* AuthPlugin added strictUserAuth() method to allow per-user override

of the strict() authentication behavior.

Fixes the hole where old local passwords could still be used to log into the global account after merging.
Based on patch by Rotem Liss from http://he.wikipedia.org/wiki/%D7%9E%D7%A9%D7%AA%D7%9E%D7%A9:Rotemliss/CentralAuth#2
Changed function name from authenticateLocally() to strictUserAuth() and reversed return value to mesh a little better with strict()

RELEASE-NOTES

@@ -33,6 +33,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view source"
   tab entirely if the page doesn't exist and the user isn't allowed to create it
 * Clarify instructions given when an exception is thrown
+* AuthPlugin added strictUserAuth() method to allow per-user override
+  of the strict() authentication behavior.
+
 
 === Bug fixes in 1.12 ===
 

includes/AuthPlugin.php

@@ -210,6 +210,18 @@ class AuthPlugin {
 		return false;
 	}
 
+	/**
+	 * Check if a user should authenticate locally if the global authentication fails.
+	 * If either this or strict() returns true, local authentication is not used.
+	 *
+	 * @param $username String: username.
+	 * @return bool
+	 * @public
+	 */
+	function strictUserAuth( $username ) {
+		return false;
+	}
+
 	/**
 	 * When creating a user account, optionally fill in preferences and such.
 	 * For instance, you might pull the email address or real name from the

includes/User.php

@@ -2252,6 +2252,9 @@ class User {
 		} elseif( $wgAuth->strict() ) {
 			/* Auth plugin doesn't allow local authentication */
 			return false;
+		} elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
+			/* Auth plugin doesn't allow local authentication for this user name */
+			return false;
 		}
 		$ep = $this->encryptPassword( $password );
 		if ( 0 == strcmp( $ep, $this->mPassword ) ) {