Hello,
the password-check is currently done in "SpecialUserLogin.php" and "SpecialPreferences.php". This patch moves the code to a new method in User.php. This make it easier to hack a different authentication mechanism in local installs of the Wikimedia software. I removed the methods User->getPassword and User->getNewpassword because they are not used any more by the Wikimedia code.
Hendrik
Index: includes/SpecialPreferences.php =================================================================== RCS file: /cvsroot/wikipedia/phase3/includes/SpecialPreferences.php,v retrieving revision 1.49 diff -u -r1.49 SpecialPreferences.php --- includes/SpecialPreferences.php 9 Jun 2004 13:04:51 -0000 1.49 +++ includes/SpecialPreferences.php 3 Jul 2004 08:59:50 -0000 @@ -134,12 +134,10 @@ $this->mainPrefsForm( wfMsg( "badretype" ) ); return; } - $ep = $wgUser->encryptPassword( $this->mOldpass ); - if ( $ep != $wgUser->getPassword() ) { - if ( $ep != $wgUser->getNewpassword() ) { - $this->mainPrefsForm( wfMsg( "wrongpassword" ) ); - return; - } + + if (!$wgUser->checkPassword( $this->mOldpass )) { + $this->mainPrefsForm( wfMsg( "wrongpassword" ) ); + return; } $wgUser->setPassword( $this->mNewpass ); } Index: includes/SpecialUserlogin.php =================================================================== RCS file: /cvsroot/wikipedia/phase3/includes/SpecialUserlogin.php,v retrieving revision 1.39 diff -u -r1.39 SpecialUserlogin.php --- includes/SpecialUserlogin.php 26 Jun 2004 04:10:48 -0000 1.39 +++ includes/SpecialUserlogin.php 3 Jul 2004 08:59:50 -0000 @@ -200,12 +200,9 @@ } $u->setId( $id ); $u->loadFromDatabase(); - $ep = $u->encryptPassword( $this->mPassword ); - if ( 0 != strcmp( $ep, $u->getPassword() ) ) { - if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) { - $this->mainLoginForm( wfMsg( "wrongpassword" ) ); - return; - } + if (!$u->checkPassword( $this->mPassword )) { + $this->mainLoginForm( wfMsg( "wrongpassword" ) ); + return; }
# We've verified now, update the real record Index: includes/User.php =================================================================== RCS file: /cvsroot/wikipedia/phase3/includes/User.php,v retrieving revision 1.59 diff -u -r1.59 User.php --- includes/User.php 26 Jun 2004 01:48:39 -0000 1.59 +++ includes/User.php 3 Jul 2004 08:59:50 -0000 @@ -320,16 +320,6 @@ return ($timestamp >= $this->mTouched); }
- function getPassword() { - $this->loadFromDatabase(); - return $this->mPassword; - } - - function getNewpassword() { - $this->loadFromDatabase(); - return $this->mNewpassword; - } - function addSalt( $p ) { global $wgPasswordSalt; if($wgPasswordSalt) @@ -724,6 +714,17 @@ function isNewbie() { return $this->mId > User::getMaxID() * 0.99 && !$this->isSysop() || $this->getID() == 0; } + + function checkPassword( $password ) { + $this->loadFromDatabase(); + $ep = $this->encryptPassword( $password ); + if ( 0 != strcmp( $ep, $this->mPassword ) ) { + if ( 0 != strcmp( $ep, $this->mNewpassword ) ) { + return false; + } + } + return true; + } }
?>