Exemplo n.º 1
0
 public function authenticate($password)
 {
     # This might be wrong if anyone actually uses the UserComparePasswords hook
     # (on either end), so don't use this if you those are incompatible.
     return User::comparePasswords($this->mRow->user_password, $password, $this->mRow->user_id);
 }
Exemplo n.º 2
0
function efSecurePasswordsValidate($password, &$result, $user)
{
    // if the password matches the user's current password, then don't check for validity
    // this way users with passwords that don't fit the criteria can still log in :)
    if (($id = $user->getId()) !== 0) {
        $dbr = wfGetDB(DB_SLAVE);
        $hash = $dbr->selectField('user', 'user_password', 'user_id=' . $id);
        if (User::comparePasswords($hash, $password, $id)) {
            $result = true;
            return false;
        }
    }
    $ok = true;
    global $wgValidPasswords, $wgContLang, $wgSecurePasswordsSpecialChars, $wgLang, $wgUser;
    $lang = $wgContLang->getPreferredVariant(false);
    // check password length
    if (strlen($password) < $wgValidPasswords['minlength']) {
        $ok = false;
    }
    // check for a lowercase letter, if needed
    if ($wgValidPasswords['lowercase'] && !preg_match('/[a-z]/', $password)) {
        $ok = false;
    }
    // check for an uppercase letter, if needed
    if ($wgValidPasswords['uppercase'] && !preg_match('/[A-Z]/', $password)) {
        $ok = false;
    }
    // check for a digit, if needed
    if ($wgValidPasswords['digit'] && !preg_match('/[0-9]/', $password)) {
        $ok = false;
    }
    // check for a special character, if needed
    if ($wgValidPasswords['special'] && !preg_match('/[' . $wgSecurePasswordsSpecialChars . ']/', $password)) {
        $ok = false;
    }
    // check for the username, if needed
    if ($wgValidPasswords['usercheck'] && $wgContLang->lc($password) == $wgContLang->lc($user->getName())) {
        $ok = false;
    }
    // check for words, if needed
    if ($wgValidPasswords['wordcheck'] && function_exists('pspell_check')) {
        $link = pspell_new($lang, '', '', PSPELL_FAST | PSPELL_RUN_TOGETHER);
        if ($link) {
            if (pspell_check($link, $password)) {
                $ok = false;
            }
        }
        if ($lang != 'en') {
            $link = pspell_new('en', '', '', PSPELL_FAST | PSPELL_RUN_TOGETHER);
            if ($link) {
                if (pspell_check($link, $password)) {
                    $ok = false;
                }
            }
        }
    }
    if (!$ok) {
        $conds = array(wfMsgExt('securepasswords-minlength', array('parsemag'), $wgValidPasswords['minlength']));
        if ($wgValidPasswords['lowercase']) {
            $conds[] = wfMsg('securepasswords-lowercase');
        }
        if ($wgValidPasswords['uppercase']) {
            $conds[] = wfMsg('securepasswords-uppercase');
        }
        if ($wgValidPasswords['digit']) {
            $conds[] = wfMsg('securepasswords-digit');
        }
        if ($wgValidPasswords['special']) {
            $conds[] = wfMsg('securepasswords-special', str_replace('\\', '', $wgSecurePasswordsSpecialChars));
        }
        if ($wgValidPasswords['usercheck']) {
            $conds[] = wfMsgExt('securepasswords-username', array('parsemag'), $wgUser->getName());
        }
        if ($wgValidPasswords['wordcheck']) {
            $conds[] = wfMsg('securepasswords-word');
        }
        $result = array('securepasswords-valid', $wgLang->listToText($conds));
        return false;
    }
    $result = true;
    return false;
}
Exemplo n.º 3
0
 public function authenticate($password)
 {
     $this->lastAuthenticationError = null;
     $result = null;
     $errorMessageKey = null;
     wfRunHooks('UserCheckPassword', [$this->getId(), $this->getName(), $this->getPassword(), $password, &$result, &$errorMessageKey]);
     if ($result === null) {
         $result = User::comparePasswords($this->getPassword(), $password, $this->getId());
     }
     if ($errorMessageKey) {
         $this->lastAuthenticationError = $errorMessageKey;
     }
     return $result;
 }
 /**
  * @param $plaintext  String User-provided password plaintext.
  * @param $salt       String The hash "salt", eg a local id for migrated passwords.
  * @param $encrypted  String Fully salted and hashed database crypto text from db.
  * @return Bool true on match.
  */
 protected function matchHash($plaintext, $salt, $encrypted)
 {
     if (User::comparePasswords($encrypted, $plaintext, $salt)) {
         return true;
     } elseif (function_exists('iconv')) {
         // Some wikis were converted from ISO 8859-1 to UTF-8;
         // retained hashes may contain non-latin chars.
         $latin1 = iconv('UTF-8', 'WINDOWS-1252//TRANSLIT', $plaintext);
         if (User::comparePasswords($encrypted, $latin1, $salt)) {
             return true;
         }
     }
     return false;
 }
Exemplo n.º 5
0
 public function authenticate($password)
 {
     # This might be wrong if anyone actually uses the UserComparePasswords hook
     # (on either end), so don't use this if you those are incompatible.
     wfDebug(__METHOD__ . ": " . $this->getId() . " \n");
     return User::comparePasswords($this->getPassword(), $password, $this->getId());
 }