diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-08-25 15:15:53 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-08-25 15:15:53 +0000 |
| commit | e7cbcfe874d663703a4f6d36974aa8eb19a59c58 (patch) | |
| tree | 869419df21717eb48599fe429350636bad0da249 /phpBB/includes/functions_user.php | |
| parent | d1ae8c52a4fc4ab88f34347962ac667a0365f8a9 (diff) | |
| download | forums-e7cbcfe874d663703a4f6d36974aa8eb19a59c58.tar forums-e7cbcfe874d663703a4f6d36974aa8eb19a59c58.tar.gz forums-e7cbcfe874d663703a4f6d36974aa8eb19a59c58.tar.bz2 forums-e7cbcfe874d663703a4f6d36974aa8eb19a59c58.tar.xz forums-e7cbcfe874d663703a4f6d36974aa8eb19a59c58.zip | |
some fixes.
David, could you check the pass_complex expressions? They are:
.* PASS_TYPE_ANY (any characters are allowed, no check)
[a-zA-Z] PASS_TYPE_CASE (password must contain alphanumerics)
[a-zA-Z0-9] PASS_TYPE_ALPHA (password must contain alphanumerics and numbers)
[a-zA-Z\W] PASS_TYPE_SYMBOL (password must contain alphanumers, numbers and symbols)
At the moment the pass complexity check is done within validate_password(), but the expressions are wrong. :)
git-svn-id: file:///svn/phpbb/trunk@6317 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 870c20f665..b5dfecb45f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1034,6 +1034,7 @@ function validate_match($string, $optional = false, $match) * Also checks if it includes the " character, which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username * +* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check? * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_username($username) @@ -1106,6 +1107,29 @@ function validate_username($username) } /** +* Check to see if the password meets the complexity settings +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +*/ +function validate_password($password) +{ + global $config, $db, $user; + + if (!$password) + { + return false; + } + + // We only check for existance of characters + if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password)) + { + return 'INVALID_CHARS'; + } + + return false; +} + +/** * Check to see if email address is banned or already present in the DB * * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) |