From 8236e856e71141b79a33c31fd0153c23128981c0 Mon Sep 17 00:00:00 2001 From: addshore Date: Thu, 26 Jan 2017 20:00:57 +0100 Subject: [PATCH] Remove User::crypt() & User::comparePasswords() These have both been deprecated since 1.24 Hard deprecation happened back in 2014 Both methods are still used by the SecurePasswords extension, but this extension is documented on mw.org as not working with MW1.24+. I can find no other uses. Lets finally get rid of these! Change-Id: I94a7b65d2216bbc505e190af3182de2317976ed1 --- RELEASE-NOTES-1.29 | 2 ++ includes/user/User.php | 48 ------------------------------------------ 2 files changed, 2 insertions(+), 48 deletions(-) diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 0874513563..09ad0b56f3 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -226,6 +226,8 @@ changes to languages because of Phabricator reports. UsersPager::buildGroupLink() was changed from a static to an instance method. * The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; see docs/hooks.txt. +* User::crypt() (deprecated in 1.24) was removed. +* User::comparePasswords() (deprecated in 1.24) was removed. == Compatibility == diff --git a/includes/user/User.php b/includes/user/User.php index cccca38853..6804df272a 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -5122,54 +5122,6 @@ class User implements IDBAccessObject { return $msg->isDisabled() ? $grant : $msg->text(); } - /** - * Make a new-style password hash - * - * @param string $password Plain-text password - * @param bool|string $salt Optional salt, may be random or the user ID. - * If unspecified or false, will generate one automatically - * @return string Password hash - * @deprecated since 1.24, use Password class - */ - public static function crypt( $password, $salt = false ) { - wfDeprecated( __METHOD__, '1.24' ); - $passwordFactory = new PasswordFactory(); - $passwordFactory->init( RequestContext::getMain()->getConfig() ); - $hash = $passwordFactory->newFromPlaintext( $password ); - return $hash->toString(); - } - - /** - * Compare a password hash with a plain-text password. Requires the user - * ID if there's a chance that the hash is an old-style hash. - * - * @param string $hash Password hash - * @param string $password Plain-text password to compare - * @param string|bool $userId User ID for old-style password salt - * - * @return bool - * @deprecated since 1.24, use Password class - */ - public static function comparePasswords( $hash, $password, $userId = false ) { - wfDeprecated( __METHOD__, '1.24' ); - - // Check for *really* old password hashes that don't even have a type - // The old hash format was just an md5 hex hash, with no type information - if ( preg_match( '/^[0-9a-f]{32}$/', $hash ) ) { - global $wgPasswordSalt; - if ( $wgPasswordSalt ) { - $password = ":B:{$userId}:{$hash}"; - } else { - $password = ":A:{$hash}"; - } - } - - $passwordFactory = new PasswordFactory(); - $passwordFactory->init( RequestContext::getMain()->getConfig() ); - $hash = $passwordFactory->newFromCiphertext( $hash ); - return $hash->equals( $password ); - } - /** * Add a newuser log entry for this user. * Before 1.19 the return value was always true. -- 2.20.1