在Mediawiki 1.18.0 includes/User.php中,找到加密函数, 其中oldCrypt为mediawiki版本低于1.13.0的加密函数(与低版本中的wfEncryptPassword函数等同),crypt为mediawiki大于等于1.13.0版本的加密函数。
$wgPasswordSalt定义在includes/defaultSettings.php中,默认为true,详情参看:http://www.mediawiki.org/wiki/Manual:$wgPasswordSalt
/** * Make an old-style password hash * * @param $password String Plain-text password * @param $userId String User ID * @return String Password hash */ public static function oldCrypt( $password, $userId ) { global $wgPasswordSalt; if ( $wgPasswordSalt ) { return md5( $userId . '-' . md5( $password ) ); } else { return md5( $password ); } } /** * Make a new-style password hash * * @param $password String Plain-text password * @param bool|string $salt Optional salt, may be random or the user ID. * If unspecified or false, will generate one automatically * @return String Password hash */ public static function crypt( $password, $salt = false ) { global $wgPasswordSalt; $hash = ''; if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) { return $hash; } if( $wgPasswordSalt ) { if ( $salt === false ) { $salt = substr( wfGenerateToken(), 0, 8 ); } return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) ); } else { return ':A:' . md5( $password ); } }
低版本的mediawiki(如1.11.0)加密函数位于includes/GlobalFunctions.php
/** * Encrypt a username/password. * * @param string $userid ID of the user * @param string $password Password of the user * @return string Hashed password */ function wfEncryptPassword( $userid, $password ) { global $wgPasswordSalt; $p = md5( $password); if($wgPasswordSalt) return md5( "{$userid}-{$p}" ); else return $p; }
mediawiki用户密码重置:http://www.mediawiki.org/wiki/Manual:Resetting_passwords