Le 16 févr. 2012 à 22:26, Platonides a écrit :
> On 16/02/12 09:51, Nicolas Brouard INED wrote:
>> Thanks to Platonides for his comment and also to Olivier (the author of the Realnames extension) who told me to forward the following patch to wikitech-l (which I just subscribed to) for advices, comments and critics.
>>
>> I was just wondering if this small patch in User.php (function idFromName) was enough in most cases:
>>
>> $dbr = wfGetDB( DB_SLAVE );
>> $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
>>
>> if ( $s === false ) {
>> //Start Patch $result = null;
>> $stwo = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_email' => $nt->getText() ), __METHOD__ );
>> if ( $stwo === false ) {
>> $result = null;
>> }else {
>> $result = $stwo->user_id;
>> }
>> //End patch
>> } else {
>> $result = $s->user_id;
>> }
>
> This is only patching User::idFromName(), which won't be enough.
Sorry, could you detail why it won't be enough!
> You could well be storing the email instead of the username in the page
> history.
I was probably not clear enough: I don't want the email in the page history. Also the Realnames extension (quoted above) is trying to do what you seem suggesting but it is a complex extension which did not work on 1.18 for example.
The proposed patch is also a solution which manages the transition for Wikipedians. Having an authentication with e-mail only is brutal and won't be understood. I like the possibility of having both option with a priority to username for performance also.
But allowing new authors from Arabic or Asian (or Russian or ...) countries (with non Roman characters) to sign new articles in their own language with their own standard, not transliterated, signature will be appreciated if they also have an easy way to authenticate on an English keyboard (pad, smartphone etc.).
> As I said, you should fix it in SpecialUserlogin.php.
What should I fix? Is there something wrong in the proposed patch?
>
>> Then, just try to enter your e-mail on a standard wiki in place of your username and you will be authenticated to the first ID (and user_name) having your e-mail.
>>
>> The importance of e-mails as a simple way to authenticate on modern sites can't be ignored.
>
> It can also expose the fact that someone is registered there with that
> email address.
I don't understand what you mean and if someone has already entered an email for a username what is the problem?
> In the patch provided, it would also happily show under some
> circunstances the username associated to an email (not a problem for the
> internal wiki of a company, where everybody know each other's mail, an
> issue for public wikis out there).
That is the reason why I was asking this mailing list. But, as I said in a previous and detailed answer to Bergi, the patch is very short (a single "if") and thus consequences are not tremendous.
We made some tests on various wikis, and we haven't found yet any circumstance where the username associated to an email is displayed:
- it can't happen when the authentication works;
- the only situation that I have found is when you are asking for a new password: then the username associated with the email entered (in place of the username) is displayed in the received email, but it is not a security issue because you are the only person to read your email.
>
>> If you want to enter your standard username for authentication you can do it too.
>>
>> But if your username is not a Roman but an Arabic, Thai, Japanese etc. username or even a French username with accents and if you decided to have authorship recognized in your own language and not only in a English transliterated way, you can also do it with as standard mediawiki installation. But if you are working with somebody who has an English keyboard only, the copy-paste of your Unicode username may be tedious and you would prefer to enter your e-mail address.
>>
>> The modified Login form could be:
>>
>> Username (or e-mail address): |___________________|
>> Password: |___________________|
>
> Changing the text displayed there is trivial (edit MediaWiki:yourname).
It seems that MediaWiki:Yourname is deprecated. The "(or e-mail address)" sentence must be translated too in all languages (more than 15 for Demopaedia). But I think that it is no a problem neither for us nor for Wikipedia.
Thanks for your comments,
-Nicolas