.)

So, please can someome of the developers comment the one line ?

I think, my basic idea to allow ONLY ONE login with the temporary password was
not bad (but admittedly, it caused the problems mentioned in this bugzilla)

Wikinaut Tom
-- http://meta.wikipedia.org/wiki/Enotif 
Comment 5 T. Gries 2005-05-23 20:42:36 UTC
(amended the title to cover an additional aspect, which was also the reason for
the problem)
Comment 6 Anders Wegge Jakobsen 2005-05-23 20:54:56 UTC
(In reply to comment #4)
> hello all.
> here the solution.
> 
> In /includes/User.php
> function checkpassword()
> please comment out the marked line:

Fixed in CVS, please provide a proper patch to address this.
Comment 7 T. Gries 2005-05-23 20:57:47 UTC
> Fixed in CVS, please provide a proper patch to address this.
"costs extra"

Comment 8 Anders Wegge Jakobsen 2005-05-23 21:01:04 UTC
(In reply to comment #7)
> > Fixed in CVS, please provide a proper patch to address this.
> "costs extra"

We all live to serve :-) What I requested was a patch that adresses this
problem, and does something sensible to correct the problem. I do not need a
patch to place a # at the correct place.
Comment 9 Brion Vibber 2005-06-22 07:38:51 UTC
Seems to work fine, currently.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links