MediaWiki talk:Loginend

Added a message
... to request that users log-in through the secure server, if they're not already there. If anyone takes issue with this, let me know. Thanks. AmiDaniel (talk) 08:08, 7 May 2007 (UTC)


 * doesn't work becuas the login is not recognised when you move off the secure server.Geni 15:20, 7 May 2007 (UTC)
 * True, but if you stay on the secure server, and do all your editing there, it's not a problem. Hopefully the issues with the secure server will eventually be fixed, and perhaps someday soon there will be no more unsecured login .. We can only hope. AmiDaniel (talk) 21:51, 7 May 2007 (UTC)
 * Problem is that the secure server server is not design to cope with large scale use.Geni 22:06, 7 May 2007 (UTC)

Questionable Password strength article
This article points to the Password strength article. I suggest it be removed because the first thing you see on this page is 3 tags recommending it for improvement. Is this an article we want to point to after login? I've nominated it for WP:ACID. I would relist it after it becomes a good article or a least loses those tags. Gutworth 02:50, 8 May 2007 (UTC)


 * I disagree. The templates were added soon after it was added to this message (see the [ version at the time it was added]), since when it's already been [ greatly improved]. We need to point users somewhere that explains password strength, and that's the highest-quality reference available despite its informal tone and missing references. — {admin} Pathoschild 03:19:16, 08 May 2007 (UTC)


 * Yeah, the article certainly didn't look like that yesterday. I may drop a note on its talk page asking if they would mind condensing the three tags down into one -- I find most of these meta tags tend to just be more of a nuisance than anything useful. AmiDaniel (talk) 03:29, 8 May 2007 (UTC)


 * Ok, it's getting better. However, I still think it should go from this message until it's at least cited. Gutworth 20:51, 8 May 2007 (UTC)

validation error
editprotected This page causes Special:Userlogin to fail validation see here because of the line which should be. thanks. Jon513 16:04, 10 May 2007 (UTC)
 * done. AmiDaniel (talk) 16:18, 10 May 2007 (UTC)

Useless link
The page currently links to Special:Preferences. But, if you're not logged in (as is the case when accessing Special:Userlogin), you can't change your password via preferences. So this link needs to be de-linked or otherwise fixed. This, that and the other 09:59, 22 May 2007 (UTC)


 * Fixed. — {admin} Pathoschild 03:12:16, 23 May 2007 (UTC)

Displaced bullets in Firefox
Since a week or two the bullets that belong right in front of the sentences are all left aligned and in the login box on Firefox 1.0.7. That behaviour might be since the fix for IE 8 was made recently. Here's how it looks like: Login Firefox

doxTxob \ talk 17:49, 9 April 2008 (UTC)


 * This link suggests that Firefox 1.0 might not respect  on empty DIV (which is clear in this case). I don't think a lot of people have Firefox 1.0 these days, maybe you could do some testing and suggest a fix, like using   instead? By the way, as far as I know, you're not supposed to put {editprotected} until you have exact fix. —AlexSm 19:21, 9 April 2008 (UTC)
 * ❌ Please establish, through testing, exactly what it is that's broken, and how best to fix it. Changes to this page will affect every logged-in user on Wikipedia, so don't jump to conclusions or make educated guesses :D Happy‑melon 10:24, 10 April 2008 (UTC)

Punctuation
Please remove the quotation marks in the last bullet around commit to read "As a safeguard you may commit to your identity..." They are incorrect and unnecessary. Reywas92 Talk 17:02, 28 April 2008 (UTC)


 * ❌ I disagree. I have changed them to single quotes rather than double quotes, as the phrase is a euphemism/piece of jargon rather than a direct quote, but I believe that the quotes are grammatically appropriate, as the word is not in its common usage here.  If others support their removal, however, I shall of course oblige. Happy‑melon 20:53, 28 April 2008 (UTC)


 * Actually, there is no real difference in meaning between single and double quotation marks, for which reason I suggest reverting this change, considering that Wikipedia favours double quotation marks in its style guidelines. Waltham, The Duke of 15:31, 12 July 2008 (UTC)


 * [[Image:Yes check.svg|20px]] Done. Cheers. --MZMcBride (talk) 17:54, 12 July 2008 (UTC)


 * Thanks a lot. Regards, Waltham, The Duke of 21:19, 12 July 2008 (UTC)

Small change
editprotected Hi, please change this line * Consider logging in on the secure server. to Then the hint is not shown, when the user already logs in at secure.wikimedia.org. --Church of emacs (Talk | Stalk) 03:08, 31 August 2008 (UTC)


 * ✅ after checking it out in my own sandbox. עוד מישהו Od Mishehu 06:04, 1 September 2008 (UTC)

Brush-up of code
I want to do a slight brush-up of the code for this message. It means no change in functionality or visual appearance. Here's the new code:



Secure your account:


 * If your password only contains letters or numbers, please read our article on password strength and consider changing it (in Special:Preferences after you log in).
 * To avoid becoming a victim of phishing, always verify that you are viewing [/wiki/Special:UserLogin Wikipedia's login page] when logging in. Wikipedia will never ask for any information other than your username, password and e-mail address.
 * Do not give out your password to anyone.
 * If your account is compromised, it may be permanently blocked unless you can prove you are its rightful owner.
 * As a safeguard you may "commit" to your identity by adding a cryptographic hash to your user page as instructed here. This makes it almost impossible for an impostor to continue impersonating you once you regain control of your account.

I changed the double ifeq-statement at the beginning to a single switch-case instead. And I changed the server URLs, so all use the shorter form " ", instead of some using " ". And I removed an unneeded " " since it was already within a plainlinks area.

I have of course tested this in my user space.

--David Göthberg (talk) 15:03, 3 December 2009 (UTC)


 * ✅ Done - --David Göthberg (talk) 23:18, 3 December 2009 (UTC)


 * By the way, I don't like that the log in page is dependant on the clear template. I don't even see any good reason to use that template in a system message. Instead I'd like to hardcode that part, using the contents of that template:
 * --David Göthberg (talk) 23:35, 3 December 2009 (UTC)


 * ✅ Done - Since no one commented for a day, and this should be uncontroversial. --David Göthberg (talk) 08:54, 5 December 2009 (UTC)

Secure login
And a related thing: I want to add something that makes it visible when one is logging in to the secure server, since currently the two logins look almost identical. I am thinking of trying if the MediaWiki:Login message can handle ParserFunctions. That's the header in the log in box that says "Log in" with big letters. I want to make so it says "Secure server log in" when using the secure server.

--David Göthberg (talk) 15:03, 3 December 2009 (UTC)


 * You could add an absolute positioned element into this message alternatively. Like a lock icon or something. Not ideal, but might work. Probably best to test this on test.wikipedia.org. —Th e DJ (talk • contribs) 16:20, 3 December 2009 (UTC)


 * Good ideas, both of them. So I have requested adminship over at the Test Wiki. But I think inserting " " for a few seconds in a MediaWiki message to see if it understands ParserFunctions or not should be fairly okay even here. After all, most of them do understand ParserFunctions, and then that test only renders a dot.
 * --David Göthberg (talk) 17:53, 3 December 2009 (UTC)


 * I'm an admin there. I can confirm that MediaWiki:Login understands wikicode. And MZMcBride has helped you to ops as well I see :D —Th e DJ (talk • contribs) 20:25, 3 December 2009 (UTC)
 * Hmm, interesting. Parserfunctions YES, images NO it seems. And the text is also used for the "login" button, so this is a no go it seems. —Th e DJ (talk • contribs) 20:48, 3 December 2009 (UTC)
 * Got something going with testwiki:MediaWiki:Nologin. You can see it on the testwiki:Special:UserLogin. Loginstart message should work as well. —Th e DJ (talk • contribs) 21:03, 3 December 2009 (UTC)


 * Yes, I feel like a VIP. I see that most other users just get one month adminship on the Test Wiki, while I was assigned indefinite adminship as far as I can see.
 * Haha, I see you got all enthusiastic over this. :))
 * But I disagree, I tested at the Test Wiki and for me it works fine. I just want to add text, no image. And adding the text "Secure server log in" to MediaWiki:Login (when using the secure server) looks nice. Sure, it shows both in the heading and in the button, but I find it pretty nice to have that text in the button too.
 * I admit that the padlock you used looks nice. But using an image with fixed position like that breaks in some skins (I have tested). So I prefer to just use a simple text.
 * Another thing that worked was to add the text to the MediaWiki:Userlogin message. That is the heading for the entire page that usually says "Log in / create account". But changing that to "Secure server log in / create account" didn't look as good, since the text became too long.
 * So I would like to add the "Secure server log in" text to MediaWiki:Login. I added it back to the Test Wiki, so people can have a closer look. See its normal login and its secure server login  to compare. Since I now know this works, and only users that do secure log in see it, then I think we can now add it here at enwp so people can try it out for real.
 * --David Göthberg (talk) 23:07, 3 December 2009 (UTC)


 * ✅ Done - Since no one commented for a day I boldly added it. But then I realised that "Secure server log in" is a bit long and sounds like one needs a special account, so I shortened it to "Secure log in".
 * --David Göthberg (talk) 08:54, 5 December 2009 (UTC)

Secure login explanation
And I would like to link to Secure server in some way. Since it is confusing to go the secure server login and there's nothing there explaining what the "secure server" is. Perhaps a link directly under the log in box, before the "Secure your account:" heading. The link should only be visible when on the secure server log in, since I tried but it was confusing to have two links related to the secure server on the normal log in page. But note, the Secure server page is brand new and not ready to be linked from such a high-profile place yet, it needs a work-over from some other editors first.

--David Göthberg (talk) 15:03, 3 December 2009 (UTC)


 * And here's the text I would like to add between the log in box and the "Secure your account" heading:
 * To learn more about the secure server, see: Secure server.
 * That text feels a little clumsy, so if anyone has suggestions for improvements it would be very welcome.
 * --David Göthberg (talk) 09:03, 5 December 2009 (UTC)


 * ✅ Done - I have added it to the secure login. Here are links to the normal login and the secure login  so we can take a look without having to log out.
 * --David Göthberg (talk) 11:19, 6 December 2009 (UTC)

Change User page to Special:MyPage?
In the context it is used in this page, MyPage may be better.  TheWeak Willed   (T * G) 21:09, 19 February 2010 (UTC)


 * No, that won't work since users are seeing this text on the log in page, which is before they are logged in. At that time Special:MyPage only takes them to their IP-user page. And the "committed identity" should be added to their logged in user page, not their IP-user page.
 * --David Göthberg (talk) 02:02, 20 February 2010 (UTC)

"only contains letters or only numbers"
The login text says "If your password only contains letters or only numbers, ..." This is grammatically incorrect. It should read something like "If your password contains only letters or only numbers", "If your password contains either only letters or only numbers", or "If your password contains only letters or contains only numbers". Personally, I prefer the second version (in bold). It's a compromise between clarity and concision. &mdash;Codrdan (talk) 16:12, 12 March 2010 (UTC)

Horribly unparallel
The above poster is correct, but 3 years later, the message still contains horribly barbaric grammar. Please fix it, and hire someone useful like me to proofread thoroughly. Til Eulenspiegel /talk/ 14:34, 16 April 2013 (UTC)


 * Does anyone reading this have admin tools to edit this message? Why is nobody fixing the atrocious grammar mentioned above, and it's now three years after it was first pointed out? Til Eulenspiegel /talk/ 13:55, 28 April 2013 (UTC)


 * Hi. If you take a look at the section below, you can see that this MediaWiki message will soon no longer be used in the site interface. At this point, rearranging the deck chairs on the Titanic seems like a waste of time. In the future, if you have a trivial or uncontroversial edit that requires an admin, use the sudo tag with your request and it will be fulfilled (usually within a day). Hope that helps. --MZMcBride (talk) 19:00, 29 April 2013 (UTC)


 * I don't know how long it took you to type that friendly response, but probably much longer than it would have taken for someone to just fix it, while people logging in still have to look at it. But what I gather is that everyone here is much too important to waste their time humoring people who make "trivial" requests. Til Eulenspiegel /talk/ 20:40, 2 May 2013 (UTC)

"Commit" to your identity

 * Currently, this says As a safeguard you may "commit" to your identity by adding a cryptographic hash to your user page as instructed here. The word "instructed" looks as if people are being told to do this. IMHO "explained" would be a better choice of word. --Northernhenge (talk) 16:21, 23 March 2010 (UTC)
 * Okay, changed. &mdash; Martin (MSGJ · talk) 21:00, 26 September 2011 (UTC)
 * Thank you --Northernhenge (talk) 23:57, 26 September 2011 (UTC)

Still refers to secure.wikimedia.org
Would those more familiar with this file consider to update the components so that it utilises the secure logins that are now available directly for enWP rather than through the deprecated methodology. — billinghurst  sDrewth  07:37, 26 February 2012 (UTC)


 * MediaWiki:Loginend-https is the message that'll be used instead of this one when viewing from the regular secure site. At some point in the future, secure.wikimedia.org will redirect to the regular secure site and we can eliminate the conditionals here.  — Dispenser 04:25, 27 February 2012 (UTC)

Accessibility, make correct headers
Hi. In conformance with MOS:ACCESS, we should not make pseudo-headings using bold. Make proper headings instead.

Thus, I ask the following change. Replace : Secure your account: by Secure your account

Thanks ! Dodoïste (talk) 06:53, 6 July 2012 (UTC)
 * Why is this edit request not answered? It should be fairly simple though. Dodoïste (talk) 14:49, 13 July 2012 (UTC)


 * ❌: straightforward it might be, but H3s should not be placed directly under H1s. If you think this should be okay as an H2 then ping me on my talk and I'll make that change instead. Chris Cunningham (user:thumperward) (talk) 13:38, 19 July 2012 (UTC)
 * Hi. Your reasoning is good. But on the login page where this message is transcluded, there is a H2 (Log in) under the H1. The accessibility improvement is for the login page, not this MediaWiki system page. It should be a H3, definitely. Dodoïste (talk) 14:47, 19 July 2012 (UTC)


 * Good catch. I've now made the change. Chris Cunningham (user:thumperward) (talk) 09:23, 21 July 2012 (UTC)
 * Thanks! :-) Dodoïste (talk) 11:28, 21 July 2012 (UTC)

[This discussion was moved from MediaWiki talk:Loginend-https, which now redirects here.]

Hi. In conformance with MOS:ACCESS, we should not make pseudo-headings using bold. Make proper headings instead.

Thus, I ask the following change. Replace : Secure your account: by Secure your account

Thanks ! Dodoïste (talk) 06:53, 6 July 2012 (UTC)


 * ❌ per the rationale at the non-HTTPS request. Chris Cunningham (user:thumperward) (talk) 13:39, 19 July 2012 (UTC)
 * Replied at said page, should be done nonetheless. Dodoïste (talk) 14:48, 19 July 2012 (UTC)


 * ✅. Chris Cunningham (user:thumperward) (talk) 09:23, 21 July 2012 (UTC)

Future of this message
Hi.

In the proposed redesign of the login form (viewable here: ), this MediaWiki message ("MediaWiki:Loginend" [and its twin sister "MediaWiki:Loginend-https"]) no longer appear(s) in the user interface.

How important do people feel it is to include the "Secure your account" information on the login screen? We can presumably hack it back in locally if we want to. --MZMcBride (talk) 21:46, 27 April 2013 (UTC)

P.S. I advertised this discussion at WP:VPR, WP:VPT, and WP:AN. I think this is probably sufficient advertising for the discussion, but if you disagree, please feel free to post elsewhere.


 * Note: information about securing your account is actually still part of the resources linked to from the new version, via "Help with logging in", which contains a great summary about account security. If people think User account security also needs a direct link, I think it'd be totally fine to add it as a second link in that same MediaWiki message, or in a new one added to the form by default (no reason why account security should be more important on enwiki than elsewhere). Here's a quick mockup of the style that I think would work for either a local modification or a new default message. Steven Walling (WMF) &bull;  talk   01:12, 28 April 2013 (UTC)
 * Personally, I think that if we would add some of this info into the field validators and add a strength tester to the password fields, that I would be just fine with me. I've never been a fan of the wordy pages. —Th e DJ (talk • contribs) 13:47, 28 April 2013 (UTC)
 * We already had an RfC about that with great support. A bugzilla entry was made but actually no activity was made on these entries since ages. The WMF is still again ignoring community consensus and don't see the need in securing and improving the education of editors. :-( mabdul 15:36, 28 April 2013 (UTC)
 * Mabdul: can you link me to the RFC and bug (if they're not the one I just linked to)? TheDJ: I think adding a password strength indicator is not a controversial idea at all, and we should also do something about the fact that the password length requirement is only 1 character, which is pretty absurd. (More at mw:Requests for comment/Password requirements) Steven Walling (WMF) &bull; talk   18:00, 28 April 2013 (UTC)
 * Of course: a simple search for account security and I got Village pump (proposals)/Account security: RfC closed at 22 July 2011 with actual every bug ticket after every section. mabdul 20:21, 2 May 2013 (UTC)
 * BTW: there is no way to hack it back in locally. The pre and post messages are not part of the new UI, and local JS cannot be added to the Login page. —Th e DJ (talk • contribs) 10:50, 29 April 2013 (UTC)
 * Well, further text could be added to MediaWiki:Userlogin-helplink, and that's not even hacky. Amalthea  11:36, 29 April 2013 (UTC)
 * Note that the CSS for that message is set to center the text, which is not ideal for a list of material like what was in the previous message, though that too could potentially be changed locally of course. Anyway, I agree with TheDJ that less is more. Let's go through the list of items in this message...


 * The secure connection link is now embedded intelligently in the top of the form, so you get it if you're not on HTTPS. That part of the message would be redundant to add back in.
 * I think password strength information should really be suggested on account creation, and potentially enforced by sane defaults like not allowing one character passwords.
 * Information like "Do not give out your password to anyone." or that your compromised account may be blocked is completely obvious to most people, bordering on pedantic I think. At best it should be in a linked "Secure your account" page.
 * The cryptographic hash is nice to know, but too technical for most people to understand and implement, and should really be in a separate help page about security rather than a piece of information to give everyone trying to log in.
 * The above conclusions seem reasonable to me, and are why we didn't just carry over the loginend message by default. If folks think that I'm wrong, I think we should talk about how to integrate a necessary addition elegantly, rather than just making someone hack it in locally. Steven Walling (WMF) &bull; talk   18:55, 29 April 2013 (UTC)
 * I think a Securing your account page would be nice to explain password best practices, the cryptographic hash, etc. I agree that including most of the information on the login screen doesn't seem strictly necessary. I feel like there may already be a "secure your account"-type Wikipedia page somewhere. Perhaps User account security could be expanded? --MZMcBride (talk) 14:32, 30 April 2013 (UTC)

Advertising new login
Hey, would anyone object if I temporarily replace this message (except for the secure server link) with a call to try the new login? I was going to do a watchlist notice, but it was suggested that advertising directly on the interface was a better idea. <span style="font-family:Georgia, serif;">Steven Walling (WMF) • talk   21:48, 2 May 2013 (UTC)
 * Okay, no one has objected to this, but I realized that this message is pretty cluttered, so I'm going to try it out via loginstart, rather than loginend. Edit: this doesn't work, since loginstart is actually on login and account creation. Reverting to the original plan. <span style="font-family:Georgia, serif;">Steven Walling (WMF) &bull; talk   22:22, 6 May 2013 (UTC)
 * Hey Steven, where's the correct place to discuss the content of Special:UserLogin? Despite having been here as long as I have, I find navigating the innards of MediaWiki fairly bewildering. Thanks! —  Scott  •  talk  14:51, 4 October 2013 (UTC)
 * Hey Scott. It just matters what the issue is. If it's a new idea, feel free to use the Village Pump for proposals. If it's a bug or a feature request, you can mention it on the technical Village Pump. Feel free to ping me if you do. <span style="font-family:Georgia, serif;">Steven Walling (WMF) &bull; talk   23:54, 4 October 2013 (UTC)