Last modified: 2011-10-03 21:36:04 UTC
With the new 1.18 version, the magic word {{SERVER}} don't allow anymore to check protocol (http or https). But there is one place where it is needed : in [[MediaWiki:Loginend]], system message used in [[Special:Connexion]]. We have to check the protocol to provide the good message permitting to the user to go to "the other" protocol. It appears that it is not possible with magic words/wikitext, and it is not possible either to "patch" with a javascript feature as JS is disabled in [[Special:Connexion]]. The only solution I've found is to check the protocol in PHP, and provide the system message [[MediaWiki:Loginend]] or [[MediaWiki:Loginend-secure]] (to be created) depending on the result. The file to update is /includes/templates/Userlogin.php. The class "UserloginTemplate extends QuickTemplate", near the end, the folowing line : <div id="loginend"><?php $this->msgWiki( 'loginend' ); ?></div> have to be replaced by something like that : <div id="loginend"><?php if($PROTOCOL=="https"){ $this->msgWiki( 'loginend-secure' ); }else{ $this->msgWiki( 'loginend' ); } ?></div> I don-t know exacty how to perform the ($PROTOCOL=="https") test, I assume that you'll get a solution...
Oups... [[Special:Connexion]] is the french version of [[Special:UserLogin]].
I like this solution. avoids introducing new keywords, which we would not want.
r98708
(In reply to comment #0) > <div id="loginend"><?php > if($PROTOCOL=="https"){ > $this->msgWiki( 'loginend-secure' ); > }else{ > $this->msgWiki( 'loginend' ); > } > ?></div> > Did this in r98707, thanks for the suggestion. I went with loginend-https instead of loginend-secure, though, and made it fall back to loginend if loginend-https doesn't exist.
And as pointed out by Derk-Jan, this fix is live on the cluster already.
It is not used (yet) in french Wikipedia, but perhaps the same change could be done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign up" form (same php file, 2nd class)) ?
(And thank you for the quick answer for "loginend")
(In reply to comment #6) > It is not used (yet) in french Wikipedia, but perhaps the same change could be > done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign > up" form (same php file, 2nd class)) ? Good point. Done in r98718.
You wrote: $usingHTTPS = WebRequest::detectProtocol(); and next if ( $usingHTTPS && ...) { ... } I think you mean: $usingHTTPS = WebRequest::detectProtocol() == 'https'; Now always shows loginend-https.
(In reply to comment #9) > You wrote: > $usingHTTPS = WebRequest::detectProtocol(); > and next > if ( $usingHTTPS && ...) { ... } > > I think you mean: > $usingHTTPS = WebRequest::detectProtocol() == 'https'; > > Now always shows loginend-https. Whoooops. I swear a previous incarnation of my code did have that. Fixed in r98774 and deployed.
One more problem: https://secure.wikimedia.org/ shows that it's unsecure. Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin
Sorry, better example link: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin?uselang=ru * "Обычная авторизация" (bold - selected) - basic auth * "Безопасная авторизация" (unselected) - secure auth
(In reply to comment #11) > One more problem: https://secure.wikimedia.org/ shows that it's unsecure. > Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin This is fixed now.
