Functions to check passwords against a policy requirement. More...

Static Public Member Functions
static	checkMaximalPasswordLength ( $policyVal, User $user, $password)
	Check password is shorter than maximum, fatal. More...

static	checkMinimalPasswordLength ( $policyVal, User $user, $password)
	Check password is longer than minimum, not fatal. More...

static	checkMinimumPasswordLengthToLogin ( $policyVal, User $user, $password)
	Check password is longer than minimum, fatal. More...

static	checkPasswordCannotMatchBlacklist ( $policyVal, User $user, $password)
	Check if username and password are on a blacklist of past MediaWiki default passwords. More...

static	checkPasswordCannotMatchUsername ( $policyVal, User $user, $password)
	Check if username and password are a (case-insensitive) match. More...

static	checkPasswordNotInLargeBlacklist ( $policyVal, User $user, $password)
	Ensure the password isn't in the list of passwords blacklisted by the wikimedia/password-blacklist library, which contains (as of 0.1.4) the 100.000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio). More...

static	checkPopularPasswordBlacklist ( $policyVal, User $user, $password)
	Ensure that password isn't in top X most popular passwords, as defined by $wgPopularPasswordFile. More...

Detailed Description

Functions to check passwords against a policy requirement.

$policyVal is the value configured in $wgPasswordPolicy. If the return status is fatal, the user won't be allowed to login. If the status is not good but not fatal, the user will not be allowed to set the given password (on registration or password change), but can still log in after bypassing a warning.

Since: 1.26

See also: $wgPasswordPolicy

Definition at line 38 of file PasswordPolicyChecks.php.

Member Function Documentation

◆ checkMaximalPasswordLength()

static PasswordPolicyChecks::checkMaximalPasswordLength	(		$policyVal,
		User	$user,
			$password
	)

static

Check password is shorter than maximum, fatal.

Intended for preventing DoS attacks when using a more expensive password hash like PBKDF2.

Parameters

int	$policyVal	maximum length
User	$user
string	$password

Returns: Status fatal if $password is shorter than $policyVal

Definition at line 80 of file PasswordPolicyChecks.php.

References StatusValue\newGood().

◆ checkMinimalPasswordLength()

static PasswordPolicyChecks::checkMinimalPasswordLength	(		$policyVal,
		User	$user,
			$password
	)

static

Check password is longer than minimum, not fatal.

Parameters

int	$policyVal	minimal length
User	$user
string	$password

Returns: Status error if $password is shorter than $policyVal

Definition at line 47 of file PasswordPolicyChecks.php.

References StatusValue\newGood().

◆ checkMinimumPasswordLengthToLogin()

static PasswordPolicyChecks::checkMinimumPasswordLengthToLogin	(		$policyVal,
		User	$user,
			$password
	)

static

Check password is longer than minimum, fatal.

Intended for locking out users with passwords too short to trust, requiring them to recover their account by some other means.

Parameters

int	$policyVal	minimal length
User	$user
string	$password

Returns: Status fatal if $password is shorter than $policyVal

Definition at line 64 of file PasswordPolicyChecks.php.

References StatusValue\newGood().

◆ checkPasswordCannotMatchBlacklist()

static PasswordPolicyChecks::checkPasswordCannotMatchBlacklist	(		$policyVal,
		User	$user,
			$password
	)

static

Check if username and password are on a blacklist of past MediaWiki default passwords.

Parameters

bool	$policyVal	true to force compliance.
User	$user
string	$password

Returns: Status error if username and password match, and policy is true

Definition at line 114 of file PasswordPolicyChecks.php.

References User\getName(), and StatusValue\newGood().

◆ checkPasswordCannotMatchUsername()

static PasswordPolicyChecks::checkPasswordCannotMatchUsername	(		$policyVal,
		User	$user,
			$password
	)

static

Check if username and password are a (case-insensitive) match.

Parameters

bool	$policyVal	true to force compliance.
User	$user
string	$password

Returns: Status error if username and password match, and policy is true

Definition at line 95 of file PasswordPolicyChecks.php.

References User\getName(), and StatusValue\newGood().

◆ checkPasswordNotInLargeBlacklist()

static PasswordPolicyChecks::checkPasswordNotInLargeBlacklist	(		$policyVal,
		User	$user,
			$password
	)

static

Ensure the password isn't in the list of passwords blacklisted by the wikimedia/password-blacklist library, which contains (as of 0.1.4) the 100.000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).

Parameters

bool	$policyVal	Whether to apply this policy
User	$user
string	$password

Since: 1.33

Returns: Status

Definition at line 201 of file PasswordPolicyChecks.php.

References StatusValue\newGood().

◆ checkPopularPasswordBlacklist()

static PasswordPolicyChecks::checkPopularPasswordBlacklist	(		$policyVal,
		User	$user,
			$password
	)

static

Ensure that password isn't in top X most popular passwords, as defined by $wgPopularPasswordFile.

Parameters

int	$policyVal	Cut off to use. Will automatically shrink to the max supported for error messages if set to more than max number of passwords on file, so you can use the PHP_INT_MAX constant here safely.
User	$user
string	$password

Since: 1.27

Deprecated:: since 1.33

Returns: Status

See also: $wgPopularPasswordFile

Definition at line 152 of file PasswordPolicyChecks.php.

References $res, $wgPopularPasswordFile, $wgSitename, Language\factory(), and StatusValue\newGood().

The documentation for this class was generated from the following file:

includes/password/PasswordPolicyChecks.php

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ checkMaximalPasswordLength()

◆ checkMinimalPasswordLength()

◆ checkMinimumPasswordLengthToLogin()

◆ checkPasswordCannotMatchBlacklist()

◆ checkPasswordCannotMatchUsername()

◆ checkPasswordNotInLargeBlacklist()

◆ checkPopularPasswordBlacklist()