* function isValidPassword modified to return boolean(true/false)

* Added function getPasswordValidity return error message on failure for the given unvalidated password input.
* Replaced isValidPassword() fn call to getPasswordValidity() in SpecialUserlogin.php

diff --git a/config/Installer.php b/config/Installer.php
index 67e390b..13ccc25 100644 (file)
--- a/config/Installer.php
+++ b/config/Installer.php
@@ -713,7 +713,7 @@ if( $conf->SysopName ) {
                # Various password checks
                if( $conf->SysopPass != '' ) {
                        if( $conf->SysopPass == $conf->SysopPass2 ) {
-                               if( $u->isValidPassword( $conf->SysopPass ) !== true ) {
+                               if( !$u->isValidPassword( $conf->SysopPass ) ) {
                                        $errs['SysopPass'] = "Bad password";
                                }
                        } else {

diff --git a/docs/hooks.txt b/docs/hooks.txt
index 1fec326..3671b3c 100644 (file)
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -864,7 +864,7 @@ $addr: The e-mail address entered by the user
 
 'isValidPassword': Override the result of User::isValidPassword()
 $password: The password entered by the user
-&$result: Set this to either true (passes) or the key for a message error
+&$result: Set this and return false to override the internal checks
 $user: User the password is being validated for
 
 'LanguageGetMagic': DEPRECATED, use $magicWords in a file listed in 

diff --git a/includes/User.php b/includes/User.php
index 29b8184..3549158 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -619,20 +619,38 @@ class User {
         * Is the input a valid password for this user?
         *
         * @param $password String Desired password
-        * @return mixed: true on success, string of error message on failure
+        * @return bool True or false
         */
        function isValidPassword( $password ) {
                global $wgMinimalPasswordLength, $wgContLang;
 
                if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
                        return $result;
+               if( $result === false )
+                       return false;
+ 
+               // Password needs to be long enough, and can't be the same as the username
+               return strlen( $password ) >= $wgMinimalPasswordLength
+                       && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName );
+       }
 
-               // Password needs to be long enough
-               if( strlen( $password ) < $wgMinimalPasswordLength ) {
-                       return 'passwordtooshort';
-               } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
-                       return 'password-name-match';
-               } else {
+       /**
+        * Given unvalidated password input, return error message on failure.
+        *
+        * @param $password String Desired password
+        * @return mixed: true on success, string of error message on failure
+        */
+       static function getPasswordValidity( $password ) {
+               global $wgMinimalPasswordLength, $wgContLang;
+               
+               if(!$this->isValidPassword( $password ))        {
+                       if( strlen( $password ) < $wgMinimalPasswordLength ) {
+                               return 'passwordtooshort';
+                       } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
+                               return 'password-name-match';
+                       }
+               }
+               else    {
                        return true;
                }
        }
@@ -1735,13 +1753,13 @@ class User {
                        if( !$wgAuth->allowPasswordChange() ) {
                                throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
                        }
-
-                       $valid = $this->isValidPassword( $str );
-                       if( $valid !== true ) {
-                               global $wgMinimalPasswordLength;
+ 
+                       if( !$this->isValidPassword( $str ) ) {
+                               global $wgMinimalPasswordLength;
+                               $valid = $this->getPasswordValidity( $str );
                                throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
                                        $wgMinimalPasswordLength ) );
-                       }
+                       }
                }
 
                if( !$wgAuth->setPassword( $this, $str ) ) {
@@ -2720,7 +2738,7 @@ class User {
                // to. Certain authentication plugins do NOT want to save
                // domain passwords in a mysql database, so we should
                // check this (incase $wgAuth->strict() is false).
-               if( $this->isValidPassword( $password ) !== true ) {
+               if( !$this->isValidPassword( $password ) ) {
                        return false;
                }
 

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index e20105e..f8be43b 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -283,7 +283,7 @@ class LoginForm {
                }
 
                # check for minimal password length
-               $valid = $u->isValidPassword( $this->mPassword );
+               $valid = $u->getPasswordValidity( $this->mPassword );
                if ( $valid !== true ) {
                        if ( !$this->mCreateaccountMail ) {
                                $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) );