Hello,
the password-check is currently done in "SpecialUserLogin.php" and
"SpecialPreferences.php". This patch moves the code to a new method in
User.php. This make it easier to hack a different authentication
mechanism in local installs of the Wikimedia software.
I removed the methods User->getPassword and User->getNewpassword because
they are not used any more by the Wikimedia code.
Hendrik
Index: includes/SpecialPreferences.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/SpecialPreferences.php,v
retrieving revision 1.49
diff -u -r1.49 SpecialPreferences.php
--- includes/SpecialPreferences.php 9 Jun 2004 13:04:51 -0000 1.49
+++ includes/SpecialPreferences.php 3 Jul 2004 08:59:50 -0000
@@ -134,12 +134,10 @@
$this->mainPrefsForm( wfMsg( "badretype" ) );
return;
}
- $ep = $wgUser->encryptPassword( $this->mOldpass );
- if ( $ep != $wgUser->getPassword() ) {
- if ( $ep != $wgUser->getNewpassword() ) {
- $this->mainPrefsForm( wfMsg( "wrongpassword" ) );
- return;
- }
+
+ if (!$wgUser->checkPassword( $this->mOldpass )) {
+ $this->mainPrefsForm( wfMsg( "wrongpassword" ) );
+ return;
}
$wgUser->setPassword( $this->mNewpass );
}
Index: includes/SpecialUserlogin.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/SpecialUserlogin.php,v
retrieving revision 1.39
diff -u -r1.39 SpecialUserlogin.php
--- includes/SpecialUserlogin.php 26 Jun 2004 04:10:48 -0000 1.39
+++ includes/SpecialUserlogin.php 3 Jul 2004 08:59:50 -0000
@@ -200,12 +200,9 @@
}
$u->setId( $id );
$u->loadFromDatabase();
- $ep = $u->encryptPassword( $this->mPassword );
- if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
- if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
- $this->mainLoginForm( wfMsg( "wrongpassword" ) );
- return;
- }
+ if (!$u->checkPassword( $this->mPassword )) {
+ $this->mainLoginForm( wfMsg( "wrongpassword" ) );
+ return;
}
# We've verified now, update the real record
Index: includes/User.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/User.php,v
retrieving revision 1.59
diff -u -r1.59 User.php
--- includes/User.php 26 Jun 2004 01:48:39 -0000 1.59
+++ includes/User.php 3 Jul 2004 08:59:50 -0000
@@ -320,16 +320,6 @@
return ($timestamp >= $this->mTouched);
}
- function getPassword() {
- $this->loadFromDatabase();
- return $this->mPassword;
- }
-
- function getNewpassword() {
- $this->loadFromDatabase();
- return $this->mNewpassword;
- }
-
function addSalt( $p ) {
global $wgPasswordSalt;
if($wgPasswordSalt)
@@ -724,6 +714,17 @@
function isNewbie() {
return $this->mId > User::getMaxID() * 0.99 && !$this->isSysop() || $this->getID() == 0;
}
+
+ function checkPassword( $password ) {
+ $this->loadFromDatabase();
+ $ep = $this->encryptPassword( $password );
+ if ( 0 != strcmp( $ep, $this->mPassword ) ) {
+ if ( 0 != strcmp( $ep, $this->mNewpassword ) ) {
+ return false;
+ }
+ }
+ return true;
+ }
}
?>