User:Sysy~metawiki/Andrew Johnson's account creation privilege hack

Taken from the mailing list, from Andrew Johnson's post (anj at

I currently manage two public instances of MediaWiki in a scientific
community. I can't allow just anybody to create an account or edit pages
on either of them, but I don't want to have to do all of the account
creation myself.  I am sufficiently trusting of my users that I think it
reasonable for any registered user to be allowed to create new users,
and I can see this as being a fairly common requirement for a semi-open
community.  To implement this I enclose a simple patch, which I'd like
to see folded into the MediaWiki distribution, or something equivalent.

I have basically extended the $wgWhitelistAccount array to include an
anonymous option, which now distinguishes a logged in user from someone
who is only known by their IP address (currently enabling 'user' in the
$wgWhitelistAccount array means anyone can get an account).  The code to
implement this is in User::isAllowedToCreateAccount()

The default behaviour after adding this patch is the same as before, and
most sites that have $wgWhitelistAccount defined in LocalSettings.php
file should not need to make any changes unless they wish to take
advantage of the new ability to distinguish between anonymous and
registered users.

- Andrew
Podiabombastic: The tendency to shoot oneself in the foot.

--- mediawiki-1.4.8/includes/DefaultSettings.php
+++ mediawiki/includes/DefaultSettings.php
@@ -455,7 +455,7 @@

 $wgWhitelistEdit = false;   # true = user must login to edit.
 $wgWhitelistRead = false;      # Pages anonymous user may see, like: =
array ( "Main Page", "Special:Userlogin", "Wikipedia:Help");
-$wgWhitelistAccount = array ( 'user' => 1, 'sysop' => 1, 'developer' =>
1 );
+$wgWhitelistAccount = array ( 'anonymous' => 1, 'user' => 1, 'sysop' =>
1, 'developer' => 1 );

 $wgAllowAnonymousMinor = false; # Allow anonymous users to mark
changes as 'minor'

--- mediawiki-1.4.8/includes/User.php
+++ mediawiki/includes/User.php
@@ -1187,8 +1187,10 @@
                $allowed = false;

                if (!$wgWhitelistAccount) { return 1; }; // default
+               $rights = $this->getRights();
+               if ($this->getID() > 0) { $rights[] = 'user'; }
                foreach ($wgWhitelistAccount as $right => $ok) {
-                       $userHasRight = (!strcmp($right, 'user') ||
in_array($right, $this->getRights()));
+                       $userHasRight = (!strcmp($right, 'anonymous') ||
in_array($right, $rights));
                        $allowed |= ($ok && $userHasRight);
                return $allowed;