7b3e7c017a
* ForkController, OrderedStreamingForkController: indeed pcntl_fork() can't return false. * RL\Image: Specify type instead of using suppression, since the issue name changes. * VueComponentParser: Accept complaint about nullable nodeValue. * Disable PHP 8.0 polyfill stubs when running on PHP 8.0+ to avoid duplicate interface errors. * Add Socket stub and use it in LegacyHandler instead of multiple existing suppressions. * MemcachedPeclBagOStuff: accept complaint recommending !$result over $result === false when the type is boolean. * MemcachedPeclBagOStuff: fix probable bug, ignoring errors from Memcached::getMulti(). Phan noticed that $res=false was unreachable, but it should probably be reachable. * DatabaseMysqli: accept complaint that $this->conn->errno is already known to be an int. It was probably a hack for some previous version of Phan. * BcryptPassword, MWOldPassword, MWSaltedPassword: accept complaint that the !is_string() checks are unnecessary, after code review of PHP. * Pbkdf2PasswordUsingHashExtension: note that contrary to Phan's suggestion, this check is necessary. * DefaultPreferencesFactory: remove an existing hack for array_diff_key(), no longer necessary on 7.4 and causes an error on 8.1. Use coalesce instead of cast for the remaining array_intersect_key() hack since it better shows that we are casting away null. * FullSearchResultWidget: fix likely bug involving strict comparison between a float and an int. * SpecialWatchlist: accept complaint that $selectedHours is unconditionally a float, being the return value of round(), and thus the cast is unnecessary. * Add stub for AllowDynamicProperties, resolving an error in User.php. * Xml: accept complaint that $encMonth is already known to be an int. Six errors remain. These need suppressions or otherwise conflict with PHP 7.4 support. Bug: T322278 Change-Id: Ie375bbc8ccf22330b9a169e8da98f2bbe26ec8b9
52 lines
1.6 KiB
PHP
52 lines
1.6 KiB
PHP
<?php
|
|
/**
|
|
* Implements the MWSaltedPassword class for the MediaWiki software.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
declare( strict_types = 1 );
|
|
|
|
/**
|
|
* The old style of MediaWiki password hashing, with a salt. It involves
|
|
* running MD5 on the password, and then running MD5 on the salt concatenated
|
|
* with the first hash.
|
|
*
|
|
* @since 1.24
|
|
*/
|
|
class MWSaltedPassword extends ParameterizedPassword {
|
|
protected function getDefaultParams(): array {
|
|
return [];
|
|
}
|
|
|
|
protected function getDelimiter(): string {
|
|
return ':';
|
|
}
|
|
|
|
public function crypt( string $plaintext ): void {
|
|
if ( count( $this->args ) == 0 ) {
|
|
$this->args[] = MWCryptRand::generateHex( 8 );
|
|
}
|
|
|
|
$this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
|
|
|
|
if ( strlen( $this->hash ) < 32 ) {
|
|
throw new PasswordError( 'Error when hashing password.' );
|
|
}
|
|
}
|
|
}
|