Le 18 févr. 2012 à 23:41, Nicolas Brouard a écrit:
Le 16 févr. 2012 à 22:26, Platonides a écrit :
On 16/02/12 09:51, Nicolas Brouard INED wrote:
Thanks to Platonides for his comment and also to Olivier (the author of the Realnames extension) who told me to forward the following patch to wikitech-l (which I just subscribed to) for advices, comments and critics.
I was just wondering if this small patch in User.php (function idFromName) was enough in most cases:
(...)
This is only patching User::idFromName(), which won't be enough.
Sorry, could you detail why it won't be enough!
You could well be storing the email instead of the username in the page history.
I was probably not clear enough: I don't want the email in the page history. Also the Realnames extension (quoted above) is trying to do what you seem suggesting but it is a complex extension which did not work on 1.18 for example.
The proposed patch is also a solution which manages the transition for Wikipedians. Having an authentication with e-mail only is brutal and won't be understood. I like the possibility of having both option with a priority to username for performance also.
But allowing new authors from Arabic or Asian (or Russian or ...) countries (with non Roman characters) to sign new articles in their own language with their own standard, not transliterated, signature will be appreciated if they also have an easy way to authenticate on an English keyboard (pad, smartphone etc.).
I didn't express it right. If you do $user = User::newFromName("email@address.com"), that gets cached, and if youlater use that object for eg. storing the username in the history, boom, $uset->getName() will say it's called email@address.com
That's probably not happening, but you would need to check all paths in core and the extensions...
As I said, you should fix it in SpecialUserlogin.php.
What should I fix? Is there something wrong in the proposed patch?
The patch should go against SpecialUserlogin.php, authenticateUserData() function.
Then, just try to enter your e-mail on a standard wiki in place of your username and you will be authenticated to the first ID (and user_name) having your e-mail.
The importance of e-mails as a simple way to authenticate on modern sites can't be ignored.
It can also expose the fact that someone is registered there with that email address.
I don't understand what you mean and if someone has already entered an email for a username what is the problem?
In the patch provided, it would also happily show under some circunstances the username associated to an email (not a problem for the internal wiki of a company, where everybody know each other's mail, an issue for public wikis out there).
That is the reason why I was asking this mailing list. But, as I said in a previous and detailed answer to Bergi, the patch is very short (a single "if") and thus consequences are not
tremendous.
Go to Special:Contributions and enter the email of an existing user. I think it may show the user contributions.
We made some tests on various wikis, and we haven't found yet any circumstance where the username associated to an email is displayed:
- it can't happen when the authentication works;
- the only situation that I have found is when you are asking for a new password: then the username associated with the email entered (in place of the username) is displayed in the received email, but it is not a security issue because you are the only person to read your email.