From 60bc949ba1d5a6851e525868f69e997d4c8a2075 Mon Sep 17 00:00:00 2001
From: Marc Alexander <>
Date: Thu, 3 Oct 2019 23:05:02 +0200
Subject: [PATCH] [ticket/14465] Remove setting for maximum password length

 phpBB/includes/acp/acp_board.php              |  6 +--
 phpBB/includes/acp/acp_users.php              |  6 +--
 .../includes/questionnaire/questionnaire.php  |  1 -
 phpBB/includes/ucp/ucp_profile.php            |  6 +--
 phpBB/includes/ucp/ucp_register.php           |  6 +--
 phpBB/install/schemas/schema_data.sql         |  1 -
 phpBB/language/en/ucp.php                     |  8 ++--
 phpBB/phpbb/console/command/user/add.php      |  2 +-
 .../data/v330/remove_max_pass_chars.php       | 43 +++++++++++++++++++
 phpBB/phpbb/ucp/controller/reset_password.php |  4 +-
 tests/console/user/base.php                   |  1 -
 11 files changed, 61 insertions(+), 23 deletions(-)
 create mode 100644 phpBB/phpbb/db/migration/data/v330/remove_max_pass_chars.php

diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 7cbd0903bd..05871e4157 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -254,7 +254,6 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_SETTINGS',
 						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
-						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'select', 'method' => 'select_acc_activation', 'explain' => true),
 						'new_member_post_limit'	=> array('lang' => 'NEW_MEMBER_POST_LIMIT', 'validate' => 'int:0:255', 'type' => 'number:0:255', 'explain' => true, 'append' => ' ' . $user->lang['POSTS']),
@@ -417,7 +416,6 @@ class acp_board
 						'remote_upload_verify'	=> array('lang' => 'UPLOAD_CERT_VALID',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
 						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
@@ -895,13 +893,13 @@ class acp_board
-	* Maximum/Minimum password length
+	* Minimum password length
 	function password_length($value, $key)
 		global $user;
-		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'];
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index fd4b5e8c24..1b66943490 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -844,9 +844,9 @@ class acp_users
 					// Validation data - we do not check the password complexity setting here
 					$check_ary = array(
 						'new_password'		=> array(
-							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('string', true, $config['min_pass_chars'], 0),
-						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'password_confirm'	=> array('string', true, $config['min_pass_chars'], 0),
 					// Check username if altered
@@ -1130,7 +1130,7 @@ class acp_users
 					'L_NAME_CHARS_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 					'L_POSTS_IN_QUEUE'			=> $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php
index f5a56fda82..95036a95bc 100644
--- a/phpBB/includes/questionnaire/questionnaire.php
+++ b/phpBB/includes/questionnaire/questionnaire.php
@@ -402,7 +402,6 @@ class phpbb_questionnaire_phpbb_data_provider
 			'max_login_attempts' => true,
 			'max_name_chars' => true,
 			'max_num_search_keywords' => true,
-			'max_pass_chars' => true,
 			'max_poll_options' => true,
 			'max_post_chars' => true,
 			'max_post_font_size' => true,
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 36ab3d0463..6d98362e08 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -70,9 +70,9 @@ class ucp_profile
 					// Do not check cur_password, it is the old one.
 					$check_ary = array(
 						'new_password'		=> array(
-							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('string', true, $config['min_pass_chars'], 0),
-						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'password_confirm'	=> array('string', true, $config['min_pass_chars'], 0),
 						'email'				=> array(
 							array('string', false, 6, 60),
@@ -267,7 +267,7 @@ class ucp_profile
 					'CUR_PASSWORD'		=> '',
 					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 					'S_FORCE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
 					'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 0e3ff50268..97d2631224 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -275,9 +275,9 @@ class ucp_register
 					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
 					array('username', '')),
 				'new_password'		=> array(
-					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+					array('string', false, $config['min_pass_chars'], 0),
-				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+				'password_confirm'	=> array('string', false, $config['min_pass_chars'], 0),
 				'email'				=> array(
 					array('string', false, 6, 60),
@@ -638,7 +638,7 @@ class ucp_register
 			'L_REG_COND'				=> $l_reg_cond,
 			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
-			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
 			'S_LANG_OPTIONS'	=> language_select($data['lang']),
 			'S_TZ_PRESELECT'	=> !$submit,
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 2854f71606..f859d1674e 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -206,7 +206,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize_pm',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_name_chars', '20');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_num_search_keywords', '10');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_pass_chars', '100');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_poll_options', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_post_chars', '60000');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_post_font_size', '200');
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 542d814911..57319ae26b 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -410,10 +410,10 @@ $lang = array_merge($lang, array(
 	'NO_WATCHED_SELECTED'		=> 'You have not selected any subscribed topics or forums.',
 	'NO_WATCHED_TOPICS'			=> 'You are not subscribed to any topics.',
-	'PASS_TYPE_ALPHA_EXPLAIN'	=> 'Password must be between %1$s and %2$s long, must contain letters in mixed case and must contain numbers.',
-	'PASS_TYPE_ANY_EXPLAIN'		=> 'Must be between %1$s and %2$s.',
-	'PASS_TYPE_CASE_EXPLAIN'	=> 'Password must be between %1$s and %2$s long and must contain letters in mixed case.',
-	'PASS_TYPE_SYMBOL_EXPLAIN'	=> 'Password must be between %1$s and %2$s long, must contain letters in mixed case, must contain numbers and must contain symbols.',
+	'PASS_TYPE_ALPHA_EXPLAIN'	=> 'Password must be at least %1$s long, must contain letters in mixed case and must contain numbers.',
+	'PASS_TYPE_ANY_EXPLAIN'		=> 'Must be at least %1$s long.',
+	'PASS_TYPE_CASE_EXPLAIN'	=> 'Password must be at least %1$s long and must contain letters in mixed case.',
+	'PASS_TYPE_SYMBOL_EXPLAIN'	=> 'Password must be at least %1$s long, must contain letters in mixed case, must contain numbers and must contain symbols.',
 	'PASSWORD'					=> 'Password',
 	'PASSWORD_ACTIVATED'		=> 'Your new password has been activated.',
 	'PASSWORD_RESET'			=> 'Your password has been successfully reset.',
diff --git a/phpBB/phpbb/console/command/user/add.php b/phpBB/phpbb/console/command/user/add.php
index c60a059251..303216a93d 100644
--- a/phpBB/phpbb/console/command/user/add.php
+++ b/phpBB/phpbb/console/command/user/add.php
@@ -239,7 +239,7 @@ class add extends command
 				array('string', false, $this->config['min_name_chars'], $this->config['max_name_chars']),
 				array('username', '')),
 			'new_password' => array(
-				array('string', false, $this->config['min_pass_chars'], $this->config['max_pass_chars']),
+				array('string', false, $this->config['min_pass_chars'], 0),
 			'email'        => array(
 				array('string', false, 6, 60),
diff --git a/phpBB/phpbb/db/migration/data/v330/remove_max_pass_chars.php b/phpBB/phpbb/db/migration/data/v330/remove_max_pass_chars.php
new file mode 100644
index 0000000000..10e5ee385d
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v330/remove_max_pass_chars.php
@@ -0,0 +1,43 @@
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+namespace phpbb\db\migration\data\v330;
+class remove_max_pass_chars extends \phpbb\db\migration\migration
+	public function effectively_installed()
+	{
+		return !$this->config->offsetExists('max_pass_chars');
+	}
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v330\dev',
+		];
+	}
+	public function update_data()
+	{
+		return [
+			['config.remove', ['max_pass_chars']],
+		];
+	}
+	public function revert_data()
+	{
+		return [
+			['config.add', ['max_pass_chars', 100]],
+		];
+	}
diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php
index 666957b0dc..7bd1b20cb3 100644
--- a/phpBB/phpbb/ucp/controller/reset_password.php
+++ b/phpBB/phpbb/ucp/controller/reset_password.php
@@ -393,10 +393,10 @@ class reset_password
 			$check_data = [
 				'new_password'		=> [
-					['string', false, $this->config['min_pass_chars'], $this->config['max_pass_chars']],
+					['string', false, $this->config['min_pass_chars'], 0],
-				'password_confirm'	=> ['string', true, $this->config['min_pass_chars'], $this->config['max_pass_chars']],
+				'password_confirm'	=> ['string', true, $this->config['min_pass_chars'], 0],
 			$errors = array_merge($errors, validate_data($data, $check_data));
 			if (strcmp($data['new_password'], $data['password_confirm']) !== 0)
diff --git a/tests/console/user/base.php b/tests/console/user/base.php
index 94a51eb896..b845ab1639 100644
--- a/tests/console/user/base.php
+++ b/tests/console/user/base.php
@@ -51,7 +51,6 @@ abstract class phpbb_console_user_base extends phpbb_database_test_case
 			'min_name_chars'	=> 3,
 			'max_name_chars'	=> 10,
 			'min_pass_chars'	=> 3,
-			'max_pass_chars'	=> 10,
 			'pass_complex'		=> 'PASS_TYPE_ANY',