Le 16 févr. 2012 à 20:51, Bináris a écrit :
2012/2/16 Nicolas Brouard INED brouard@ined.fr
For people having multiple usernames (pseudos) with the same e-mail but different passwords for each, a better patch could be to test the password entered and to link with the unique username. But I am not an expert in mediawiki and php and don't know how to get the password within the function idFromName.
This is an important point. For example, I have 3 bot accounts that all have my e-mail for practical reasons. I wouldn't be happy with logging in as one of them. :-)
For bot accounts, you can and should still log using a specific bot username.
There is no ambiguity in the proposed patch, it checks if the username (user_name field) exists and if yes it checks the corresponding password. It is only when the username doesn't exist that it checks if a user_email exists. If a user_email exists it could be an array of user_id and instead of returning the first element of this array (and hoping that the password entered will match this ID) we could propose a better algorithm.
That is the reason why I say that this simple patch works in most cases (90 %? A simulation could be done with the Wikipedia dbs): if you are not authenticated using an e-mail and password to the username you wanted, you need to enter the standard way i.e with username and same password.
Regards,
-- Nicolas