Addshore has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/334408 )
Change subject: Remove User::crypt() & User::comparePasswords()
......................................................................
Remove User::crypt() & User::comparePasswords()
These have both been deprecated since 1.24
Hard deprecation happened back in 2014
Both methods are still used by the SecurePasswords
extension, but this extension is documented on mw.org
as not working with MW1.24+.
I can find no other uses.
Lets finally get rid of these!
Change-Id: I94a7b65d2216bbc505e190af3182de2317976ed1
---
M RELEASE-NOTES-1.29
M includes/user/User.php
2 files changed, 2 insertions(+), 48 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/08/334408/1
diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 3bf50ac..d4525d6 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -208,6 +208,8 @@
* ContentHandler::runLegacyHooks() was removed.
* refreshLinks.php now can be limited to a particular category with
--category=...
or a tracking category with --tracking-category=...
+* User::crypt() (deprecated in 1.24) was removed.
+* User::comparePasswords() (deprecated in 1.24) was removed.
== Compatibility ==
diff --git a/includes/user/User.php b/includes/user/User.php
index fed64c2..1b69937 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -5092,54 +5092,6 @@
}
/**
- * Make a new-style password hash
- *
- * @param string $password Plain-text password
- * @param bool|string $salt Optional salt, may be random or the user ID.
- * If unspecified or false, will generate one automatically
- * @return string Password hash
- * @deprecated since 1.24, use Password class
- */
- public static function crypt( $password, $salt = false ) {
- wfDeprecated( __METHOD__, '1.24' );
- $passwordFactory = new PasswordFactory();
- $passwordFactory->init( RequestContext::getMain()->getConfig()
);
- $hash = $passwordFactory->newFromPlaintext( $password );
- return $hash->toString();
- }
-
- /**
- * Compare a password hash with a plain-text password. Requires the user
- * ID if there's a chance that the hash is an old-style hash.
- *
- * @param string $hash Password hash
- * @param string $password Plain-text password to compare
- * @param string|bool $userId User ID for old-style password salt
- *
- * @return bool
- * @deprecated since 1.24, use Password class
- */
- public static function comparePasswords( $hash, $password, $userId =
false ) {
- wfDeprecated( __METHOD__, '1.24' );
-
- // Check for *really* old password hashes that don't even have
a type
- // The old hash format was just an md5 hex hash, with no type
information
- if ( preg_match( '/^[0-9a-f]{32}$/', $hash ) ) {
- global $wgPasswordSalt;
- if ( $wgPasswordSalt ) {
- $password = ":B:{$userId}:{$hash}";
- } else {
- $password = ":A:{$hash}";
- }
- }
-
- $passwordFactory = new PasswordFactory();
- $passwordFactory->init( RequestContext::getMain()->getConfig()
);
- $hash = $passwordFactory->newFromCiphertext( $hash );
- return $hash->equals( $password );
- }
-
- /**
* Add a newuser log entry for this user.
* Before 1.19 the return value was always true.
*
--
To view, visit https://gerrit.wikimedia.org/r/334408
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I94a7b65d2216bbc505e190af3182de2317976ed1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Addshore <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
