aboutsummaryrefslogtreecommitdiffstats
path: root/includes/templates
Commit message (Collapse)AuthorAgeFilesLines
* Remove $wgDisableAuthManagerGergő Tisza2016-08-092-531/+0
| | | | Change-Id: I2b2c9693a275fcc026916bd97f303e7a5c8df341
* Re-introduce "Templatize Special:Contributions lines"amir2016-06-081-0/+6
| | | | | | | | | The original change was 1bce6db10e99840cfbd10fa074c93d8d96d88412 It got reverted in I8f63e002e34a9d13e2597a27e3dd918a687d1e7c Fixed issues raised Bug: T122537 Change-Id: I047038d6164bd6e32909d25bb37002b43bfd3a92
* Use AuthManager on special pagesGergő Tisza2016-05-162-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rewrite authentication-related special pages to use AuthManager. All the changes mentioned below only take effect when $wgDisableAuthManager is false. LoginForm is rewritten to use HTMLForm and split into UserLogin and CreateAccount; ChangePassword and PasswordReset are rewritten; ChangeEmail and Preferences are updated. Four new special pages are added to handle the new capabilities of AuthManager (linked accounts, secondary authentication providers): LinkAccounts, UnlinkAccounts, ChangeCredentials, RemoveCredentials. The old form-based hooks (ChangePasswordForm, UserCreateForm, UserLoginForm) are deprecated. A new, more generic hook is available to alter the forms (AuthChangeFormFields); form changes that involve new fields should be done via $wgAuthManagerConfig. UserLoginComplete is limited to web-based login; for more generic functionality UserLoggedIn can be used instead. Hooks that assume password-based login (PrefsPasswordAudit, AbortChangePassword) are removed; the first functionality is replaced by ChangeAuthenticationDataAudit, the second is handled by AuthManager. LoginPasswordResetMessage is removed, the functionality can be recreated via authentication providers. There are several smaller backwards incompatible changes: * Adding fields to the login/signup forms by manipulating the template via the extraInput/extrafields parameters is not supported anymore. Depending on the authn configuration the login/signup process might be multistep and it would be complicated to ensure that extensions can access the data at the right moment. Instead, you can create an AuthenticationProvider which can define its own fields and process them when the authentication is over. (There is B/C support for a transitional period that works with the default login form, but might break with configurations that require multiple steps or redirects.) * Removed cookie redirect check. This was added in 2003 in 9ead07fe9 for the benefit of bots, but with MediaWiki having an API these days there is little reason to keep it. Same for the wpSkipCookieCheck flag (added in 2008 in 29c73e8265). * Instead of embedding a password field on sensitive special pages such as ChangeEmail, such pages rely on AuthManager for elevated security (which typically involves requiring the user to log in again unless their last login was more than a few minutes ago). Accordingly, wgRequirePasswordforEmailChange is removed. * Special:ChangePassword requires login now. * Special:ResetPassword now sends a separate email to each user when called with a shared email address. * the Reason field had a message with 'prefsectiontip' class which was sorta broken but used in extensions for formatting. HTMLForm does not support that, so this commit turns it into a help message which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884 Bug: T110277 Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
* Change remaining places to use short array syntaxumherirrender2016-03-112-30/+30
| | | | Change-Id: I0785c73a239c11188ad7411c5cd8ed09a2dbc9b3
* Minor update on login form on layout and buttonsVolker E2016-03-081-8/+8
| | | | | | | | | | | | Changing current `constructive` button to `progressive` as part of the consolidation task T110555. Also bringing some minor layout improvements, aligning values to CSS coding guidelines and cleaning up typos and superflous (initial) style values. Bug: T89860 Bug: T126307 Change-Id: I2cc642ddc78f1b436e47261568601be592fe1fa4 Depends-on: I095eddfe5ec2f1fbc81939b67ed467484e15092b
* Revert "Templatize Special:Contributions lines"Krinkle2016-03-041-6/+0
| | | | | | | | Breaks RevisionDelete. This reverts commit 1bce6db10e99840cfbd10fa074c93d8d96d88412. Change-Id: I8f63e002e34a9d13e2597a27e3dd918a687d1e7c
* Templatize Special:Contributions linesAdam Roses Wight2016-03-031-0/+6
| | | | | Bug: T122537 Change-Id: I11aac43de495881e10e393d075a231bd346ea547
* Use template to render EnhancedChangesList groupsAdam Roses Wight2015-12-281-0/+28
| | | | | | | | Rewrite a chunky HTML string concatenation party as Mustache template rendering. This decouples the view from the controller. Bug: T120921 Change-Id: I3217b80168f89e7b91dbc33a7053865ad3408615
* Remove dead local vars in UsercreateTemplatejeroendedauw2015-09-101-2/+0
| | | | Change-Id: I61738d0d1c1355fdd9a192ab0edf73a78ae3546c
* Allow extensions to add a banner to UserLogin and CreateAccount special pagesFlorian2015-07-162-0/+11
| | | | | | | | | | Some extensions, e.g. MobileFrontend, customize the UserLogin and UserCreate special pages. This change adds the possibility to add some HTML after the warning and/or error messages are printed to the output. This will be used in MobileFrontend to get rid of the own userlogin template. Bug: T87261 Change-Id: Ia81f7c52f08e8dcc73ac751432560c4077d4bd39
* Remove unneeded variable assignment in Usercreate.phpumherirrender2015-03-261-1/+1
| | | | Change-Id: I8fe2e6bc3a6c63dacee8d6c8f314d9b4161b7144
* Escape extra input messages on Special:UserLogin/signupumherirrender2015-02-261-1/+1
| | | | | | | | | | | TitleBlacklist and AntiSpoof can register extra input fields with a own message, this message would now be escaped to avoid use of raw html. Messages: 'titleblacklist-override' and 'antispoof-ignore' The messages are now handled similar to checkbox 'createaccountmail' Bug: T85864 Change-Id: I14326c3844904560b66eb8e8eb7d36706caa47da
* Adding sample code to TemplateParser::processTemplate() docskaldari2015-02-201-1/+1
| | | | | | | Also reverting punctuation that was accidently changed in change I28cd13d4d. Change-Id: I1283fbfbaf8cefbbc951599ee286d923b9dedf65
* Fixing links on NoLocalSettings pagekaldari2015-02-201-2/+2
| | | | | | This fixes a regression caused by change I28cd13d4d. Change-Id: Iff30f08688d17da2d690c5e798c43489b1cafc7e
* Adding TemplateParser class providing interface to Mustache templateskaldari2015-02-192-98/+39
| | | | | | | | | | | | The TemplateParser class provides a server-side interface to cachable dynamically-compiled Mustache templates. It currently uses the lightncandy library to do compilation (which is already included in the vendor repo). Also converting NoLocalSettings.php to use it as a proof-of-concept. Bug: T379 Change-Id: I28cd13d4d1132bd386e2ae2f4f0d1dd88ad9162b
* Fixed a path issue in NoLocalSettingsmgooley2015-02-091-0/+1
| | | | | | | | | | | | Added a break in the else statement, because the only time it will go to else will be if it hits a page (.php), in which case we don't need to continue any further because we have the full path needed to access resources. (Image and link location) Bug: T88168 Change-Id: If948b12bb09260d6ea119c3478b90225537b9786
* Usercreate: Move label of extraInput to right placeumherirrender2015-01-241-2/+4
| | | | | | | | | | | | With change Ib585e32463765d7eb7d0be5dae54dc828ddd4ca9 the position of the label for extraInput (from TitleBlacklist or AntiSpoof) was misplaced outside of the label. This breaks clicking on the label to check the box. It is also possible to have line break between check box and label, which is unneeded there. Bug: T87385 Follow-Up: Ib585e32463765d7eb7d0be5dae54dc828ddd4ca9 Change-Id: I8384621075c6a73cff7575af0380f90bc75e234d
* Templates:Captcha position modified,extend functionality added to QuickTemplateSumit Asthana2015-01-201-3/+6
| | | | | | | | | | | | | The ConfirmEdit extension presently inserts captcha in the header of Usercreate and Userlogin templates. The js,if enabled places the captcha before submit button. A separate 'extrafields' placeholder for captcha is added just before submit button in Usercreate.php so that captcha position remains consistent, even if js is disabled. An extend method added to QuickTemplate to append any data to existing field, rather than setting it with fresh data. Particular use for 'extrafields' in Usercreate and Userlogin. Bug: T85192 Change-Id: I82c68814e79cbc5aa250a308862c59fcbb6fd527
* Stop using mw-ui-big on login form buttonsjdlrobson2015-01-162-2/+1
| | | | | | | | | | This is inconsistent with mobile and is one of the blockers from us using this form rather than our own on a mobile device. Also mw-ui-big is a terrible class name and we should be deprecating its usage. Change-Id: I56e93429431690cf1b9ef043620b36148e3b4a7a
* Userlogin.php: Tweaks and correctionsBartosz Dziewoński2015-01-151-24/+38
| | | | | | | | | | | | | | | | | * Correct nesting of the block generating "Forgot your password?" link – it would be mistakenly only generated if the user could create an account. * Use ->escaped() rather than ->parse() for 'userlogin-resetpassword-link', as it is used inside a link and allowing wikitext could lead to undesirable side-effects. * Remove unused $extraAttrs variable. * Remove pointless 'size' => '20' for some fields (they are displayed full-width using CSS). * Remove pointless .mw-ui-block class, as its styles are always used for buttons in a VForm. * Prettify code for hidden fields generation. Change-Id: If749620bf2eaf58f815cae559383e1a1c842b870
* Consolidate mobile and desktop designs for login formjdlrobson2014-12-231-15/+19
| | | | | | | | * Stop sign up button from being a button * Move password reset to bottom of form Bug: T85189 Change-Id: I175e9f515d962f9078845f25f9b96079819444c6
* Merge "If a user logs in while not on https, then the user should be sent ↵jenkins-bot2014-12-031-0/+1
|\ | | | | | | back to the non-secure website."
| * If a user logs in while not on https, then the user should be sent back to ↵Stephen Liang2014-11-191-0/+1
| | | | | | | | | | | | | | the non-secure website. Bug: 71716 Change-Id: I7c24b779e5f4b01bd400a1833e12932f7b01f848
* | Add 'name' back to wpLoginAttemptReedy2014-10-121-0/+1
| | | | | | | | Change-Id: I353ccb74e3572ab2e22a3803d0bc265be2ca2408
* | Fix session failure errors when trying to create an accountKunal Mehta2014-10-111-0/+1
|/ | | | | | | | | | wpCreateaccount was no longer being passed in the POST request, so the special page thought a login attempt was occurring rather than an account creation attempt, so it checked against the wrong token, resulting in session failure errors. Bug: 71862 Change-Id: I9519cb264be9f587ef4354ba1fd03962a52755a2
* Hygiene: Make construction of buttons easierjdlrobson2014-09-302-8/+13
| | | | | | | | | | | | Stop littering MediaWiki with globals, provide a common api for generating them similar to how we do text input attributes before things get out of control. Adds * submitButton * linkButton Change-Id: I61bb3c358f755ed9f2153d94b744c1a9da02c456
* Allow logged-in users to view and use the login form againBartosz Dziewoński2014-09-221-3/+14
| | | | | | | | | | | | | | | | | | The fix for bug 15484 (d0439af8) has introduced the behavior of automatically redirecting users who view the login form when already logged in to the requested 'returnto' location. If it was not given, users were redirected to main page instead. However, that has annoyed people who often switch between several accounts and have grown accustomed to the old behavior of being able to log in while logged in. Given that there are no conflicts between these two features, let's just restore the old behavior when Special:UserLogin is visited directly (no 'returnto' location given). This reverts 5dfc57eb which removed then-dead code for showing login form to logged-in users and tweaks an if() condition. Bug: 70855 Change-Id: I7e40c13a6ca566b4d66d943c006af9edb6941ee9
* Move assets/ to resources/assets/Bartosz Dziewoński2014-09-171-1/+1
| | | | | | | | | | | While it's "semantically" incorrect (these files are not ResourceLoader resources), putting them in that subdirectory is a lot less hassle than introducing a new toplevel directory. Follow-up to 2b4b9a3f. Discussion that resulted in the toplevel assets/ took place on I6268d663 (now abandoned). Change-Id: Iedbfd802457fe35803899e3479540177760ec30b
* Merge "Move mediawiki.png to assets/ directory"jenkins-bot2014-09-071-1/+1
|\
| * Move mediawiki.png to assets/ directoryBartosz Dziewoński2014-09-051-1/+1
| | | | | | | | | | Bug: 69277 Change-Id: I7936d878de23b1b85d5e0a3a3a9572101681dfdc
* | Merge "Remove unneeded spaces inside html in NoLocalSettings.php"jenkins-bot2014-09-051-2/+2
|\ \ | |/ |/|
| * Remove unneeded spaces inside html in NoLocalSettings.phpumherirrender2014-08-271-2/+2
| | | | | | | | | | | | | | | | A <a> should not be followed by a space, because the space is already before the tag. This gives double spaces when copy and paste the word and link. Change-Id: Ia46cafc6ea7359e92a315678020e7815810aac5a
* | Remove dead code for showing login form to logged-in usersBartosz Dziewoński2014-08-251-14/+3
|/ | | | | | | | Since d0439af8, trying to view the login form while logged-in just redirects to the 'returnto' address (or the main page), so this code is unreachable. Change-Id: I9ab8ab83172063d8facc491042832513d27f876b
* Make Special:UserLogin form use mw-ui-checkboxjdlrobson2014-08-142-12/+12
| | | | Change-Id: Ib585e32463765d7eb7d0be5dae54dc828ddd4ca9
* Add mw-ui-input to mediawiki uijdlrobson2014-07-282-10/+10
| | | | | | | | | | | | | Upstream component from Flow Adds mw-ui-input component Update existing (and undocumented) usage in core of mw-ui-input to use Flow focus style Updated usage of mw-ui-input in Special:Search and Special:Userlogin Packaged in mediawiki.ui.inputs to allow developers to use inputs separately to other mediawiki ui components. Change-Id: Ida765b97e6574bdc8fbba88a08ec98ec12f3dc95
* Merge "Display MediaWiki:Loginprompt on the login page"jenkins-bot2014-07-141-0/+1
|\
| * Display MediaWiki:Loginprompt on the login pageThis, that and the other2014-07-141-0/+1
| | | | | | | | | | | | | | | | | | | | This reinstates functionality removed in 44840d1. There is no longer a default message, and must be created on wikis locally. Bug: 66574 Change-Id: Ife39fe868b46ef054101c2db2e4e901380998c0e Co-Authored-By: Dan Poltawski <dan@moodle.com>
* | mediawiki.ui: Rename .mw-ui-vform-div → .mw-ui-vform-fieldBartosz Dziewoński2014-06-262-16/+18
|/ | | | | | | | | | | | | | | | | | | Require use of class instead of applying styling to all <div>s This resolves a few FIXMEs and dramatically lowers the awkwardness level of using mediawiki.ui. '.mw-ui-vform-field' is a more descriptive name than '.mw-ui-vform-div' and corresponds to the HTMLFormField PHP class in core which generates <div>s with this CSS class. We previously styled '.mw-ui-vform > div' the same way we styled '.mw-ui-vform .mw-ui-vform-div', which was an annoying piece of magic causing difficult to debug problems when one needed a different HTML structure (like bug 63233). Explicitly using '.mw-ui-vform-field' where applicable is a lot saner. Change-Id: I6f0b8842f5fdf70b97decb165086d1a83428b259
* Ignore CodeSniffer checks on HTML template filesSiebrand Mazeland2014-05-093-1/+3
| | | | Change-Id: I3b671616c1b110258389b5ebe10b5c2ca8c5835f
* Remove unnecessary h2 element on create accountswalling2014-04-221-3/+0
| | | | | | | | | | We added these headings during the last account creation and login form redesign but on recollection I'm not sure they're needed. The messages are pretty much redundant with the h1 heading, and now h2 elements have a margin-top of 1em it adds too much whitespace. Change-Id: Ice5e8bf23cc00bf00835e7dc26acc33182654ec5
* Merge "Link to existing login help page by default from helplogin-url"jenkins-bot2014-03-191-2/+11
|\
| * Link to existing login help page by default from helplogin-urlFederico Leva2014-03-181-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detailed rationale discussed on bugzilla, bug 53888 and parent, where consensus on the design was gained. Using https link per Brion et al. in comments and bug 54835, with new keys for the messages in order to avoid any conflict with existing messages. (The translations of the removed messages will be automatically removed by localisation updates.) https://www.mediawiki.org/wiki/Help:Logging_in was improved by Lloffiwr and now also marked for translation. The link is ready for future translations thanks to the use of the standard Special:MyLanguage, hence the message is made ignored to allow customisations only locally. Bug: 53888 Change-Id: I8cefafbcd3bd1d6a03cec7cf1d0efdf607fec21d
* | Merge "Reapplying r45820 to support the NewSignupPage extension."jenkins-bot2014-03-151-1/+1
|\ \
| * | Reapplying r45820 to support the NewSignupPage extension.Jack Phoenix2014-03-091-1/+1
| |/ | | | | | | | | | | Sometimes you really need to have a link (or two) in a checkbox message. Change-Id: Ib75133cb1dfaa796c3acff6f4aa57eb25a806a0f
* | Prevent "Log in" being used in two different contextsSiebrand Mazeland2014-03-121-1/+1
| | | | | | | | | | | | Spotted by Lloffiwr and reported at https://translatewiki.net/wiki/Thread:Support/MediaWiki:Pt-login/en Change-Id: Ibfbe4abfbb29860c05ebaac83e2220f373940a59
* | Merge "Check validity and availability of usernames during signup via AJAX"jenkins-bot2014-03-121-2/+10
|\ \ | |/ |/|
| * Check validity and availability of usernames during signup via AJAXBartosz Dziewoński2014-03-101-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is done in addition to the server-side checks. Users who have disabled JavaScript will not notice any difference. The way this is done (via action=query&list=users API) means that we can't check for all possible error conditions, both for the username (e.g. these enforced by extensions like AntiSpoof) and other parts of the form (e-mail, password…) – these are still handled server-side only. Thus we intentionally never say that whatever the user typed in is valid – we only warn when we know it's not. Doing this "properly" would require some reworking of the internals of the signup process and this way is already a huge improvement. (Split off from the reverted a0c72523.) Bug: 34447 Change-Id: I42c00b54651fd4e7217a862b3116c6113935f5ae
| * Revert "Warn on account creation when username is adjusted"jrobson2014-03-061-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a0c72523c7a2c9ca16329f903ca6b269ccccb787. which has terrible effects on mobile. Most browser inputs on a mobile phone default to lowercase meaning a username with a lowercase starting character will always trigger the warning. This means the user will have to re-enter their passwords, fill out the captcha again and their email again (as all these are sensitive and not retained when reloading the form with the warning) If this is truly wanted on desktop, more thought it needed for the mobile use case. Bug: 61416 Change-Id: I8b93e5a4ca687f87305ced4343dcb28ca2909939
| * Warn on account creation when username is adjustedBartosz Dziewoński2014-03-051-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The user name can be adjusted due to various technical restrictions: the first letter is capitalized, underscores are changed to spaces, numerous other less visible changes happen. Some of these tweaks can be unwanted by some users. Generate a warning if that happens. If the user has JavaScript enabled, the check happens entirely client-side – a little warning box is shown, the user doesn't have to do anything. Otherwise the check happens server-side and the user has to resubmit the form. The way this is done makes it trivial to also check if the username is invalid or already taken, so let's do that. It also means that we can't check for all error conditions, e.g. these enforced by extensions – that is still handled server-side. (Client-side we intentionally never say that whatever the user typed in is valid – we only warn when we know it's not.) API behavior is unchanged. Co-Authored-By: umherirrender <umherirrender_de.wp@web.de> Co-Authored-By: Bartosz Dziewoński <matma.rex@gmail.com> Bug: 34447 Bug: 61416 Change-Id: Ic461a5e597ad71b854dc65bbf8a395c0f55d1fc3
* | LocalSettings.php must be readable by the serverumherirrender2014-03-071-10/+15
|/ | | | | | | | Change check in WebStart to is_readable and output a different text on NoLocalSettings template, when the file exists. Bug: 61094 Change-Id: I4dbdb33e468bc731fa1d6eef8e0f66e1d552d0f8
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 10:42:26 +0000