Page MenuHomePhabricator
Create Task
Maniphest T33293

check protocol in Special:UserLogin
Closed, ResolvedPublic
Actions

Description

With the new 1.18 version, the magic word {{SERVER}} don't allow anymore to check protocol (http or https).

But there is one place where it is needed : in [[MediaWiki:Loginend]], system message used in [[Special:Connexion]]. We have to check the protocol to provide the good message permitting to the user to go to "the other" protocol.

It appears that it is not possible with magic words/wikitext, and it is not possible either to "patch" with a javascript feature as JS is disabled in [[Special:Connexion]].

The only solution I've found is to check the protocol in PHP, and provide the system message [[MediaWiki:Loginend]] or [[MediaWiki:Loginend-secure]] (to be created) depending on the result.

The file to update is /includes/templates/Userlogin.php. The class "UserloginTemplate extends QuickTemplate", near the end, the folowing line :

<div id="loginend"><?php $this->msgWiki( 'loginend' ); ?></div>

have to be replaced by something like that :

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

I don-t know exacty how to perform the ($PROTOCOL=="https") test, I assume that you'll get a solution...

Version: unspecified
Severity: normal

Details

Reference
bz31293

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:51 PM
bzimport added a project: MediaWiki-Special-pages.
bzimport set Reference to bz31293.
bzimport added a subscriber: Unknown Object (MLST).
Dr_Brains created this task.Oct 1 2011, 12:12 PM
Dr_Brains added a comment.Oct 1 2011, 12:18 PM

Oups...

[[Special:Connexion]] is the french version of [[Special:UserLogin]].

TheDJ added a comment.Oct 1 2011, 9:53 PM

I like this solution. avoids introducing new keywords, which we would not want.

TheDJ added a comment.Oct 2 2011, 8:21 PM

r98708

Catrope added a comment.Oct 2 2011, 8:22 PM

(In reply to comment #0)

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

Did this in r98707, thanks for the suggestion. I went with loginend-https instead of loginend-secure, though, and made it fall back to loginend if loginend-https doesn't exist.

Catrope added a comment.Oct 2 2011, 8:23 PM

And as pointed out by Derk-Jan, this fix is live on the cluster already.

Dr_Brains added a comment.Oct 2 2011, 8:37 PM

It is not used (yet) in french Wikipedia, but perhaps the same change could be done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign up" form (same php file, 2nd class)) ?

Dr_Brains added a comment.Oct 2 2011, 8:39 PM

(And thank you for the quick answer for "loginend")

Catrope added a comment.Oct 2 2011, 9:08 PM

(In reply to comment #6)

It is not used (yet) in french Wikipedia, but perhaps the same change could be
done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign
up" form (same php file, 2nd class)) ?

Good point. Done in r98718.

bzimport added a comment.Oct 3 2011, 4:23 PM

i.am.putnik wrote:

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Catrope added a comment.Oct 3 2011, 4:30 PM

(In reply to comment #9)

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Whoooops. I swear a previous incarnation of my code did have that. Fixed in r98774 and deployed.

bzimport added a comment.Oct 3 2011, 6:20 PM

i.am.putnik wrote:

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

bzimport added a comment.Oct 3 2011, 6:31 PM

i.am.putnik wrote:

Sorry, better example link: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin?uselang=ru

  • "Обычная авторизация" (bold - selected) - basic auth
  • "Безопасная авторизация" (unselected) - secure auth
Catrope added a comment.Oct 3 2011, 9:36 PM

(In reply to comment #11)

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

This is fixed now.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits