[Patch] Moving password-check to User.php - Wikitech-l

3 Jul 2004

Hello,
the password-check is currently done in "SpecialUserLogin.php" and
"SpecialPreferences.php". This patch moves the code to a new method in
User.php. This make it easier to hack a different authentication
mechanism in local installs of the Wikimedia software.
I removed the methods User->getPassword and User->getNewpassword because
they are not used any more by the Wikimedia code.
Hendrik
Index: includes/SpecialPreferences.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/SpecialPreferences.php,v
retrieving revision 1.49
diff -u -r1.49 SpecialPreferences.php

--- includes/SpecialPreferences.php	9 Jun 2004 13:04:51 -0000	1.49
+++ includes/SpecialPreferences.php	3 Jul 2004 08:59:50 -0000
@@ -134,12 +134,10 @@
    			$this->mainPrefsForm( wfMsg( "badretype" ) );			
    			return;
    		}
-			$ep = $wgUser->encryptPassword( $this->mOldpass );
-			if ( $ep != $wgUser->getPassword() ) {
-				if ( $ep != $wgUser->getNewpassword() ) {
-					$this->mainPrefsForm( wfMsg( "wrongpassword" ) );
-					return;
-				}
+
+			if (!$wgUser->checkPassword( $this->mOldpass )) {
+				$this->mainPrefsForm( wfMsg( "wrongpassword" ) );
+				return;
    		}
    		$wgUser->setPassword( $this->mNewpass );
    	}
Index: includes/SpecialUserlogin.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/SpecialUserlogin.php,v
retrieving revision 1.39
diff -u -r1.39 SpecialUserlogin.php
--- includes/SpecialUserlogin.php	26 Jun 2004 04:10:48 -0000	1.39
+++ includes/SpecialUserlogin.php	3 Jul 2004 08:59:50 -0000
@@ -200,12 +200,9 @@
    	}
    	$u->setId( $id );
    	$u->loadFromDatabase();
-		$ep = $u->encryptPassword( $this->mPassword );
-		if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
-			if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
-				$this->mainLoginForm( wfMsg( "wrongpassword" ) );
-				return;
-			}
+		if (!$u->checkPassword( $this->mPassword )) {
+			$this->mainLoginForm( wfMsg( "wrongpassword" ) );
+			return;
    	}
# We've verified now, update the real record
Index: includes/User.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/User.php,v
retrieving revision 1.59
diff -u -r1.59 User.php
--- includes/User.php	26 Jun 2004 01:48:39 -0000	1.59
+++ includes/User.php	3 Jul 2004 08:59:50 -0000
@@ -320,16 +320,6 @@
    	return ($timestamp >= $this->mTouched);
    }
-	function getPassword() {
-		$this->loadFromDatabase();
-		return $this->mPassword;
-	}
-
-	function getNewpassword() {
-		$this->loadFromDatabase();
-		return $this->mNewpassword;
-	}
-
    function addSalt( $p ) {
    	global $wgPasswordSalt;
    	if($wgPasswordSalt)
@@ -724,6 +714,17 @@
    function isNewbie() {
    	return $this->mId > User::getMaxID() * 0.99 && !$this->isSysop() || $this->getID() == 0;
    }
+	
+	function checkPassword( $password ) {
+		$this->loadFromDatabase();
+		$ep = $this->encryptPassword( $password );
+		if ( 0 != strcmp( $ep, $this->mPassword ) ) {
+			if ( 0 != strcmp( $ep, $this->mNewpassword ) ) {
+				return false;
+			}
+		}
+		return true;
+	}
 }
?>

    