aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--phpBB/docs/CHANGELOG.html1
-rw-r--r--phpBB/includes/ucp/ucp_remind.php11
2 files changed, 7 insertions, 5 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 8bd8934eb0..dd4ffbb4d1 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -93,6 +93,7 @@
<ul>
<li>[Fix] Correctly sort database backup file list by date on database restore page. (Bug #57385)</li>
<li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li>
+ <li>[Fix] Honor minimum and maximum password length in generated passwords as much as we can. (Bug #13181)</li>
</ul>
<a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3>
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php
index df6733d038..f9b792de20 100644
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@@ -77,11 +77,12 @@ class ucp_remind
$server_url = generate_board_url();
- $key_len = 54 - strlen($server_url);
- $key_len = max(6, $key_len); // we want at least 6
- $key_len = ($config['max_pass_chars']) ? min($key_len, $config['max_pass_chars']) : $key_len; // we want at most $config['max_pass_chars']
- $user_actkey = substr(gen_rand_string(10), 0, $key_len);
- $user_password = gen_rand_string(8);
+ // Make password at least 8 characters long, make it longer if admin wants to.
+ // gen_rand_string() however has a limit of 12 or 13.
+ $user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
+
+ // For the activation key a random length between 6 and 10 will do.
+ $user_actkey = gen_rand_string(rand(6, 10));
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-09 22:08:13 +0000