* adding two hooks UserCryptPassword and UserComparePasswords to allow extensions...

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 55fbb7e..0eda96b 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -236,6 +236,8 @@ The following extensions are migrated into MediaWiki 1.14:
 * (bug 16459) Use native getElementsByClassName where possible, for better
   performance in modern browsers
 * Enable \cancel and \cancelto in texvc (recompile required)
+* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions to implement
+  their own password hashing methods.
 
 === Bug fixes in 1.14 ===
 

diff --git a/docs/hooks.txt b/docs/hooks.txt
index 0916bd1..efb095c 100644 (file)
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -1328,9 +1328,21 @@ $user: User (object) whose permission is being checked
 'UserClearNewTalkNotification': called when clearing the "You have new messages!" message, return false to not delete it
 $user: User (object) that'll clear the message
 
+'UserComparePasswords': called when checking passwords, return false to override the default password checks
+&$hash: String of the password hash (from the database)
+&$password: String of the plaintext password the user entered
+&$userId: Integer of the user's ID or Boolean false if the user ID was not supplied
+&$result: If the hook returns false, this Boolean value will be checked to determine if the password was valid
+
 'UserCreateForm': change to manipulate the login form
 $template: SimpleTemplate instance for the form
 
+'UserCryptPassword': called when hashing a password, return false to implement your own hashing method
+&$password: String of the plaintext password to encrypt
+&$salt: String of the password salt or Boolean false if no salt is provided
+&$wgPasswordSalt: Boolean of whether the salt is used in the default hashing method
+&$hash: If the hook returns false, this String will be used as the hash
+
 'UserEffectiveGroups': Called in User::getEffectiveGroups()
 $user: User to get groups for
 &$groups: Current effective groups

diff --git a/includes/User.php b/includes/User.php
index 85701e3..3ae85b1 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -3249,6 +3249,11 @@ class User {
        static function crypt( $password, $salt = false ) {
                global $wgPasswordSalt;
 
+               $hash = '';
+               if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
+                       return $hash;
+               }
+               
                if( $wgPasswordSalt ) {
                        if ( $salt === false ) {
                                $salt = substr( wfGenerateToken(), 0, 8 );
@@ -3271,6 +3276,12 @@ class User {
        static function comparePasswords( $hash, $password, $userId = false ) {
                $m = false;
                $type = substr( $hash, 0, 3 );
+               
+               $result = false;
+               if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
+                       return $result;
+               }
+               
                if ( $type == ':A:' ) {
                        # Unsalted
                        return md5( $password ) === substr( $hash, 3 );