Sebek Nowaczynski wrote: > I have: > > example.com > and > example.com/w/ > in which it is MediaWiki. > > I want to have login form (with a different look than the standard) in > example.com/index.php > > I copied the source code of login form, and in this I have there:
I'd modify includes/templates/Userlogin.php to suit your needs instead of copying it anywhere elese. > <input type="hidden" name="wpLoginToken" > value="f695ba23114fe495f3f03f2ab23d0294" /> > > Where/How to retrieve this value(wpLoginToken)? Create with a random value (eg. User::generateToken()) and store in $_SESSION['wsLoginToken'] > I can login once to my page, but, in the twice I see: > > "Login error > There seems to be a problem with your login session; this action has > been canceled as a precaution against session hijacking. Go back to > the previous page, reload that page and then try again. " > > I think this is problem with wpLoginToken. If I delete this hidden > walue, there is communicate like "Login error There seens to be...". Right. That token is needed to avoid a CSRF vulnerability. > I have MediaWiki 1.17alpha (r69213), directly from SVN (clean > installation), PHP 5.2.13 (cgi-fcgi), MySql 5.1.47. > > > Thank you for your reply and sorry for my weak English. > > S. Nowaczynski _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
