diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-02-07 00:20:46 +0000 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-02-07 00:20:46 +0000 |
| commit | c0836e8835f0b3105baecdc710cd101920d8339b (patch) | |
| tree | 818f740971bb7150459dbcc3dd3b8a0407d66354 /phpBB | |
| parent | aec50a43281ecb65698f373329e6af6e91570a53 (diff) | |
| download | forums-c0836e8835f0b3105baecdc710cd101920d8339b.tar forums-c0836e8835f0b3105baecdc710cd101920d8339b.tar.gz forums-c0836e8835f0b3105baecdc710cd101920d8339b.tar.bz2 forums-c0836e8835f0b3105baecdc710cd101920d8339b.tar.xz forums-c0836e8835f0b3105baecdc710cd101920d8339b.zip | |
Bug #13181 - Honor minimum and maximum password length in generated passwords as much as we can.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10479 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 11 |
2 files changed, 7 insertions, 5 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 8bd8934eb0..dd4ffbb4d1 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -93,6 +93,7 @@ <ul> <li>[Fix] Correctly sort database backup file list by date on database restore page. (Bug #57385)</li> <li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li> + <li>[Fix] Honor minimum and maximum password length in generated passwords as much as we can. (Bug #13181)</li> </ul> <a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3> diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index df6733d038..f9b792de20 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -77,11 +77,12 @@ class ucp_remind $server_url = generate_board_url(); - $key_len = 54 - strlen($server_url); - $key_len = max(6, $key_len); // we want at least 6 - $key_len = ($config['max_pass_chars']) ? min($key_len, $config['max_pass_chars']) : $key_len; // we want at most $config['max_pass_chars'] - $user_actkey = substr(gen_rand_string(10), 0, $key_len); - $user_password = gen_rand_string(8); + // Make password at least 8 characters long, make it longer if admin wants to. + // gen_rand_string() however has a limit of 12 or 13. + $user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); + + // For the activation key a random length between 6 and 10 will do. + $user_actkey = gen_rand_string(rand(6, 10)); $sql = 'UPDATE ' . USERS_TABLE . " SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' |