Thanks to Platonides for his comment and also to Olivier (the author of the Realnames
extension) who told me to forward the following patch to wikitech-l (which I just
subscribed to) for advices, comments and critics.
I was just wondering if this small patch in User.php (function idFromName) was enough in
most cases:
$dbr = wfGetDB( DB_SLAVE );
$s = $dbr->selectRow( 'user', array( 'user_id' ), array(
'user_name' => $nt->getText() ), __METHOD__ );
if ( $s === false ) {
//Start Patch $result = null;
$stwo = $dbr->selectRow( 'user', array( 'user_id' ), array(
'user_email' => $nt->getText() ), __METHOD__ );
if ( $stwo === false ) {
$result = null;
}else {
$result = $stwo->user_id;
}
//End patch
} else {
$result = $s->user_id;
}
Then, just try to enter your e-mail on a standard wiki in place of your username and you
will be authenticated to the first ID (and user_name) having your e-mail.
The importance of e-mails as a simple way to authenticate on modern sites can't be
ignored.
If you want to enter your standard username for authentication you can do it too.
But if your username is not a Roman but an Arabic, Thai, Japanese etc. username or even a
French username with accents and if you decided to have authorship recognized in your own
language and not only in a English transliterated way, you can also do it with as standard
mediawiki installation. But if you are working with somebody who has an English keyboard
only, the copy-paste of your Unicode username may be tedious and you would prefer to enter
your e-mail address.
The modified Login form could be:
Username (or e-mail address): |___________________|
Password: |___________________|
If someone could test this patch above and report the security issues as well as
performances, it could be great for us.
We are managing
Demopaedia.org and are willing to open the site to professional
demographers (being already subscribed to a national or international union for the
scientific study of population). We will not use various LDAP authentication processes but
use local standard mediawiki databases. The usual way to be authenticated is the e-mail
and password, and we want to keep this option. If you look (for example) at the work of
Mikael, his work is authored in Cyrillic: Михаил Денисенко on
http://ru-ii.demopaedia.org/w/index.php?title=90&action=historytory, other Russian authors
use the transliteration. It is a question of taste.
If Mikael is traveling and doesn't have a Cyrillic keyboard, he would be pleased to
enter his email to authenticate. The password to be entered is the password linked with
his username.
For people having multiple usernames (pseudos) with the same e-mail but different
passwords for each, a better patch could be to test the password entered and to link with
the unique username. But I am not an expert in mediawiki and php and don't know how to
get the password within the function idFromName.
I understand that e-mails should not be revealed and the above patch satisfies this
condition.
Comments, advices, critics, code are welcome.
Nicolas
Le 15 févr. 2012 à 23:57, Platonides a écrit :
On 13/02/12 19:56, Nicolas Brouard INED wrote:
Thanks John for your comment. It would mean that
people logging with an email will have a default account (lowest ID with the same email or
whatever rule).
For authorship Wikimedia doesn't encourage multiple account names (multiple (>3?)
pseudos are blamed). And usually, for a corporate wiki you don't have multiple
accounts. If you decide to change your name for any reason (divorce for example) you are
supposed to have a (new) unique name. You usually can also have email aliases.
And if you want to log on a specific account name, you can copy and paste your account
name (if your keyboard doesn't allow you to enter your real, not transliterated,
name).
Thus, I am not sure that it is strong objection for corporate wikis at least.
PS: I am trying to understand how to have a working MyAuthPlugin.php and to get the email
in authenticate but it requires time and I haven't found so many examples on the Web.
Any hint or comment is welcome.
Nicolas
I don't think you can do that with just an auth plugin. You would need
to modify the SpecialUserLogin code to look for that email.
PS: What's the big issue with copy&paste or transliteration? Doesn't
your users have a keyboard layout able to type *their own name*?
I understand the issue when a third party needs to enter them, but eg.
Russian people usually have/can switch to a cyrillic keyboard layout.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Nicolas Brouard INED
brouard(a)ined.fr