check protocol in Special:UserLogin
Closed, ResolvedPublic

Description

With the new 1.18 version, the magic word {{SERVER}} don't allow anymore to check protocol (http or https).

But there is one place where it is needed : in [[MediaWiki:Loginend]], system message used in [[Special:Connexion]]. We have to check the protocol to provide the good message permitting to the user to go to "the other" protocol.

It appears that it is not possible with magic words/wikitext, and it is not possible either to "patch" with a javascript feature as JS is disabled in [[Special:Connexion]].

The only solution I've found is to check the protocol in PHP, and provide the system message [[MediaWiki:Loginend]] or [[MediaWiki:Loginend-secure]] (to be created) depending on the result.

The file to update is /includes/templates/Userlogin.php. The class "UserloginTemplate extends QuickTemplate", near the end, the folowing line :

<div id="loginend"><?php $this->msgWiki( 'loginend' ); ?></div>

have to be replaced by something like that :

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

I don-t know exacty how to perform the ($PROTOCOL=="https") test, I assume that you'll get a solution...


Version: unspecified
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz31293.
Dr_Brains created this task.Via LegacyOct 1 2011, 12:12 PM
Dr_Brains added a comment.Via ConduitOct 1 2011, 12:18 PM

Oups...

[[Special:Connexion]] is the french version of [[Special:UserLogin]].

TheDJ added a comment.Via ConduitOct 1 2011, 9:53 PM

I like this solution. avoids introducing new keywords, which we would not want.

TheDJ added a comment.Via ConduitOct 2 2011, 8:21 PM

r98708

Catrope added a comment.Via ConduitOct 2 2011, 8:22 PM

(In reply to comment #0)

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

Did this in r98707, thanks for the suggestion. I went with loginend-https instead of loginend-secure, though, and made it fall back to loginend if loginend-https doesn't exist.

Catrope added a comment.Via ConduitOct 2 2011, 8:23 PM

And as pointed out by Derk-Jan, this fix is live on the cluster already.

Dr_Brains added a comment.Via ConduitOct 2 2011, 8:37 PM

It is not used (yet) in french Wikipedia, but perhaps the same change could be done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign up" form (same php file, 2nd class)) ?

Dr_Brains added a comment.Via ConduitOct 2 2011, 8:39 PM

(And thank you for the quick answer for "loginend")

Catrope added a comment.Via ConduitOct 2 2011, 9:08 PM

(In reply to comment #6)

It is not used (yet) in french Wikipedia, but perhaps the same change could be
done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign
up" form (same php file, 2nd class)) ?

Good point. Done in r98718.

bzimport added a comment.Via ConduitOct 3 2011, 4:23 PM

i.am.putnik wrote:

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Catrope added a comment.Via ConduitOct 3 2011, 4:30 PM

(In reply to comment #9)

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Whoooops. I swear a previous incarnation of my code did have that. Fixed in r98774 and deployed.

bzimport added a comment.Via ConduitOct 3 2011, 6:20 PM

i.am.putnik wrote:

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

bzimport added a comment.Via ConduitOct 3 2011, 6:31 PM

i.am.putnik wrote:

Sorry, better example link: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin?uselang=ru

  • "Обычная авторизация" (bold - selected) - basic auth
  • "Безопасная авторизация" (unselected) - secure auth
Catrope added a comment.Via ConduitOct 3 2011, 9:36 PM

(In reply to comment #11)

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

This is fixed now.

Add Comment