From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 26 Apr 2007 21:45:11 +0000 (+0000)
Subject: * (bug 3348) Some additional weak password checks: password which is same as username... 
X-Git-Tag: 1.31.0-rc.0~53213
X-Git-Url: http://git.cyclocoop.org/%22.%24info%5B?a=commitdiff_plain;h=1dbaeb19dd5ea43abe6008f373079cd56445640b;p=lhc%2Fweb%2Fwiklou.git

* (bug 3348) Some additional weak password checks: password which is same as username will now be rejected.

There are some UI issues still with handling of bad/weak passwords. It's not too clear to the legit user who tries to log in again. There's also some bad behavior on the create account form; short or bad passwords just give an exception backtrace. Nice. :) But that's existing problems...
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 29c179d54d..c887a01931 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -356,6 +356,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   converted from 1.4 to 1.5 schema
 * (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
 * (bug 5959) Anchors dropped from stub links
+* (bug 3348) Some additional weak password checks: password which is same
+  as username will now be rejected.
 
 
 == Maintenance ==
diff --git a/includes/User.php b/includes/User.php
index 6f97371b5f..5b840d77eb 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -487,15 +487,15 @@ class User {
 	 *
 	 * @param string $password
 	 * @return bool
-	 * @static
 	 */
-	static function isValidPassword( $password ) {
-		global $wgMinimalPasswordLength;
+	function isValidPassword( $password ) {
+		global $wgMinimalPasswordLength, $wgContLang;
 
 		$result = null;
 		if( !wfRunHooks( 'isValidPassword', array( $password, &$result ) ) ) return $result;
-		if ($result === false) return false; 
-		return (strlen( $password ) >= $wgMinimalPasswordLength);
+		if ($result === false) return false;
+		return (strlen( $password ) >= $wgMinimalPasswordLength) &&
+			($wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ));
 	}
 
 	/**
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 64e1dbdac9..c5cf36689d 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2416,7 +2416,7 @@ All transwiki import actions are logged at the [[Special:Log/import|import log]]
 'variantname-kk-cn' => 'kk-cn',
 'variantname-kk' => 'kk',
 
-'passwordtooshort' => 'Your password is too short. It must have at least $1 characters.',
+'passwordtooshort' => 'Your password is invalid or too short. It must have at least $1 characters and be different from your username.',
 
 # Metadata
 'metadata' => 'Metadata',