/** * Check to see if the given clear-text password is one of the accepted passwords * @deprecated since 1.27. AuthManager is coming. * @param string $password User password * @return bool True if the given password is correct, otherwise False */ public function checkPassword($password) { global $wgAuth, $wgLegacyEncoding; $this->load(); // Some passwords will give a fatal Status, which means there is // some sort of technical or security reason for this password to // be completely invalid and should never be checked (e.g., T64685) if (!$this->checkPasswordValidity($password)->isOK()) { return false; } // Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (in case $wgAuth->strict() is false). if ($wgAuth->authenticate($this->getName(), $password)) { return true; } elseif ($wgAuth->strict()) { // Auth plugin doesn't allow local authentication return false; } elseif ($wgAuth->strictUserAuth($this->getName())) { // Auth plugin doesn't allow local authentication for this user name return false; } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $db = $this->queryFlagsUsed & self::READ_LATEST ? wfGetDB(DB_MASTER) : wfGetDB(DB_SLAVE); try { $mPassword = $passwordFactory->newFromCiphertext($db->selectField('user', 'user_password', array('user_id' => $this->getId()), __METHOD__)); } catch (PasswordError $e) { wfDebug('Invalid password hash found in database.'); $mPassword = PasswordFactory::newInvalidPassword(); } if (!$mPassword->equals($password)) { if ($wgLegacyEncoding) { // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted // Check for this with iconv $cp1252Password = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $password); if ($cp1252Password === $password || !$mPassword->equals($cp1252Password)) { return false; } } else { return false; } } if ($passwordFactory->needsUpdate($mPassword) && !wfReadOnly()) { $this->setPasswordInternal($password); } return true; }
/** * Check to see if the given clear-text password is one of the accepted passwords * @deprecated since 1.27, use AuthManager instead * @param string $password User password * @return bool True if the given password is correct, otherwise False */ public function checkPassword($password) { global $wgAuth, $wgLegacyEncoding, $wgDisableAuthManager; if ($wgDisableAuthManager) { $this->load(); // Some passwords will give a fatal Status, which means there is // some sort of technical or security reason for this password to // be completely invalid and should never be checked (e.g., T64685) if (!$this->checkPasswordValidity($password)->isOK()) { return false; } // Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (in case $wgAuth->strict() is false). if ($wgAuth->authenticate($this->getName(), $password)) { return true; } elseif ($wgAuth->strict()) { // Auth plugin doesn't allow local authentication return false; } elseif ($wgAuth->strictUserAuth($this->getName())) { // Auth plugin doesn't allow local authentication for this user name return false; } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $db = $this->queryFlagsUsed & self::READ_LATEST ? wfGetDB(DB_MASTER) : wfGetDB(DB_SLAVE); try { $mPassword = $passwordFactory->newFromCiphertext($db->selectField('user', 'user_password', ['user_id' => $this->getId()], __METHOD__)); } catch (PasswordError $e) { wfDebug('Invalid password hash found in database.'); $mPassword = PasswordFactory::newInvalidPassword(); } if (!$mPassword->equals($password)) { if ($wgLegacyEncoding) { // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted // Check for this with iconv $cp1252Password = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $password); if ($cp1252Password === $password || !$mPassword->equals($cp1252Password)) { return false; } } else { return false; } } if ($passwordFactory->needsUpdate($mPassword) && !wfReadOnly()) { $this->setPasswordInternal($password); } return true; } else { $manager = AuthManager::singleton(); $reqs = AuthenticationRequest::loadRequestsFromSubmission($manager->getAuthenticationRequests(AuthManager::ACTION_LOGIN), ['username' => $this->getName(), 'password' => $password]); $res = AuthManager::singleton()->beginAuthentication($reqs, 'null:'); switch ($res->status) { case AuthenticationResponse::PASS: return true; case AuthenticationResponse::FAIL: // Hope it's not a PreAuthenticationProvider that failed... \MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Authentication failed: ' . $res->message->plain()); return false; default: throw new BadMethodCallException('AuthManager returned a response unsupported by ' . __METHOD__); } } }