patch for User.php: login with temp.password also indicates that the e-mail address is valid
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Wikinaut
	May 28 2005, 7:29 AM

Description

Tim has recently removed an outdated part in User.php.
(I first agreed to him with that but found now, that I was wrong in agreeing).

Please can a developer re-add the marked lines ?

These two lines do the following:

When a user comes to the wiki and uses the temporary password

which he/she could have only received via the stored e-mail address -
this in consequence is to be regarded as an implicit confirmation of the

stored e-mail address.

then, with the two lines, the address is also confirmed for convenience.

Therefore I propose to add these lines again (which were introduced in december
2004 -within my now superseded "EAuthent" method-), which are compatible with
Brion's new EConfirm method)

Remark:
I recommend to rename globally all variables "EmailAuthenticated" (and
derivates) to "EmailConfirmed" to avoid any developers' confusion in future
versions.
This has been apparently forgotten, when Brion has changed to the new method.
The current variables "MailAuthenticated" in CVS have nothing to any longer with
"EAuthent" but refer to "EConfirm", therefore I propose to reflect this change
in this variable names as well.

Wikinaut Tom

Test suite for this patch:

Log in as user x
store a valid e-mail address into preferences
(do not use the email address confirmation token, which is now sent to you,

and do not request one)

logout as user x
on the login screen, enter username "x"
click onto "mail me a temporary password"
(receive a temp. password via mail address of step 2)
re-login as user x using the temporary password

in user preference, your email address is now marked as confirmed on ...

(date) ... (time)
which proves that the patch works.

RCS file: /home/cvsenv/root//phase3/includes/User.php,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147

phase3/includes/User.php 2005/05/23 20:53:46 1.146

+++ phase3/includes/User.php 2005/05/24 04:28:00 1.147
@@ -1306,17 +1306,6 @@ class User {

		if ( 0 == strcmp( $ep, $this->mPassword ) ) {
			return true;
		} elseif ( ($this->mNewpassword != '') && (0 == strcmp( $ep,

$this->mNewpassword )) ) {
+ $this->mEmailAuthenticated = wfTimestampNow();
+ $this->saveSettings();

			return true;
		} elseif ( function_exists( 'iconv' ) ) {
			# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be

converted

Version: 1.5.x
Severity: normal

Details

Reference: bz2259

Related Objects
Search...

Status	Assigned	Task
Resolved	None	T4259 patch for User.php: login with temp.password also indicates that the e-mail address is valid
Resolved	Wikinaut	T2866 EConfirm (EC): e-mail address confirmation by sending a link comprising a token to the unconfirmed mailaddress
Declined	None	T3855 waste through varchar in database- use CHAR not DATETIME
Declined	None	T2840 introducing user_rights for Enotif: isAllowedToReceiveEnotifsFor.....
Resolved	None	T2767 User and group rights management (tracking)
Declined	None	T3928 Special pages for sysops and bureaucrats not accessible
Declined	Aklapper	T4035 User/Group control on a per document basis
Resolved	None	T4046 PHP Fatal error: Cannot re-assign $this in includes/Group.php on line 55 (PHP5)
Resolved	None	T4161 discrepancy between "Showing below up to NNNN results starting with #1." and displayed list
Resolved	None	T4498 Redundancies in user group rights
Resolved	hashar	T2773 Interface for assigning default user rights
Resolved	hashar	T2770 ugr: Special:Listusers need to be enhanced
Resolved	hashar	T2768 user_groups table fields doesnt use prefix
Resolved	None	T2604 Installer support for database field prefixes
Resolved	None	T2769 OutputPage::permissionRequired() should suggest groups with the needed permission
Resolved	hashar	T2857 [[Special:Listadmins]] is blank in 1.4
Resolved	hashar	T2858 Allow admins to add users to a group but not to change the group settings
Resolved	hashar	T2873 ugr: better handling of "createaccount" action
Resolved	hashar	T2913 CVS Skin Nostalgia crashes in current CVS 1.5
Resolved	None	T2968 New install or upgrade does not populate user_groups table; installed sysop is missing rights
Resolved	None	T2996 $wgWhitelist* variables no longer have any apparent effect.
Resolved	hashar	T3318 Some method to display the rights of a given user
Resolved	None	T2952 table user got new columns user_email_confirmed, user_email_token, user_email_token_expires
Declined	Wikinaut	T2959 Check email addresses before storing in database for compliance with RFC 2822

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 8:31 PM

• bzimport added a project: MediaWiki-User-login-and-signup.

• bzimport set Reference to bz2259.

• bzimport added a subscriber: Unknown Object (MLST).

Wikinaut created this task.May 28 2005, 7:29 AM

Fixed in r18319.

I also moved the check into the login form logic alongside things like on-demand
account creation from authentication plugin external data, since I wasn't too
happy about silent actions in a password checker function.

Bug 8289 has been marked as a duplicate of this bug. ***

patch for User.php: login with temp.password also indicates that the e-mail address is validClosed, ResolvedPublicActions