Le 16 févr. 2012 à 20:51, Bináris a écrit :
2012/2/16 Nicolas Brouard INED
<brouard(a)ined.fr>
For people having multiple usernames (pseudos)
with the same e-mail but
different passwords for each, a better patch could be to test the password
entered and to link with the unique username. But I am not an expert in
mediawiki and php and don't know how to get the password within the
function idFromName.
This is an important point. For example, I have 3 bot accounts that all
have my e-mail for practical reasons. I wouldn't be happy with logging in
as one of them. :-)
For bot accounts, you can and should still log using a specific bot username.
There is no ambiguity in the proposed patch, it checks if the username (user_name field)
exists and if yes it checks the corresponding password. It is only when the username
doesn't exist that it checks if a user_email exists. If a user_email exists it could
be an array of user_id and instead of returning the first element of this array (and
hoping that the password entered will match this ID) we could propose a better algorithm.
That is the reason why I say that this simple patch works in most cases (90 %? A
simulation could be done with the Wikipedia dbs): if you are not authenticated using an
e-mail and password to the username you wanted, you need to enter the standard way i.e
with username and same password.
Regards,
--
Nicolas