From 575accae5846fe243fcca44711a5094e79236c44 Mon Sep 17 00:00:00 2001
From: Platonides <platonides@users.mediawiki.org>
Date: Sun, 26 Dec 2010 22:55:32 +0000
Subject: [PATCH] Revert r75588 and r77381. Block just the tainted pairs of
 username/passwords until a proper solution for weak passwords is added,
 hopefully for 1.18.

---
 includes/DefaultSettings.php      |  6 ------
 includes/User.php                 | 24 ++++++++++++++++++------
 languages/messages/MessagesEn.php |  2 +-
 maintenance/language/messages.inc |  2 +-
 4 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 7368d60592..48f8aed14c 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2882,12 +2882,6 @@ $wgMinimalPasswordLength = 1;
  */
 $wgLivePasswordStrengthChecks = false;
 
-/**
- * List of weak passwords which shouldn't be allowed.
- * The items should be in lowercase. The check is case insensitive.
- */
-$wgWeakPasswords = array( 'password', 'passpass', 'passpass1' );
-
 /**
  * Maximum number of Unicode characters in signature
  */
diff --git a/includes/User.php b/includes/User.php
index 2f8e53c065..4f63fb790d 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -602,22 +602,25 @@ class User {
 	 * @return mixed: true on success, string of error message on failure
 	 */
 	function getPasswordValidity( $password ) {
-		global $wgMinimalPasswordLength, $wgWeakPasswords, $wgContLang;
+		global $wgMinimalPasswordLength, $wgContLang;
+		
+		static $blockedLogins = array(
+			'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
+			'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
+		);
 
 		$result = false; //init $result to false for the internal checks
 
 		if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
 			return $result;
 
-		$lcPassword = $wgContLang->lc( $password );
-
 		if ( $result === false ) {
 			if( strlen( $password ) < $wgMinimalPasswordLength ) {
 				return 'passwordtooshort';
-			} elseif ( $lcPassword == $wgContLang->lc( $this->mName ) ) {
+			} elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
 				return 'password-name-match';
-			} elseif ( in_array( $lcPassword, $wgWeakPasswords ) ) {
-				return 'password-too-weak';
+			} elseif ( isset( $blockedLogins[ $this->getName() ] ) && $password == $blockedLogins[ $this->getName() ] ) {
+				return 'password-login-forbidden';
 			} else {
 				//it seems weird returning true here, but this is because of the
 				//initialization of $result to false above. If the hook is never run or it
@@ -2778,6 +2781,15 @@ class User {
 		global $wgAuth;
 		$this->load();
 
+		// Even though we stop people from creating passwords that
+		// are shorter than this, doesn't mean people wont be able
+		// to. Certain authentication plugins do NOT want to save
+		// domain passwords in a mysql database, so we should
+		// check this (in case $wgAuth->strict() is false).
+		if( !$this->isValidPassword( $password ) ) {
+			return false;
+		}
+
 		if( $wgAuth->authenticate( $this->getName(), $password ) ) {
 			return true;
 		} elseif( $wgAuth->strict() ) {
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index b169ee8a74..388155ffe9 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1094,7 +1094,7 @@ Please try again.',
 Please try again.',
 'passwordtooshort'           => 'Passwords must be at least {{PLURAL:$1|1 character|$1 characters}}.',
 'password-name-match'        => 'Your password must be different from your username.',
-'password-too-weak'          => 'The provided password is too weak and cannot be used.',
+'password-login-forbidden'   => 'The use of these username and password has been forbidden.',
 'mailmypassword'             => 'E-mail new password',
 'passwordremindertitle'      => 'New temporary password for {{SITENAME}}',
 'passwordremindertext'       => 'Someone (probably you, from IP address $1) requested a new
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 06dfc18f30..56b0e567e1 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -451,7 +451,7 @@ $wgMessageStructure = array(
 		'wrongpasswordempty',
 		'passwordtooshort',
 		'password-name-match',
-		'password-too-weak',
+		'password-login-forbidden',
 		'mailmypassword',
 		'passwordremindertitle',
 		'passwordremindertext',
-- 
2.20.1