From 470bf4b370afdfb181b4088e0ba82a5cf29253ea Mon Sep 17 00:00:00 2001 From: Nemo bis Date: Sun, 11 Aug 2013 11:48:59 +0200 Subject: [PATCH] In login-throttled, specify how long you have to wait before logging in Throttle time will be enough to give an idea of the time to wait. The actual time seems to be the time since the first of the last n attempts in time t as per $wgPasswordAttemptThrottle, but it does not seem too bad if the user gets a new full pool of allowed attempts. Bug: 46965 Change-Id: Id385be840f340476fbe7a818ff1d05154fe86d68 --- includes/specials/SpecialUserlogin.php | 7 +++++-- languages/messages/MessagesEn.php | 2 +- languages/messages/MessagesQqq.php | 4 +++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index df1b16eb40..cfd617e159 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -734,7 +734,7 @@ class LoginForm extends SpecialPage { } function processLogin() { - global $wgMemc, $wgLang, $wgSecureLogin; + global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle; switch ( $this->authenticateUserData() ) { case self::SUCCESS: @@ -810,7 +810,10 @@ class LoginForm extends SpecialPage { $this->userBlockedMessage( $this->getUser()->isBlockedFromCreateAccount() ); break; case self::THROTTLED: - $this->mainLoginForm( $this->msg( 'login-throttled' )->text() ); + $this->mainLoginForm( $this->msg( 'login-throttled' ) + ->params ( $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) ) + ->text() + ); break; case self::USER_BLOCKED: $this->mainLoginForm( $this->msg( 'login-userblocked', diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 67fe889f8c..bfe6bd03ef 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1246,7 +1246,7 @@ You should log in and change your password now. You may ignore this message, if this account was created in error.', 'usernamehasherror' => 'Username cannot contain hash characters', 'login-throttled' => 'You have made too many recent login attempts. -Please wait before trying again.', +Please wait $1 before trying again.', 'login-abort-generic' => 'Your login was unsuccessful - Aborted', 'loginlanguagelabel' => 'Language: $1', 'loginlanguagelinks' => '* {{#language:de}}|de diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index 8665330600..3cfc222c2f 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -1466,7 +1466,9 @@ See also: *Parameter $2 is the name entered as username. *Parameter $3 is a password (randomly generated). *Parameter $4 is a URL to the wiki', -'login-throttled' => 'Error message shown at [[Special:UserLogin]] after 5 wrong passwords. The hardcoded waiting time is 300 seconds.', +'login-throttled' => 'Error message shown at [[Special:UserLogin]] after the user has tried to login with incorrect password too many times. The user has to wait a certain time before trying to log in again. +* $1: the time to wait before the next login attempt. Automatically formatted using the [//www.mediawiki.org/w/index.php?title=Special%3AAllMessages&prefix=duration&filter=all duration-* messages]. +This is a protection against robots trying to find the password by trying lots of them. The number of attempts and waiting time are configured via [[mw:Manual:$wgPasswordAttemptThrottle|$wgPasswordAttemptThrottle]].', 'login-abort-generic' => 'The generic unsuccessful login message is used unless otherwise specified by hook writers', 'loginlanguagelabel' => 'Used on [[Special:UserLogin]] if $wgLoginLanguageSelector is true. $1 is a pipe-separated list built from the names that appear in the message {{msg-mw|Loginlanguagelinks}}. {{Identical|Language}}', -- 2.20.1