wikimedia/mediawiki-extensions-ConfirmEdit
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit synced 2024-11-24 16:24:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert broken rewrite of login system; totally broken.

Browse source 
* Login doesn't attach to session properly, so can't stay logged in!
* Password field shown in plaintext!

If it just DOESN'T WORK please keep it on a work branch, don't put it in trunk!

Reverted:
r56682
r56683
r56684
r56686
r56688
r56696
r56699
r56702
r56703
r56704
r56782
r56896
This commit is contained in:
Brion Vibber 2009-09-26 00:49:32 +00:00
parent aa124c43c0
commit 61d0788893
1 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
ConfirmEdit_body.php
View file

@ -39,8 +39,8 @@ class ConfirmEditHooks {
return self::getInstance()->triggerUserLogin( $user, $password, $retval );
}
static function injectUserLogin( &$sp ) {
return self::getInstance()->injectUserLogin( $sp );
static function injectUserLogin( &$template ) {
return self::getInstance()->injectUserLogin( $template );
}
static function confirmUserLogin( $u, $pass, &$retval ) {
@ -144,19 +144,18 @@ class SimpleCaptcha {
* @param SimpleTemplate $template
* @return bool true to keep running callbacks
*/
function injectUserCreate( &$sp ) {
function injectUserCreate( &$template ) {
global $wgCaptchaTriggers, $wgOut, $wgUser;
if ( $wgCaptchaTriggers['createaccount'] ) {
if ( $wgUser->isAllowed( 'skipcaptcha' ) ) {
wfDebug( "ConfirmEdit: user group allows skipping captcha on account creation\n" );
return true;
}
$sp->addFormHeader(
$template->set( 'header',
"<div class='captcha'>" .
$wgOut->parse( $this->getMessage( 'createaccount' ) ) .
$this->getForm() .
"</div>\n"
);
"</div>\n" );
}
return true;
}
@ -164,18 +163,18 @@ class SimpleCaptcha {
/**
* Inject a captcha into the user login form after a failed
* password attempt as a speedbump for mass attacks.
* @fixme if multiple thingies insert a header, could break
* @param SimpleTemplate $template
* @return bool true to keep running callbacks
*/
function injectUserLogin( &$sp ) {
function injectUserLogin( &$template ) {
if ( $this->isBadLoginTriggered() ) {
global $wgOut;
$sp->addFormHeader(
$template->set( 'header',
"<div class='captcha'>" .
$wgOut->parse( $this->getMessage( 'badlogin' ) ) .
$this->getForm() .
"</div>\n"
);
"</div>\n" );
}
return true;
}
@ -191,7 +190,7 @@ class SimpleCaptcha {
*/
function triggerUserLogin( $user, $password, $retval ) {
global $wgCaptchaTriggers, $wgCaptchaBadLoginExpiration, $wgMemc;
if ( $retval == Login::WRONG_PASS && $wgCaptchaTriggers['badlogin'] ) {
if ( $retval == LoginForm::WRONG_PASS && $wgCaptchaTriggers['badlogin'] ) {
$key = $this->badLoginKey();
$count = $wgMemc->get( $key );
if ( !$count ) {
@ -558,7 +557,7 @@ class SimpleCaptcha {
if ( !$this->passCaptcha() ) {
$message = wfMsg( 'captcha-badlogin-fail' );
// Emulate a bad-password return to confuse the shit out of attackers
$retval = Login::WRONG_PASS;
$retval = LoginForm::WRONG_PASS;
return false;
}
}