2022-06-20 07:05:31 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Implements the Pbkdf2PasswordUsingHashExtension class for the MediaWiki software.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
declare( strict_types = 1 );
|
|
|
|
|
|
2024-05-16 17:55:24 +00:00
|
|
|
namespace MediaWiki\Password;
|
|
|
|
|
|
2022-06-20 07:05:31 +00:00
|
|
|
/**
|
|
|
|
|
* A PBKDF2-hashed password, using PHP's hash extension
|
|
|
|
|
*
|
2024-06-06 15:36:37 +00:00
|
|
|
* This class exists for compatibility purposes only! Unless an installation's
|
|
|
|
|
* existing password hashes were generated using an algorithm not supported by
|
|
|
|
|
* OpenSSL, Pbkdf2PasswordUsingOpenSSL should be used.
|
2022-06-20 07:05:31 +00:00
|
|
|
*
|
2024-03-07 21:56:58 +00:00
|
|
|
* @since 1.40 (since 1.29 under the old name)
|
2022-06-20 07:05:31 +00:00
|
|
|
*/
|
|
|
|
|
class Pbkdf2PasswordUsingHashExtension extends AbstractPbkdf2Password {
|
|
|
|
|
protected function getDigestAlgo( string $algo ): ?string {
|
|
|
|
|
return in_array( $algo, hash_hmac_algos(), true ) ? $algo : null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function pbkdf2(
|
|
|
|
|
string $digestAlgo,
|
|
|
|
|
string $password,
|
|
|
|
|
string $salt,
|
|
|
|
|
int $rounds,
|
|
|
|
|
int $length
|
|
|
|
|
): string {
|
|
|
|
|
$hash = hash_pbkdf2( $digestAlgo, $password, $salt, $rounds, $length, true );
|
Respond to some messages from Phan on PHP 8.1
* ForkController, OrderedStreamingForkController: indeed pcntl_fork()
can't return false.
* RL\Image: Specify type instead of using suppression, since the issue
name changes.
* VueComponentParser: Accept complaint about nullable nodeValue.
* Disable PHP 8.0 polyfill stubs when running on PHP 8.0+ to avoid
duplicate interface errors.
* Add Socket stub and use it in LegacyHandler instead of multiple
existing suppressions.
* MemcachedPeclBagOStuff: accept complaint recommending !$result over
$result === false when the type is boolean.
* MemcachedPeclBagOStuff: fix probable bug, ignoring errors from
Memcached::getMulti(). Phan noticed that $res=false was unreachable,
but it should probably be reachable.
* DatabaseMysqli: accept complaint that $this->conn->errno is already
known to be an int. It was probably a hack for some previous version
of Phan.
* BcryptPassword, MWOldPassword, MWSaltedPassword: accept complaint that
the !is_string() checks are unnecessary, after code review of PHP.
* Pbkdf2PasswordUsingHashExtension: note that contrary to Phan's
suggestion, this check is necessary.
* DefaultPreferencesFactory: remove an existing hack for
array_diff_key(), no longer necessary on 7.4 and causes an error on
8.1. Use coalesce instead of cast for the remaining
array_intersect_key() hack since it better shows that we are casting
away null.
* FullSearchResultWidget: fix likely bug involving strict comparison
between a float and an int.
* SpecialWatchlist: accept complaint that $selectedHours is
unconditionally a float, being the return value of round(), and thus
the cast is unnecessary.
* Add stub for AllowDynamicProperties, resolving an error in User.php.
* Xml: accept complaint that $encMonth is already known to be an int.
Six errors remain. These need suppressions or otherwise conflict with
PHP 7.4 support.
Bug: T322278
Change-Id: Ie375bbc8ccf22330b9a169e8da98f2bbe26ec8b9
2022-11-03 01:55:46 +00:00
|
|
|
// Note: this check is unnecessary in PHP 8.0+, since the warning cases
|
|
|
|
|
// were all converted to exceptions
|
2022-11-09 02:12:50 +00:00
|
|
|
'@phan-var string|false $hash';
|
2022-06-20 07:05:31 +00:00
|
|
|
if ( !is_string( $hash ) ) {
|
|
|
|
|
throw new PasswordError( 'Error when hashing password.' );
|
|
|
|
|
}
|
|
|
|
|
return $hash;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-16 17:55:24 +00:00
|
|
|
/** @deprecated class alias since 1.40; use MediaWiki\\Password\\Pbkdf2PasswordUsingHashExtension */
|
2022-06-20 07:05:31 +00:00
|
|
|
class_alias( Pbkdf2PasswordUsingHashExtension::class, 'Pbkdf2Password' );
|
2024-05-16 17:55:24 +00:00
|
|
|
|
|
|
|
|
/** @deprecated since 1.43 use MediaWiki\\Password\\Pbkdf2PasswordUsingHashExtension */
|
|
|
|
|
class_alias( Pbkdf2PasswordUsingHashExtension::class, 'Pbkdf2PasswordUsingHashExtension' );
|
