diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-04-01 15:11:55 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-04-01 15:11:55 +0200 |
| commit | ebc338b9f3b75b758f55dc5a9a2300e8c154c74f (patch) | |
| tree | 5a58664b9e7f146a9a3e6afec83af134088fe9a4 /phpBB/includes/functions_user.php | |
| parent | a40bc114c0f658b62c14a00eda59d57a27fff680 (diff) | |
| parent | f392f55d9b82cf6e387cf71bd3895d52469c8991 (diff) | |
| download | forums-ebc338b9f3b75b758f55dc5a9a2300e8c154c74f.tar forums-ebc338b9f3b75b758f55dc5a9a2300e8c154c74f.tar.gz forums-ebc338b9f3b75b758f55dc5a9a2300e8c154c74f.tar.bz2 forums-ebc338b9f3b75b758f55dc5a9a2300e8c154c74f.tar.xz forums-ebc338b9f3b75b758f55dc5a9a2300e8c154c74f.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/9751] Add shortcut logic for pass_complex == PASS_TYPE_ANY.
[ticket/9751] Compare $password with empty string instead of casting it to bool
[ticket/9751] Use a switch/case block without break for password complexity.
[ticket/9751] Password requirement "Must contain letters and numbers" fails
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e8db807154..81d06344af 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1605,8 +1605,9 @@ function validate_password($password) { global $config, $db, $user; - if (!$password) + if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') { + // Password empty or no password complexity required. return false; } @@ -1617,7 +1618,6 @@ function validate_password($password) { $upp = '\p{Lu}'; $low = '\p{Ll}'; - $let = '\p{L}'; $num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true; @@ -1627,7 +1627,6 @@ function validate_password($password) mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]'; - $let = '[[:lower:][:upper:]]'; $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true; @@ -1636,7 +1635,6 @@ function validate_password($password) { $upp = '[A-Z]'; $low = '[a-z]'; - $let = '[a-zA-Z]'; $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true; @@ -1646,22 +1644,22 @@ function validate_password($password) switch ($config['pass_complex']) { - case 'PASS_TYPE_CASE': - $chars[] = $low; - $chars[] = $upp; - break; + // No break statements below ... + // We require strong passwords in case pass_complex is not set or is invalid + default: + + // Require mixed case letters, numbers and symbols + case 'PASS_TYPE_SYMBOL': + $chars[] = $sym; + // Require mixed case letters and numbers case 'PASS_TYPE_ALPHA': - $chars[] = $let; $chars[] = $num; - break; - case 'PASS_TYPE_SYMBOL': + // Require mixed case letters + case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; - $chars[] = $num; - $chars[] = $sym; - break; } if ($pcre) |