Partially reverting Icb809274f9f63.
The broken :A: prefixed passwords generated by MW before that change
were apparently written back to the database -- there are 2.5M in enwiki
alone. Accepting them should not depend on $wgPasswordSalt, which is a
deprecated global and should soon be removed.
Change-Id: I772de0fb17245d080eb15a7d5df6bf3125e1f71a
}
public function crypt( $plaintext ) {
- $this->args = [];
- $this->hash = md5( $plaintext );
+ if ( count( $this->args ) === 1 ) {
+ // Accept (but do not generate) salted passwords with :A: prefix.
+ // These are actually B-type passwords, but an error in a previous
+ // version of MediaWiki caused them to be written with an :A:
+ // prefix.
+ $this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
+ } else {
+ $this->args = [];
+ $this->hash = md5( $plaintext );
+ }
if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
throw new PasswordError( 'Error when hashing password.' );