public function authenticate($password) { # This might be wrong if anyone actually uses the UserComparePasswords hook # (on either end), so don't use this if you those are incompatible. return User::comparePasswords($this->mRow->user_password, $password, $this->mRow->user_id); }
function efSecurePasswordsValidate($password, &$result, $user) { // if the password matches the user's current password, then don't check for validity // this way users with passwords that don't fit the criteria can still log in :) if (($id = $user->getId()) !== 0) { $dbr = wfGetDB(DB_SLAVE); $hash = $dbr->selectField('user', 'user_password', 'user_id=' . $id); if (User::comparePasswords($hash, $password, $id)) { $result = true; return false; } } $ok = true; global $wgValidPasswords, $wgContLang, $wgSecurePasswordsSpecialChars, $wgLang, $wgUser; $lang = $wgContLang->getPreferredVariant(false); // check password length if (strlen($password) < $wgValidPasswords['minlength']) { $ok = false; } // check for a lowercase letter, if needed if ($wgValidPasswords['lowercase'] && !preg_match('/[a-z]/', $password)) { $ok = false; } // check for an uppercase letter, if needed if ($wgValidPasswords['uppercase'] && !preg_match('/[A-Z]/', $password)) { $ok = false; } // check for a digit, if needed if ($wgValidPasswords['digit'] && !preg_match('/[0-9]/', $password)) { $ok = false; } // check for a special character, if needed if ($wgValidPasswords['special'] && !preg_match('/[' . $wgSecurePasswordsSpecialChars . ']/', $password)) { $ok = false; } // check for the username, if needed if ($wgValidPasswords['usercheck'] && $wgContLang->lc($password) == $wgContLang->lc($user->getName())) { $ok = false; } // check for words, if needed if ($wgValidPasswords['wordcheck'] && function_exists('pspell_check')) { $link = pspell_new($lang, '', '', PSPELL_FAST | PSPELL_RUN_TOGETHER); if ($link) { if (pspell_check($link, $password)) { $ok = false; } } if ($lang != 'en') { $link = pspell_new('en', '', '', PSPELL_FAST | PSPELL_RUN_TOGETHER); if ($link) { if (pspell_check($link, $password)) { $ok = false; } } } } if (!$ok) { $conds = array(wfMsgExt('securepasswords-minlength', array('parsemag'), $wgValidPasswords['minlength'])); if ($wgValidPasswords['lowercase']) { $conds[] = wfMsg('securepasswords-lowercase'); } if ($wgValidPasswords['uppercase']) { $conds[] = wfMsg('securepasswords-uppercase'); } if ($wgValidPasswords['digit']) { $conds[] = wfMsg('securepasswords-digit'); } if ($wgValidPasswords['special']) { $conds[] = wfMsg('securepasswords-special', str_replace('\\', '', $wgSecurePasswordsSpecialChars)); } if ($wgValidPasswords['usercheck']) { $conds[] = wfMsgExt('securepasswords-username', array('parsemag'), $wgUser->getName()); } if ($wgValidPasswords['wordcheck']) { $conds[] = wfMsg('securepasswords-word'); } $result = array('securepasswords-valid', $wgLang->listToText($conds)); return false; } $result = true; return false; }
public function authenticate($password) { $this->lastAuthenticationError = null; $result = null; $errorMessageKey = null; wfRunHooks('UserCheckPassword', [$this->getId(), $this->getName(), $this->getPassword(), $password, &$result, &$errorMessageKey]); if ($result === null) { $result = User::comparePasswords($this->getPassword(), $password, $this->getId()); } if ($errorMessageKey) { $this->lastAuthenticationError = $errorMessageKey; } return $result; }
/** * @param $plaintext String User-provided password plaintext. * @param $salt String The hash "salt", eg a local id for migrated passwords. * @param $encrypted String Fully salted and hashed database crypto text from db. * @return Bool true on match. */ protected function matchHash($plaintext, $salt, $encrypted) { if (User::comparePasswords($encrypted, $plaintext, $salt)) { return true; } elseif (function_exists('iconv')) { // Some wikis were converted from ISO 8859-1 to UTF-8; // retained hashes may contain non-latin chars. $latin1 = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $plaintext); if (User::comparePasswords($encrypted, $latin1, $salt)) { return true; } } return false; }
public function authenticate($password) { # This might be wrong if anyone actually uses the UserComparePasswords hook # (on either end), so don't use this if you those are incompatible. wfDebug(__METHOD__ . ": " . $this->getId() . " \n"); return User::comparePasswords($this->getPassword(), $password, $this->getId()); }