I used install.php with --pass to set a short temporary password. After installation I could not log in, maybe because it was too short and thus invalid.
Version: 1.22.0
Severity: normal
I used install.php with --pass to set a short temporary password. After installation I could not log in, maybe because it was too short and thus invalid.
Version: 1.22.0
Severity: normal
mails2vichu wrote:
I would like to work on this.Can you please assign this bug to me.
mails2vichu wrote:
I cant find a line like that mentioned above in the file install.php
mails2vichu wrote:
Does Changing as per the instructions in User.php file can fix this bug?
Vishnu Nk: It could be helpful if you mentioned if you have successfully reproduced the problem, and to describe how a fix would look like.
mails2vichu wrote:
Sir as per mentioned above "$wgMinimalPasswordLength" was only found in the User.php file in the includes directory.
and there is a case at line number 4688 where the it has been assigned to 0.Is that the problem mentioned?
(In reply to comment #6)
line number 4688 where the it has been assigned to
It's line 4689 in git master: https://git.wikimedia.org/blob/mediawiki%2Fcore.git/HEAD/includes%2FUser.php#L4688
0.Is
I read this as "0.Is" initially - please avoid [[Klempen]].
Is that the problem mentioned?
Not sure if I understand your question, but I guess you want to use "git log" (or "blame") to investigate why == 0 was set and investigate yourself if this has something to do with this problem and test yourself a bit. :)
It is set to 1 by default. This applied by default (so afaik it should be affecting the installer as well).
includes/DefaultSettings.php
3949: $wgMinimalPasswordLength = 1;
includes/specials/SpecialUserlogin.php
336: $wgMinimalPasswordLength, $wgEmailConfirmToEdit;
425: $valid = array( $valid, $wgMinimalPasswordLength );
includes/User.php
704: global $wgMinimalPasswordLength, ..;
718: if ( strlen( $password ) < $wgMinimalPasswordLength ) {
853: $length = max( 10, $wgMinimalPasswordLength );
...
It doesn't seem to be overridden or assigned anywhere else.
What exactly is the problem? I can't find any reason why the $user->setPassword call in Installer.php would be any different from others. It triggers the same validation, same settings, and throws the same exception in case of a too short or otherwise invalid value.
Looks fixed, when running install.php with --pass=core getting:
Invalid wiki admin password: * Passwords must be at least 10 characters. * The password entered is in a list of very commonly used passwords. Please choose a more unique password.