Beispiel #1
0
 /**
  * Check to see if the given clear-text password is one of the accepted passwords
  * @deprecated since 1.27. AuthManager is coming.
  * @param string $password User password
  * @return bool True if the given password is correct, otherwise False
  */
 public function checkPassword($password)
 {
     global $wgAuth, $wgLegacyEncoding;
     $this->load();
     // Some passwords will give a fatal Status, which means there is
     // some sort of technical or security reason for this password to
     // be completely invalid and should never be checked (e.g., T64685)
     if (!$this->checkPasswordValidity($password)->isOK()) {
         return false;
     }
     // Certain authentication plugins do NOT want to save
     // domain passwords in a mysql database, so we should
     // check this (in case $wgAuth->strict() is false).
     if ($wgAuth->authenticate($this->getName(), $password)) {
         return true;
     } elseif ($wgAuth->strict()) {
         // Auth plugin doesn't allow local authentication
         return false;
     } elseif ($wgAuth->strictUserAuth($this->getName())) {
         // Auth plugin doesn't allow local authentication for this user name
         return false;
     }
     $passwordFactory = new PasswordFactory();
     $passwordFactory->init(RequestContext::getMain()->getConfig());
     $db = $this->queryFlagsUsed & self::READ_LATEST ? wfGetDB(DB_MASTER) : wfGetDB(DB_SLAVE);
     try {
         $mPassword = $passwordFactory->newFromCiphertext($db->selectField('user', 'user_password', array('user_id' => $this->getId()), __METHOD__));
     } catch (PasswordError $e) {
         wfDebug('Invalid password hash found in database.');
         $mPassword = PasswordFactory::newInvalidPassword();
     }
     if (!$mPassword->equals($password)) {
         if ($wgLegacyEncoding) {
             // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
             // Check for this with iconv
             $cp1252Password = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $password);
             if ($cp1252Password === $password || !$mPassword->equals($cp1252Password)) {
                 return false;
             }
         } else {
             return false;
         }
     }
     if ($passwordFactory->needsUpdate($mPassword) && !wfReadOnly()) {
         $this->setPasswordInternal($password);
     }
     return true;
 }
Beispiel #2
0
 /**
  * Check to see if the given clear-text password is one of the accepted passwords
  * @deprecated since 1.27, use AuthManager instead
  * @param string $password User password
  * @return bool True if the given password is correct, otherwise False
  */
 public function checkPassword($password)
 {
     global $wgAuth, $wgLegacyEncoding, $wgDisableAuthManager;
     if ($wgDisableAuthManager) {
         $this->load();
         // Some passwords will give a fatal Status, which means there is
         // some sort of technical or security reason for this password to
         // be completely invalid and should never be checked (e.g., T64685)
         if (!$this->checkPasswordValidity($password)->isOK()) {
             return false;
         }
         // Certain authentication plugins do NOT want to save
         // domain passwords in a mysql database, so we should
         // check this (in case $wgAuth->strict() is false).
         if ($wgAuth->authenticate($this->getName(), $password)) {
             return true;
         } elseif ($wgAuth->strict()) {
             // Auth plugin doesn't allow local authentication
             return false;
         } elseif ($wgAuth->strictUserAuth($this->getName())) {
             // Auth plugin doesn't allow local authentication for this user name
             return false;
         }
         $passwordFactory = new PasswordFactory();
         $passwordFactory->init(RequestContext::getMain()->getConfig());
         $db = $this->queryFlagsUsed & self::READ_LATEST ? wfGetDB(DB_MASTER) : wfGetDB(DB_SLAVE);
         try {
             $mPassword = $passwordFactory->newFromCiphertext($db->selectField('user', 'user_password', ['user_id' => $this->getId()], __METHOD__));
         } catch (PasswordError $e) {
             wfDebug('Invalid password hash found in database.');
             $mPassword = PasswordFactory::newInvalidPassword();
         }
         if (!$mPassword->equals($password)) {
             if ($wgLegacyEncoding) {
                 // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
                 // Check for this with iconv
                 $cp1252Password = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $password);
                 if ($cp1252Password === $password || !$mPassword->equals($cp1252Password)) {
                     return false;
                 }
             } else {
                 return false;
             }
         }
         if ($passwordFactory->needsUpdate($mPassword) && !wfReadOnly()) {
             $this->setPasswordInternal($password);
         }
         return true;
     } else {
         $manager = AuthManager::singleton();
         $reqs = AuthenticationRequest::loadRequestsFromSubmission($manager->getAuthenticationRequests(AuthManager::ACTION_LOGIN), ['username' => $this->getName(), 'password' => $password]);
         $res = AuthManager::singleton()->beginAuthentication($reqs, 'null:');
         switch ($res->status) {
             case AuthenticationResponse::PASS:
                 return true;
             case AuthenticationResponse::FAIL:
                 // Hope it's not a PreAuthenticationProvider that failed...
                 \MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Authentication failed: ' . $res->message->plain());
                 return false;
             default:
                 throw new BadMethodCallException('AuthManager returned a response unsupported by ' . __METHOD__);
         }
     }
 }