Remove User::crypt() & User::comparePasswords()

These have both been deprecated since 1.24
Hard deprecation happened back in 2014

Both methods are still used by the SecurePasswords
extension, but this extension is documented on mw.org
as not working with MW1.24+.

I can find no other uses.
Lets finally get rid of these!

Change-Id: I94a7b65d2216bbc505e190af3182de2317976ed1

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 0874513..09ad0b5 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -226,6 +226,8 @@ changes to languages because of Phabricator reports.
   UsersPager::buildGroupLink() was changed from a static to an instance method.
 * The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
   see docs/hooks.txt.
+* User::crypt() (deprecated in 1.24) was removed.
+* User::comparePasswords() (deprecated in 1.24) was removed.
 
 == Compatibility ==
 

diff --git a/includes/user/User.php b/includes/user/User.php
index cccca38..6804df2 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -5122,54 +5122,6 @@ class User implements IDBAccessObject {
                return $msg->isDisabled() ? $grant : $msg->text();
        }
 
-       /**
-        * Make a new-style password hash
-        *
-        * @param string $password Plain-text password
-        * @param bool|string $salt Optional salt, may be random or the user ID.
-        *  If unspecified or false, will generate one automatically
-        * @return string Password hash
-        * @deprecated since 1.24, use Password class
-        */
-       public static function crypt( $password, $salt = false ) {
-               wfDeprecated( __METHOD__, '1.24' );
-               $passwordFactory = new PasswordFactory();
-               $passwordFactory->init( RequestContext::getMain()->getConfig() );
-               $hash = $passwordFactory->newFromPlaintext( $password );
-               return $hash->toString();
-       }
-
-       /**
-        * Compare a password hash with a plain-text password. Requires the user
-        * ID if there's a chance that the hash is an old-style hash.
-        *
-        * @param string $hash Password hash
-        * @param string $password Plain-text password to compare
-        * @param string|bool $userId User ID for old-style password salt
-        *
-        * @return bool
-        * @deprecated since 1.24, use Password class
-        */
-       public static function comparePasswords( $hash, $password, $userId = false ) {
-               wfDeprecated( __METHOD__, '1.24' );
-
-               // Check for *really* old password hashes that don't even have a type
-               // The old hash format was just an md5 hex hash, with no type information
-               if ( preg_match( '/^[0-9a-f]{32}$/', $hash ) ) {
-                       global $wgPasswordSalt;
-                       if ( $wgPasswordSalt ) {
-                               $password = ":B:{$userId}:{$hash}";
-                       } else {
-                               $password = ":A:{$hash}";
-                       }
-               }
-
-               $passwordFactory = new PasswordFactory();
-               $passwordFactory->init( RequestContext::getMain()->getConfig() );
-               $hash = $passwordFactory->newFromCiphertext( $hash );
-               return $hash->equals( $password );
-       }
-
        /**
         * Add a newuser log entry for this user.
         * Before 1.19 the return value was always true.