In login-throttled, specify how long you have to wait before logging in

Throttle time will be enough to give an idea of the time to wait.
The actual time seems to be the time since the first of the last n
attempts in time t as per $wgPasswordAttemptThrottle, but it does not
seem too bad if the user gets a new full pool of allowed attempts.

Bug: 46965
Change-Id: Id385be840f340476fbe7a818ff1d05154fe86d68

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index df1b16e..cfd617e 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -734,7 +734,7 @@ class LoginForm extends SpecialPage {
        }
 
        function processLogin() {
-               global $wgMemc, $wgLang, $wgSecureLogin;
+               global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle;
 
                switch ( $this->authenticateUserData() ) {
                        case self::SUCCESS:
@@ -810,7 +810,10 @@ class LoginForm extends SpecialPage {
                                $this->userBlockedMessage( $this->getUser()->isBlockedFromCreateAccount() );
                                break;
                        case self::THROTTLED:
-                               $this->mainLoginForm( $this->msg( 'login-throttled' )->text() );
+                               $this->mainLoginForm( $this->msg( 'login-throttled' )
+                               ->params ( $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) )
+                               ->text()
+                               );
                                break;
                        case self::USER_BLOCKED:
                                $this->mainLoginForm( $this->msg( 'login-userblocked',

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 67fe889..bfe6bd0 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1246,7 +1246,7 @@ You should log in and change your password now.
 You may ignore this message, if this account was created in error.',
 'usernamehasherror'               => 'Username cannot contain hash characters',
 'login-throttled'                 => 'You have made too many recent login attempts.
-Please wait before trying again.',
+Please wait $1 before trying again.',
 'login-abort-generic'             => 'Your login was unsuccessful - Aborted',
 'loginlanguagelabel'              => 'Language: $1',
 'loginlanguagelinks'              => '* {{#language:de}}|de

diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 8665330..3cfc222 100644 (file)
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1466,7 +1466,9 @@ See also:
 *Parameter $2 is the name entered as username.
 *Parameter $3 is a password (randomly generated).
 *Parameter $4 is a URL to the wiki',
-'login-throttled' => 'Error message shown at [[Special:UserLogin]] after 5 wrong passwords. The hardcoded waiting time is 300 seconds.',
+'login-throttled' => 'Error message shown at [[Special:UserLogin]] after the user has tried to login with incorrect password too many times. The user has to wait a certain time before trying to log in again.
+* $1: the time to wait before the next login attempt. Automatically formatted using the [//www.mediawiki.org/w/index.php?title=Special%3AAllMessages&prefix=duration&filter=all duration-* messages].
+This is a protection against robots trying to find the password by trying lots of them. The number of attempts and waiting time are configured via [[mw:Manual:$wgPasswordAttemptThrottle|$wgPasswordAttemptThrottle]].',
 'login-abort-generic' => 'The generic unsuccessful login message is used unless otherwise specified by hook writers',
 'loginlanguagelabel' => 'Used on [[Special:UserLogin]] if $wgLoginLanguageSelector is true. $1 is a pipe-separated list built from the names that appear in the message {{msg-mw|Loginlanguagelinks}}.
 {{Identical|Language}}',