Page MenuHomePhabricator

patch for User.php: login with temp.password also indicates that the e-mail address is valid
Closed, ResolvedPublic

Description

Tim has recently removed an outdated part in User.php.
(I first agreed to him with that but found now, that I was wrong in agreeing).

Please can a developer re-add the marked lines ?

These two lines do the following:

When a user comes to the wiki and uses the temporary password

  • which he/she could have only received via the stored e-mail address -
  • this in consequence is to be regarded as an implicit confirmation of the

stored e-mail address.

then, with the two lines, the address is also confirmed for convenience.

Therefore I propose to add these lines again (which were introduced in december
2004 -within my now superseded "EAuthent" method-), which are compatible with
Brion's new EConfirm method)

Remark:
I recommend to rename globally all variables "EmailAuthenticated" (and
derivates) to "EmailConfirmed" to avoid any developers' confusion in future
versions.
This has been apparently forgotten, when Brion has changed to the new method.
The current variables "MailAuthenticated" in CVS have nothing to any longer with
"EAuthent" but refer to "EConfirm", therefore I propose to reflect this change
in this variable names as well.

Wikinaut Tom

Test suite for this patch:

  • Log in as user x
  • store a valid e-mail address into preferences
  • (do not use the email address confirmation token, which is now sent to you,

and do not request one)

  • logout as user x
  • on the login screen, enter username "x"
  • click onto "mail me a temporary password"
  • (receive a temp. password via mail address of step 2)
  • re-login as user x using the temporary password
  • in user preference, your email address is now marked as confirmed on ...

(date) ... (time)
which proves that the patch works.

RCS file: /home/cvsenv/root//phase3/includes/User.php,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147

  • phase3/includes/User.php 2005/05/23 20:53:46 1.146

+++ phase3/includes/User.php 2005/05/24 04:28:00 1.147
@@ -1306,17 +1306,6 @@ class User {

		if ( 0 == strcmp( $ep, $this->mPassword ) ) {
			return true;
		} elseif ( ($this->mNewpassword != '') && (0 == strcmp( $ep,

$this->mNewpassword )) ) {
+ $this->mEmailAuthenticated = wfTimestampNow();
+ $this->saveSettings();

			return true;
		} elseif ( function_exists( 'iconv' ) ) {
			# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be

converted


Version: 1.5.x
Severity: normal

Details

Reference
bz2259

Related Objects

StatusAssignedTask
ResolvedNone
ResolvedWikinaut
DeclinedNone
DeclinedNone
ResolvedNone
DeclinedNone
DeclinedAklapper
ResolvedNone
ResolvedNone
ResolvedNone
Resolvedhashar
Resolvedhashar
Resolvedhashar
ResolvedNone
ResolvedNone
Resolvedhashar
Resolvedhashar
Resolvedhashar
Resolvedhashar
ResolvedNone
ResolvedNone
Resolvedhashar
ResolvedNone
DeclinedWikinaut

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 21 2014, 8:31 PM
bzimport set Reference to bz2259.
bzimport added a subscriber: Unknown Object (MLST).
Wikinaut created this task.May 28 2005, 7:29 AM

Fixed in r18319.

I also moved the check into the login form logic alongside things like on-demand
account creation from authentication plugin external data, since I wasn't too
happy about silent actions in a password checker function.

brion added a comment.Dec 18 2006, 4:33 AM
  • Bug 8289 has been marked as a duplicate of this bug. ***