On 16 August 2011 12:47, Huib Laurens sterkebak@gmail.com wrote:

make the wiki less private for a second, request the password and voila

Assume that it is a company or community wiki that people are invited into. That means several accounts will be using the wiki and an administrator may not always be available to make it less private for a moment. It is not *my* account that is lost, it is another one's. Perhaps allow sysops to request passwordresets for other users?

On Tue, Aug 16, 2011 at 12:52 PM, Bryan Tong Minh bryan.tongminh@gmail.com wrote:

You should put Special:PasswordReset in $wgWhiteListSomething.

https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgWhitelistRea...

Roan Kattouw (Catrope)

Am 16.08.2011 16:20, schrieb Casey Brown:

On Tue, Aug 16, 2011 at 6:52 AM, Bryan Tong Minh bryan.tongminh@gmail.com wrote:

...

You should put Special:PasswordReset in $wgWhiteListSomething.

Shouldn't that be there by default like Special:UserLogin? Svip has a valid point. If they forgot their password, they wouldn't be able to login to request a new one.

Another related solution (needs a tiny core code change http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/Spe... )

Patch to make SpecialPasswordReset only available to groups with a (new) minimum right "special-passwordreset-access"

It can be done in a small extension, but why not making it part of the core ? -

# add a new user right $wgAvailableRights[] = 'special-passwordreset-access';

# disallow all to access SpecialPasswordReset $wgGroupPermissions['*']['special-passwordreset-access'] = false;

# but allow admins to access SpecialPasswordReset $wgGroupPermissions['sysop']['special-passwordreset-access'] = true;

change in http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/Spe... parent::__construct('PasswordReset'); to parent::__construct('PasswordReset', 'special-passwordreset-access');