Last modified: 2007-04-30 18:48:54 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8394, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 6394 - Create account "by e-mail" requires password
Create account "by e-mail" requires password
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
ConfirmEdit (CAPTCHA extension) (Other open bugs)
unspecified
All All
: Normal normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
http://commons.wikimedia.org/w/index....
:
: 8219 9727 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-21 16:16 UTC by Raimond Spekking
Modified: 2007-04-30 18:48 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Proposed patch to test correctly empty password (478 bytes, patch)
2006-12-12 11:55 UTC, Luís Sousa
Details

Description Raimond Spekking 2006-06-21 16:16:11 UTC
By call of
http://commons.wikimedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=signup
 there appears an extra button "by e-mail" (only as an already logged in user).
As I understand the function, an account will created with the entered username
and a system-generated password is send to the entered e-mail-adress.

But the fields "Password" and "Retype password" are mandatory fields. That seems
to be not logical if a password will be generated by the system. By testing
today I generated an account on de.WP "Raymond1", see
http://de.wikipedia.org/w/index.php?title=Spezial:Log&user=Raymond (15:31, 21.
Jun 2006)
Comment 1 Leon Weber 2006-06-21 16:20:45 UTC
I'd like to now what that feature should do; the function names sound like what
raymond described, but the way it workes doesn't giv e me any clue. Does
somebody know that? Who added that feature?
Comment 2 Jimmy Collins 2006-09-19 13:35:38 UTC
For me it seems to be a feature/bug of the Confirm Edit extension.
Comment 3 Brion Vibber 2006-12-11 20:22:42 UTC
*** Bug 8219 has been marked as a duplicate of this bug. ***
Comment 4 Luís Sousa 2006-12-12 10:16:03 UTC
I'm the user on IRC that Ral315 mentions on #8219.

The idea is that sysop can create an account without password (that's why
password is blank on form) and it'll be e-mailed to user without the knowledge
of sysop.

I'll try to dig into the code to discover what could be the problem. If someone
has some idea please post it here.
Comment 5 Luís Sousa 2006-12-12 11:55:27 UTC
Created attachment 2850 [details]
Proposed patch to test correctly empty password

Using this patch started to work as described on bug 8219
Comment 6 Luís Sousa 2006-12-12 12:03:45 UTC
(In reply to comment #5)
> Created an attachment (id=2850) [edit]
> Proposed patch to test correctly empty password
> 
> Using this patch started to work as described on bug 8219

For version 1.6.8
Comment 7 Rob Church 2006-12-12 16:47:47 UTC
Please provide patches against SVN trunk, HEAD revision.
Comment 8 Brion Vibber 2006-12-13 08:15:37 UTC
Patch is clearly wrong; it simply rejects passwords at the specified
minimum length instead of shorter than the minimum length at account
creation time.

For instance, if the minimum is 8-character passwords, with this patch
you could not set an 8-character password, but would need at least 9
characters.
Comment 9 Brion Vibber 2006-12-13 09:02:56 UTC
Fixed in r18307

Now nullifies the initial password so account can't be logged in with the
initial (eg blank) pass,
so can't log in until the mailed temp pass is used.
Comment 10 Brion Vibber 2007-04-30 18:48:54 UTC
*** Bug 9727 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links