From: Fenzik Joseph Date: Mon, 19 Oct 2009 03:01:11 +0000 (+0000) Subject: * function isValidPassword modified to return boolean(true/false) X-Git-Tag: 1.31.0-rc.0~39237 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/ajouter.php?a=commitdiff_plain;h=a9357faf947cf380edfb8ef99c351b14b9aea3db;p=lhc%2Fweb%2Fwiklou.git * function isValidPassword modified to return boolean(true/false) * Added function getPasswordValidity return error message on failure for the given unvalidated password input. * Replaced isValidPassword() fn call to getPasswordValidity() in SpecialUserlogin.php --- diff --git a/config/Installer.php b/config/Installer.php index 67e390b960..13ccc25ab0 100644 --- a/config/Installer.php +++ b/config/Installer.php @@ -713,7 +713,7 @@ if( $conf->SysopName ) { # Various password checks if( $conf->SysopPass != '' ) { if( $conf->SysopPass == $conf->SysopPass2 ) { - if( $u->isValidPassword( $conf->SysopPass ) !== true ) { + if( !$u->isValidPassword( $conf->SysopPass ) ) { $errs['SysopPass'] = "Bad password"; } } else { diff --git a/docs/hooks.txt b/docs/hooks.txt index 1fec326a70..3671b3c3c6 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -864,7 +864,7 @@ $addr: The e-mail address entered by the user 'isValidPassword': Override the result of User::isValidPassword() $password: The password entered by the user -&$result: Set this to either true (passes) or the key for a message error +&$result: Set this and return false to override the internal checks $user: User the password is being validated for 'LanguageGetMagic': DEPRECATED, use $magicWords in a file listed in diff --git a/includes/User.php b/includes/User.php index 29b818430c..3549158700 100644 --- a/includes/User.php +++ b/includes/User.php @@ -619,20 +619,38 @@ class User { * Is the input a valid password for this user? * * @param $password String Desired password - * @return mixed: true on success, string of error message on failure + * @return bool True or false */ function isValidPassword( $password ) { global $wgMinimalPasswordLength, $wgContLang; if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) ) return $result; + if( $result === false ) + return false; + + // Password needs to be long enough, and can't be the same as the username + return strlen( $password ) >= $wgMinimalPasswordLength + && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ); + } - // Password needs to be long enough - if( strlen( $password ) < $wgMinimalPasswordLength ) { - return 'passwordtooshort'; - } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) { - return 'password-name-match'; - } else { + /** + * Given unvalidated password input, return error message on failure. + * + * @param $password String Desired password + * @return mixed: true on success, string of error message on failure + */ + static function getPasswordValidity( $password ) { + global $wgMinimalPasswordLength, $wgContLang; + + if(!$this->isValidPassword( $password )) { + if( strlen( $password ) < $wgMinimalPasswordLength ) { + return 'passwordtooshort'; + } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) { + return 'password-name-match'; + } + } + else { return true; } } @@ -1735,13 +1753,13 @@ class User { if( !$wgAuth->allowPasswordChange() ) { throw new PasswordError( wfMsg( 'password-change-forbidden' ) ); } - - $valid = $this->isValidPassword( $str ); - if( $valid !== true ) { - global $wgMinimalPasswordLength; + + if( !$this->isValidPassword( $str ) ) { + global $wgMinimalPasswordLength; + $valid = $this->getPasswordValidity( $str ); throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) ); - } + } } if( !$wgAuth->setPassword( $this, $str ) ) { @@ -2720,7 +2738,7 @@ class User { // to. Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (incase $wgAuth->strict() is false). - if( $this->isValidPassword( $password ) !== true ) { + if( !$this->isValidPassword( $password ) ) { return false; } diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index e20105e9e6..f8be43b1c4 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -283,7 +283,7 @@ class LoginForm { } # check for minimal password length - $valid = $u->isValidPassword( $this->mPassword ); + $valid = $u->getPasswordValidity( $this->mPassword ); if ( $valid !== true ) { if ( !$this->mCreateaccountMail ) { $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) );