r77381 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r77380‎ \| r77381 \| r77382 >
Date:	03:21, 28 November 2010
Author:	werdna
Status:	reverted (Comments)
Tags:
Comment:	Remove isValidPassword check from User::checkPassword. It is hugely annoying to suddenly have the system decide that your password is not strong enough and decide that, as a consequence, you are not allowed to log in anymore. Password strength checking should only be there for changing passwords, not using them!
Modified paths:	/trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -2780,15 +2780,6 @@
2781	2781	global $wgAuth;
2782	2782	$this->load();
2783	2783
2784		~~- // Even though we stop people from creating passwords that~~
2785		~~- // are shorter than this, doesn't mean people wont be able~~
2786		~~- // to. Certain authentication plugins do NOT want to save~~
2787		~~- // domain passwords in a mysql database, so we should~~
2788		~~- // check this (incase $wgAuth->strict() is false).~~
2789		~~- if( !$this->isValidPassword( $password ) ) {~~
2790		~~- return false;~~
2791		~~- }~~
2792		-
2793	2784	if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2794	2785	return true;
2795	2786	} elseif( $wgAuth->strict() ) {

Revision	Commit summary	Author	Date
r79034	Revert r75588 and r77381. Block just the tainted pairs of username/passwords ...	platonides	22:55, 26 December 2010

#Comment by Platonides (talk | contribs) 15:34, 28 November 2010

This would help with bug 25925. Although this would revert r9312 change to User.php.

#Comment by Happy-melon (talk | contribs) 14:12, 17 December 2010

isValidPassword() could easily be deprecated, if we want to; it's no longer used anywhere outside User.php.

22:55, 26 December 2010 Platonides (talk | contribs) changed the status of r77381 [removed: ok added: reverted]
14:10, 17 December 2010 Happy-melon (talk | contribs) changed the status of r77381 [removed: new added: ok]