* (bug 16459) Use native getElementsByClassName where possible, for better
performance in modern browsers
* Enable \cancel and \cancelto in texvc (recompile required)
+* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions to implement
+ their own password hashing methods.
=== Bug fixes in 1.14 ===
'UserClearNewTalkNotification': called when clearing the "You have new messages!" message, return false to not delete it
$user: User (object) that'll clear the message
+'UserComparePasswords': called when checking passwords, return false to override the default password checks
+&$hash: String of the password hash (from the database)
+&$password: String of the plaintext password the user entered
+&$userId: Integer of the user's ID or Boolean false if the user ID was not supplied
+&$result: If the hook returns false, this Boolean value will be checked to determine if the password was valid
+
'UserCreateForm': change to manipulate the login form
$template: SimpleTemplate instance for the form
+'UserCryptPassword': called when hashing a password, return false to implement your own hashing method
+&$password: String of the plaintext password to encrypt
+&$salt: String of the password salt or Boolean false if no salt is provided
+&$wgPasswordSalt: Boolean of whether the salt is used in the default hashing method
+&$hash: If the hook returns false, this String will be used as the hash
+
'UserEffectiveGroups': Called in User::getEffectiveGroups()
$user: User to get groups for
&$groups: Current effective groups
static function crypt( $password, $salt = false ) {
global $wgPasswordSalt;
+ $hash = '';
+ if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
+ return $hash;
+ }
+
if( $wgPasswordSalt ) {
if ( $salt === false ) {
$salt = substr( wfGenerateToken(), 0, 8 );
static function comparePasswords( $hash, $password, $userId = false ) {
$m = false;
$type = substr( $hash, 0, 3 );
+
+ $result = false;
+ if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
+ return $result;
+ }
+
if ( $type == ':A:' ) {
# Unsalted
return md5( $password ) === substr( $hash, 3 );