Banned user got banned until he logs in

Jump to: navigation, search

If a user tried the login procedure many times, after a certain occasions he got the CAPTCHA. But I had wanted to disable the login captcha, so I set the "$wgCaptchaTriggers['badlogin'] = false;" variable in the Localsettings.php. After this the user still got the picture, until I set the undocumented $wgCaptchaBadLoginAttempts variable to let's say 3000.

On my own login system the MediaWiki Captcha image doesn't show up, so it took me a lot of time to figure out why I got banned while I was testing the system.

Ban was occurred in includes/specials/SpecialUserLogin.php:523 in this code:

// Give general extensions, such as a captcha, a chance to abort logins
$abort = self::ABORTED;
if( !wfRunHooks( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$this->mAbortLoginErrorMsg ) ) ) {
        return $abort;
}

Somehow the LoginForm::ABORTED status changed to WRONG_PASS, so it made debugging extremely difficult.

Should I file a bug report about this, or is it enough here, in the talk section?

Szotsaki17:17, 18 December 2011

The problem of '$wgCaptchaTriggers['badlogin'] = false' not working should be fixed as of r107007. It wouldn't appear for new password failures, but as that user already had a "bad count", it was being shown anyway (which is now fixed).

Somehow the LoginForm::ABORTED status changed to WRONG_PASS, so it made debugging extremely difficult

This seems done in purpose, since the beggining (r27419): "Emulate a bad-password return to confuse the shit out of attackers"

Platonides00:52, 22 December 2011
 
Retrieved from "http://www.mediawiki.org/wiki/Thread:Extension_talk:ConfirmEdit/Banned_user_got_banned_until_he_logs_in#Banned_user_got_banned_until_he_logs_in_10068"
Personal tools

Variants
Actions
Navigation
Support
Download
Development
Communication
Toolbox