Merge "Fix interpretation of "A-type" password hashes"

diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 88df68d..b68c368 100644 (file)
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -104,7 +104,7 @@ class LocalPasswordPrimaryAuthenticationProvider
                // The old hash format was just an md5 hex hash, with no type information
                if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) {
                        if ( $this->config->get( 'PasswordSalt' ) ) {
-                               $row->user_password = ":A:{$row->user_id}:{$row->user_password}";
+                               $row->user_password = ":B:{$row->user_id}:{$row->user_password}";
                        } else {
                                $row->user_password = ":A:{$row->user_password}";
                        }

diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php
index 84675c1..360485e 100644 (file)
--- a/includes/password/MWOldPassword.php
+++ b/includes/password/MWOldPassword.php
@@ -36,14 +36,8 @@ class MWOldPassword extends ParameterizedPassword {
        }
 
        public function crypt( $plaintext ) {
-               global $wgPasswordSalt;
-
-               if ( $wgPasswordSalt && count( $this->args ) === 1 ) {
-                       $this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
-               } else {
-                       $this->args = [];
-                       $this->hash = md5( $plaintext );
-               }
+               $this->args = [];
+               $this->hash = md5( $plaintext );
 
                if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
                        throw new PasswordError( 'Error when hashing password.' );