Manual:Hooks/SecuritySensitiveOperationStatus

Details

 * &$status: (string) The status to be returned. One of the  constants.   will be automatically changed to   if authentication isn't possible for the current session type.
 * $operation: (string) The operation being checked.
 * $session: The current session. The currently-authenticated user may be retrieved as.
 * $timeSinceAuth: (int) The time since last authentication.  if the time of last auth is unknown, or -1 if authentication is not possible.

By default, when some operation requires elevated security (e.g. some special page requests it via ) MediaWiki checks when the user logged in and forces them to log in again if it was more than   seconds ago. This hook can be used to implement more complex logic (e.g. require reauthentication if the request is coming from a different IP then the one the user logged in from).

Extensions implementing this should take care not to override more strict requirements coming from other extensions (e.g. don't return false if you are setting the status to  because some other hook handler might want to set it to  ).