Parent5446 has uploaded a new change for review. https://gerrit.wikimedia.org/r/65867
Change subject: Moved account creation throttle to ping limiter ...................................................................... Moved account creation throttle to ping limiter Got rid of custom account creation throttle logic in favor of the ping limiter. LoginForm now uses the ping limiter to check for account creation throttle. Note that the old $wgAccountCreationThrottle, while deprecated, will be automatically moved into $wgRateLimits. Bug: 48373 Change-Id: If77868ffd7eb5d400d839d78ab2f401fa872f0ed --- M docs/hooks.txt M includes/DefaultSettings.php M includes/Setup.php M includes/specials/SpecialUserlogin.php M languages/messages/MessagesEn.php M languages/messages/MessagesQqq.php 6 files changed, 16 insertions(+), 18 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/67/65867/1 diff --git a/docs/hooks.txt b/docs/hooks.txt index 640d642..6100398 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -1057,7 +1057,8 @@ OutputPage::showErrorPage. 'ExemptFromAccountCreationThrottle': Exemption from the account creation -throttle. +throttle. Deprecated since 1.22. Use the ping limiter instead with the +createaccount action. $ip: The ip address of the user 'ExtensionTypes': Called when generating the extensions credits, use this to diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 173605c..109c1ec 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4202,6 +4202,7 @@ * Number of accounts each IP address may create, 0 to disable. * * @warning Requires memcached + * @deprecated since 1.22. Use the $wgRateLimits instead */ $wgAccountCreationThrottle = 0; @@ -4318,6 +4319,9 @@ 'emailuser' => array( 'user' => null, ), + 'createaccount' => array( + 'anon' => null, + ) ); /** diff --git a/includes/Setup.php b/includes/Setup.php index d8c9180..5d2592f 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -417,6 +417,12 @@ wfWarn( 'Secure login was enabled on a server that only supports HTTP or HTTPS. Disabling secure login.' ); } +// If not overridden by $wgRateLimits, the $wgAccountCreationThrottle variables holds +// the maximum number of accounts an IP can make in a day. +if ( !isset( $wgRateLimits['createaccount']['anon'] ) && $wgAccountCreationThrottle > 0 ) { + $wgRateLimits['createaccount']['anon'] = array( $wgAccountCreationThrottle, 86400 ); +} + # Now that GlobalFunctions is loaded, set defaults that depend # on it. if ( $wgTmpDirectory === false ) { diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index b147b83..636209a 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -464,18 +464,8 @@ // Hook point to check for exempt from account creation throttle if ( !wfRunHooks( 'ExemptFromAccountCreationThrottle', array( $ip ) ) ) { wfDebug( "LoginForm::exemptFromAccountCreationThrottle: a hook allowed account creation w/o throttle\n" ); - } else { - if ( ( $wgAccountCreationThrottle && $currentUser->isPingLimitable() ) ) { - $key = wfMemcKey( 'acctcreate', 'ip', $ip ); - $value = $wgMemc->get( $key ); - if ( !$value ) { - $wgMemc->set( $key, 0, 86400 ); - } - if ( $value >= $wgAccountCreationThrottle ) { - return Status::newFatal( 'acct_creation_throttle_hit', $wgAccountCreationThrottle ); - } - $wgMemc->incr( $key ); - } + } elseif ( $currentUser->pingLimiter( 'createaccount' ) ) { + return Status::newFatal( 'acct_creation_throttle_hit' ); } if ( !$wgAuth->addUser( $u, $this->mPassword, $this->mEmail, $this->mRealName ) ) { diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index bc3a381..52fdf02 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1213,8 +1213,7 @@ 'signupend' => '{{int:loginend}}', # do not translate or duplicate this message to other languages 'signupend-https' => '', # do not translate or duplicate this message to other languages 'mailerror' => 'Error sending mail: $1', -'acct_creation_throttle_hit' => 'Visitors to this wiki using your IP address have created {{PLURAL:$1|1 account|$1 accounts}} in the last day, which is the maximum allowed in this time period. -As a result, visitors using this IP address cannot create any more accounts at the moment.', +'acct_creation_throttle_hit' => 'Visitors to this wiki using your IP address have created too many accounts in a short amount of time. Please try again later.', 'emailauthenticated' => 'Your email address was authenticated on $2 at $3.', 'emailnotauthenticated' => 'Your email address is not yet authenticated. No email will be sent for any of the following features.', diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index e789898..9a15de3 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -1278,9 +1278,7 @@ * $1 - password reset email resend time (in hours)', 'mailerror' => 'Used as error message in sending confirmation mail to user. Parameters: * $1 - new mail address', -'acct_creation_throttle_hit' => 'Error message at [[Special:CreateAccount]]. - -"in the last day" precisely means: during the lasts 86400 seconds (24 hours) ending right now.', +'acct_creation_throttle_hit' => 'Error message at [[Special:CreateAccount]].', 'emailauthenticated' => 'In user preferences ([[Special:Preferences]] > {{int:prefs-personal}} > {{int:email}}) and on [[Special:ConfirmEmail]]. Parameters: -- To view, visit https://gerrit.wikimedia.org/r/65867 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If77868ffd7eb5d400d839d78ab2f401fa872f0ed Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Parent5446 <tylerro...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits