Throttle time will be enough to give an idea of the time to wait.
The actual time seems to be the time since the first of the last n
attempts in time t as per $wgPasswordAttemptThrottle, but it does not
seem too bad if the user gets a new full pool of allowed attempts.
Bug: 46965
Change-Id: Id385be840f340476fbe7a818ff1d05154fe86d68
}
function processLogin() {
- global $wgMemc, $wgLang, $wgSecureLogin;
+ global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle;
switch ( $this->authenticateUserData() ) {
case self::SUCCESS:
$this->userBlockedMessage( $this->getUser()->isBlockedFromCreateAccount() );
break;
case self::THROTTLED:
- $this->mainLoginForm( $this->msg( 'login-throttled' )->text() );
+ $this->mainLoginForm( $this->msg( 'login-throttled' )
+ ->params ( $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) )
+ ->text()
+ );
break;
case self::USER_BLOCKED:
$this->mainLoginForm( $this->msg( 'login-userblocked',
You may ignore this message, if this account was created in error.',
'usernamehasherror' => 'Username cannot contain hash characters',
'login-throttled' => 'You have made too many recent login attempts.
-Please wait before trying again.',
+Please wait $1 before trying again.',
'login-abort-generic' => 'Your login was unsuccessful - Aborted',
'loginlanguagelabel' => 'Language: $1',
'loginlanguagelinks' => '* {{#language:de}}|de
*Parameter $2 is the name entered as username.
*Parameter $3 is a password (randomly generated).
*Parameter $4 is a URL to the wiki',
-'login-throttled' => 'Error message shown at [[Special:UserLogin]] after 5 wrong passwords. The hardcoded waiting time is 300 seconds.',
+'login-throttled' => 'Error message shown at [[Special:UserLogin]] after the user has tried to login with incorrect password too many times. The user has to wait a certain time before trying to log in again.
+* $1: the time to wait before the next login attempt. Automatically formatted using the [//www.mediawiki.org/w/index.php?title=Special%3AAllMessages&prefix=duration&filter=all duration-* messages].
+This is a protection against robots trying to find the password by trying lots of them. The number of attempts and waiting time are configured via [[mw:Manual:$wgPasswordAttemptThrottle|$wgPasswordAttemptThrottle]].',
'login-abort-generic' => 'The generic unsuccessful login message is used unless otherwise specified by hook writers',
'loginlanguagelabel' => 'Used on [[Special:UserLogin]] if $wgLoginLanguageSelector is true. $1 is a pipe-separated list built from the names that appear in the message {{msg-mw|Loginlanguagelinks}}.
{{Identical|Language}}',