Richard K Miller wrote:
It appears the user.user_password field changed in the upgrade from 1.12 to 1.13, but I didn't see any mention of it in the Release Notes.
I'm using $wgPasswordSalt = false so I can connect mod_auth_mysql to the user table for password protection. (See my blog post at http://tinyurl.com/y7ue8k)
In MediaWiki 1.13, with password salting turned off, the password 32 byte MD5 hash is now prepended with a letter and the user_id. For example:
76cecfa967423834abdbd1c8a8ac4125 (user_password in 1.12) :B:1:76cecfa967423834abdbd1c8a8ac4125 (user_password in 1.13)
Could someone please point me to information about this change? Is it possible to disable this password prefix so it will continue to be only an MD5 hash?
Best regards, Richard
It was documented three months ago on wikitech-l. Shoul dbe on release notes, though. http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/38503
In the new format, you would need to prefix with ":A:" the md5 hashes. You probably need to modify crypt() on User.php to avoid generation of passwords in the new format.