Reclaiming a lost account on a private wiki: impossible

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Reclaiming a lost account on a private wiki: impossible

Svip
http://wiki.dikurevy.dk/Speciel:PasswordReset?uselang=en

Seriously?

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Huib Laurens
make the wiki less private for a second, request the password and voila


2011/8/16 Svip <[hidden email]>

> http://wiki.dikurevy.dk/Speciel:PasswordReset?uselang=en
>
> Seriously?
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
Kind regards,

Huib Laurens
WickedWay.nl

Webhosting the wicked way.
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Svip
On 16 August 2011 12:47, Huib Laurens <[hidden email]> wrote:

> make the wiki less private for a second, request the password and voila

Assume that it is a company or community wiki that people are invited
into.  That means several accounts will be using the wiki and an
administrator may not always be available to make it less private for
a moment.  It is not *my* account that is lost, it is another one's.
Perhaps allow sysops to request passwordresets for other users?

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Bryan Tong Minh
In reply to this post by Svip
On Tue, Aug 16, 2011 at 12:45 PM, Svip <[hidden email]> wrote:
> http://wiki.dikurevy.dk/Speciel:PasswordReset?uselang=en
>
> Seriously?
>
You should put Special:PasswordReset in $wgWhiteListSomething.


Bryan

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Roan Kattouw-2
On Tue, Aug 16, 2011 at 12:52 PM, Bryan Tong Minh
<[hidden email]> wrote:
> You should put Special:PasswordReset in $wgWhiteListSomething.
>
https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgWhitelistRead

Roan Kattouw (Catrope)

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Casey Brown-5
In reply to this post by Bryan Tong Minh
On Tue, Aug 16, 2011 at 6:52 AM, Bryan Tong Minh
<[hidden email]> wrote:
> You should put Special:PasswordReset in $wgWhiteListSomething.
>

Shouldn't that be there by default like Special:UserLogin? Svip has a
valid point. If they forgot their password, they wouldn't be able to
login to request a new one.

--
Casey Brown
Cbrown1023

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Reclaiming a lost account on a private wiki: impossible

Thomas Gries
Am 16.08.2011 16:20, schrieb Casey Brown:
> On Tue, Aug 16, 2011 at 6:52 AM, Bryan Tong Minh
> <[hidden email]> wrote:
>> You should put Special:PasswordReset in $wgWhiteListSomething.
>>
> Shouldn't that be there by default like Special:UserLogin? Svip has a
> valid point. If they forgot their password, they wouldn't be able to
> login to request a new one.
>
Another related solution (needs a tiny core code change
http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/SpecialPasswordReset.php?revision=93075&view=markup
)

Patch to make SpecialPasswordReset only available to groups
with a (new) minimum right "special-passwordreset-access"

It can be done in a small extension, but why not making it part of the
core ? -

# add a new user right
$wgAvailableRights[] = 'special-passwordreset-access';

# disallow all to access SpecialPasswordReset
$wgGroupPermissions['*']['special-passwordreset-access'] = false;

# but allow admins to access SpecialPasswordReset
$wgGroupPermissions['sysop']['special-passwordreset-access'] = true;


change in
http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/SpecialPasswordReset.php
    parent::__construct('PasswordReset');
to
    parent::__construct('PasswordReset', 'special-passwordreset-access');



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l