check protocol in Special:UserLogin
Closed, ResolvedPublic

Description

With the new 1.18 version, the magic word {{SERVER}} don't allow anymore to check protocol (http or https).

But there is one place where it is needed : in [[MediaWiki:Loginend]], system message used in [[Special:Connexion]]. We have to check the protocol to provide the good message permitting to the user to go to "the other" protocol.

It appears that it is not possible with magic words/wikitext, and it is not possible either to "patch" with a javascript feature as JS is disabled in [[Special:Connexion]].

The only solution I've found is to check the protocol in PHP, and provide the system message [[MediaWiki:Loginend]] or [[MediaWiki:Loginend-secure]] (to be created) depending on the result.

The file to update is /includes/templates/Userlogin.php. The class "UserloginTemplate extends QuickTemplate", near the end, the folowing line :

<div id="loginend"><?php $this->msgWiki( 'loginend' ); ?></div>

have to be replaced by something like that :

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

I don-t know exacty how to perform the ($PROTOCOL=="https") test, I assume that you'll get a solution...


Version: unspecified
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz31293.
Dr_Brains created this task.Via LegacyOct 1 2011, 12:12 PM
Dr_Brains added a comment.Via ConduitOct 1 2011, 12:18 PM

Oups...

[[Special:Connexion]] is the french version of [[Special:UserLogin]].

TheDJ added a comment.Via ConduitOct 1 2011, 9:53 PM

I like this solution. avoids introducing new keywords, which we would not want.

TheDJ added a comment.Via ConduitOct 2 2011, 8:21 PM

r98708

Catrope added a comment.Via ConduitOct 2 2011, 8:22 PM

(In reply to comment #0)

<div id="loginend"><?php
if($PROTOCOL=="https"){

$this->msgWiki( 'loginend-secure' );

}else{

$this->msgWiki( 'loginend' );

}
?></div>

Did this in r98707, thanks for the suggestion. I went with loginend-https instead of loginend-secure, though, and made it fall back to loginend if loginend-https doesn't exist.

Catrope added a comment.Via ConduitOct 2 2011, 8:23 PM

And as pointed out by Derk-Jan, this fix is live on the cluster already.

Dr_Brains added a comment.Via ConduitOct 2 2011, 8:37 PM

It is not used (yet) in french Wikipedia, but perhaps the same change could be done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign up" form (same php file, 2nd class)) ?

Dr_Brains added a comment.Via ConduitOct 2 2011, 8:39 PM

(And thank you for the quick answer for "loginend")

Catrope added a comment.Via ConduitOct 2 2011, 9:08 PM

(In reply to comment #6)

It is not used (yet) in french Wikipedia, but perhaps the same change could be
done with [[Mediawiki:signupend]] (used in [[Special:UserLogin]] with the "sign
up" form (same php file, 2nd class)) ?

Good point. Done in r98718.

bzimport added a comment.Via ConduitOct 3 2011, 4:23 PM

i.am.putnik wrote:

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Catrope added a comment.Via ConduitOct 3 2011, 4:30 PM

(In reply to comment #9)

You wrote:
$usingHTTPS = WebRequest::detectProtocol();
and next
if ( $usingHTTPS && ...) { ... }

I think you mean:
$usingHTTPS = WebRequest::detectProtocol() == 'https';

Now always shows loginend-https.

Whoooops. I swear a previous incarnation of my code did have that. Fixed in r98774 and deployed.

bzimport added a comment.Via ConduitOct 3 2011, 6:20 PM

i.am.putnik wrote:

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

bzimport added a comment.Via ConduitOct 3 2011, 6:31 PM

i.am.putnik wrote:

Sorry, better example link: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin?uselang=ru

  • "Обычная авторизация" (bold - selected) - basic auth
  • "Безопасная авторизация" (unselected) - secure auth
Catrope added a comment.Via ConduitOct 3 2011, 9:36 PM

(In reply to comment #11)

One more problem: https://secure.wikimedia.org/ shows that it's unsecure.
Example: https://secure.wikimedia.org/wikipedia/ru/wiki/Special:UserLogin

This is fixed now.

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.