From dba8cf12fd2573edc9722076770140c7b4024f6b Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Fri, 25 Mar 2011 22:48:44 +0100
Subject: [ticket/9751] Use a switch/case block without break for password
 complexity.

PHPBB3-9751
---
 phpBB/includes/functions_user.php | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'phpBB/includes/functions_user.php')

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 88e07f729c..c51e571e31 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1643,23 +1643,25 @@ function validate_password($password)
 
 	switch ($config['pass_complex'])
 	{
-		case 'PASS_TYPE_CASE':
-			$chars[] = $low;
-			$chars[] = $upp;
-		break;
+		// No break statements below ...
+		// We require strong passwords in case pass_complex is not set or is invalid
+		default:
 
+		// Require mixed case letters, numbers and symbols
+		case 'PASS_TYPE_SYMBOL':
+			$chars[] = $sym;
+
+		// Require mixed case letters and numbers
 		case 'PASS_TYPE_ALPHA':
-			$chars[] = $low;
-			$chars[] = $upp;
 			$chars[] = $num;
-		break;
 
-		case 'PASS_TYPE_SYMBOL':
+		// Require mixed case letters
+		case 'PASS_TYPE_CASE':
 			$chars[] = $low;
 			$chars[] = $upp;
-			$chars[] = $num;
-			$chars[] = $sym;
-		break;
+
+		// No requirements
+		case 'PASS_TYPE_ANY':
 	}
 
 	if ($pcre)
-- 
cgit v1.2.1