Am 16.08.2011 16:20, schrieb Casey Brown:
On Tue, Aug 16, 2011 at 6:52 AM, Bryan Tong Minh bryan.tongminh@gmail.com wrote:
You should put Special:PasswordReset in $wgWhiteListSomething.
Shouldn't that be there by default like Special:UserLogin? Svip has a valid point. If they forgot their password, they wouldn't be able to login to request a new one.
Another related solution (needs a tiny core code change http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/Spe... )
Patch to make SpecialPasswordReset only available to groups with a (new) minimum right "special-passwordreset-access"
It can be done in a small extension, but why not making it part of the core ? -
# add a new user right $wgAvailableRights[] = 'special-passwordreset-access';
# disallow all to access SpecialPasswordReset $wgGroupPermissions['*']['special-passwordreset-access'] = false;
# but allow admins to access SpecialPasswordReset $wgGroupPermissions['sysop']['special-passwordreset-access'] = true;
change in http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/specials/Spe... parent::__construct('PasswordReset'); to parent::__construct('PasswordReset', 'special-passwordreset-access');