+ /**
+ * Check to see if the given clear-text password is one of the accepted passwords
+ * @param string $password User password.
+ * @return bool True if the given password is correct otherwise False.
+ */
+ function checkPassword( $password ) {
+ global $wgAuth;
+ $this->loadFromDatabase();
+
+ if( $wgAuth->authenticate( $this->getName(), $password ) ) {
+ return true;
+ } elseif( $wgAuth->strict() ) {
+ /* Auth plugin doesn't allow local authentication */
+ return false;
+ }
+ $ep = $this->encryptPassword( $password );
+ if ( 0 == strcmp( $ep, $this->mPassword ) ) {
+ return true;
+ } elseif ( ($this->mNewpassword != '') && (0 == strcmp( $ep, $this->mNewpassword )) ) {
+ $this->mEmailAuthenticationtimestamp = wfTimestampNow();
+ $this->mNewpassword = ''; # use the temporary one-time password only once: clear it now !
+ $this->saveSettings();
+ return true;
+ } elseif ( function_exists( 'iconv' ) ) {
+ # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
+ # Check for this with iconv
+ $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252', $password ) );
+ if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Initialize (if necessary) and return a session token value
+ * which can be used in edit forms to show that the user's
+ * login credentials aren't being hijacked with a foreign form
+ * submission.
+ *
+ * @param mixed $salt - Optional function-specific data for hash.
+ * Use a string or an array of strings.
+ * @return string
+ * @access public
+ */
+ function editToken( $salt = '' ) {
+ if( !isset( $_SESSION['wsEditToken'] ) ) {
+ $token = dechex( mt_rand() ) . dechex( mt_rand() );
+ $_SESSION['wsEditToken'] = $token;
+ } else {
+ $token = $_SESSION['wsEditToken'];
+ }
+ if( is_array( $salt ) ) {
+ $salt = implode( '|', $salt );
+ }
+ return md5( $token . $salt );
+ }
+
+ /**
+ * Check given value against the token value stored in the session.
+ * A match should confirm that the form was submitted from the
+ * user's own login session, not a form submission from a third-party
+ * site.
+ *
+ * @param string $val - the input value to compare
+ * @param string $salt - Optional function-specific data for hash
+ * @return bool
+ * @access public
+ */
+ function matchEditToken( $val, $salt = '' ) {
+ return ( $val == $this->editToken( $salt ) );
+ }