Thanks to Platonides for his comment and also to Olivier (the author of the Realnames extension) who told me to forward the following patch to wikitech-l (which I just subscribed to) for advices, comments and critics.
I was just wondering if this small patch in User.php (function idFromName) was enough in most cases:
$dbr = wfGetDB( DB_SLAVE ); $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
if ( $s === false ) { //Start Patch $result = null; $stwo = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_email' => $nt->getText() ), __METHOD__ ); if ( $stwo === false ) { $result = null; }else { $result = $stwo->user_id; } //End patch } else { $result = $s->user_id; }
Then, just try to enter your e-mail on a standard wiki in place of your username and you will be authenticated to the first ID (and user_name) having your e-mail.
The importance of e-mails as a simple way to authenticate on modern sites can't be ignored.
If you want to enter your standard username for authentication you can do it too.
But if your username is not a Roman but an Arabic, Thai, Japanese etc. username or even a French username with accents and if you decided to have authorship recognized in your own language and not only in a English transliterated way, you can also do it with as standard mediawiki installation. But if you are working with somebody who has an English keyboard only, the copy-paste of your Unicode username may be tedious and you would prefer to enter your e-mail address.
The modified Login form could be:
Username (or e-mail address): |___________________| Password: |___________________|
If someone could test this patch above and report the security issues as well as performances, it could be great for us.
We are managing Demopaedia.org and are willing to open the site to professional demographers (being already subscribed to a national or international union for the scientific study of population). We will not use various LDAP authentication processes but use local standard mediawiki databases. The usual way to be authenticated is the e-mail and password, and we want to keep this option. If you look (for example) at the work of Mikael, his work is authored in Cyrillic: Михаил Денисенко on http://ru-ii.demopaedia.org/w/index.php?title=90&action=history, other Russian authors use the transliteration. It is a question of taste.
If Mikael is traveling and doesn't have a Cyrillic keyboard, he would be pleased to enter his email to authenticate. The password to be entered is the password linked with his username.
For people having multiple usernames (pseudos) with the same e-mail but different passwords for each, a better patch could be to test the password entered and to link with the unique username. But I am not an expert in mediawiki and php and don't know how to get the password within the function idFromName.
I understand that e-mails should not be revealed and the above patch satisfies this condition.
Comments, advices, critics, code are welcome.
Nicolas
Le 15 févr. 2012 à 23:57, Platonides a écrit :
On 13/02/12 19:56, Nicolas Brouard INED wrote:
Thanks John for your comment. It would mean that people logging with an email will have a default account (lowest ID with the same email or whatever rule).
For authorship Wikimedia doesn't encourage multiple account names (multiple (>3?) pseudos are blamed). And usually, for a corporate wiki you don't have multiple accounts. If you decide to change your name for any reason (divorce for example) you are supposed to have a (new) unique name. You usually can also have email aliases.
And if you want to log on a specific account name, you can copy and paste your account name (if your keyboard doesn't allow you to enter your real, not transliterated, name).
Thus, I am not sure that it is strong objection for corporate wikis at least.
PS: I am trying to understand how to have a working MyAuthPlugin.php and to get the email in authenticate but it requires time and I haven't found so many examples on the Web.
Any hint or comment is welcome.
Nicolas
I don't think you can do that with just an auth plugin. You would need to modify the SpecialUserLogin code to look for that email.
PS: What's the big issue with copy&paste or transliteration? Doesn't your users have a keyboard layout able to type *their own name*? I understand the issue when a third party needs to enter them, but eg. Russian people usually have/can switch to a cyrillic keyboard layout.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Nicolas Brouard INED brouard@ined.fr