[ticket/9751] Password requirement "Must contain letters and numbers" fails

PHPBB3-9751

phpBB/includes/functions_user.php

@@ -1617,7 +1617,6 @@ function validate_password($password)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
-		$let = '\p{L}';
 		$num = '\p{N}';
 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
 		$pcre = true;
@@ -1627,7 +1626,6 @@ function validate_password($password)
 		mb_regex_encoding('UTF-8');
 		$upp = '[[:upper:]]';
 		$low = '[[:lower:]]';
-		$let = '[[:lower:][:upper:]]';
 		$num = '[[:digit:]]';
 		$sym = '[^[:upper:][:lower:][:digit:]]';
 		$mbstring = true;
@@ -1636,7 +1634,6 @@ function validate_password($password)
 	{
 		$upp = '[A-Z]';
 		$low = '[a-z]';
-		$let = '[a-zA-Z]';
 		$num = '[0-9]';
 		$sym = '[^A-Za-z0-9]';
 		$pcre = true;
@@ -1652,7 +1649,8 @@ function validate_password($password)
 		break;
 
 		case 'PASS_TYPE_ALPHA':
-			$chars[] = $let;
+			$chars[] = $low;
+			$chars[] = $upp;
 			$chars[] = $num;
 		break;
 

tests/regex/password_complexity_test.php

@@ -0,0 +1,81 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
+
+class phpbb_password_complexity_test extends phpbb_test_case
+{
+	public function password_complexity_test_data_positive()
+	{
+		return array(
+			array('12345', 'PASS_TYPE_ANY'),
+			array('qwerty', 'PASS_TYPE_ANY'),
+			array('QWERTY', 'PASS_TYPE_ANY'),
+			array('QwerTY', 'PASS_TYPE_ANY'),
+			array('q$erty', 'PASS_TYPE_ANY'),
+			array('qW$rty', 'PASS_TYPE_ANY'),
+
+			array('QwerTY', 'PASS_TYPE_CASE'),
+			array('QwerTY123', 'PASS_TYPE_ALPHA'),
+			array('QwerTY123$&', 'PASS_TYPE_SYMBOL'),
+
+			array('', 'PASS_TYPE_ANY'),
+		);
+	}
+
+	public function password_complexity_test_data_negative()
+	{
+		return array(
+			array('qwerty', 'PASS_TYPE_CASE'),
+			array('QWERTY', 'PASS_TYPE_CASE'),
+			array('123456', 'PASS_TYPE_CASE'),
+			array('#$&', 'PASS_TYPE_CASE'),
+			array('QTY123$', 'PASS_TYPE_CASE'),
+
+			array('qwerty', 'PASS_TYPE_ALPHA'),
+			array('QWERTY', 'PASS_TYPE_ALPHA'),
+			array('123456', 'PASS_TYPE_ALPHA'),
+			array('QwertY', 'PASS_TYPE_ALPHA'),
+			array('qwerty123', 'PASS_TYPE_ALPHA'),
+			array('QWERTY123', 'PASS_TYPE_ALPHA'),
+			array('#$&', 'PASS_TYPE_ALPHA'),
+			array('QTY123$', 'PASS_TYPE_ALPHA'),
+
+			array('qwerty', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY', 'PASS_TYPE_SYMBOL'),
+			array('123456', 'PASS_TYPE_SYMBOL'),
+			array('QwertY', 'PASS_TYPE_SYMBOL'),
+			array('qwerty123', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY123', 'PASS_TYPE_SYMBOL'),
+			array('#$&', 'PASS_TYPE_SYMBOL'),
+			array('qwerty123$', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY123$', 'PASS_TYPE_SYMBOL'),
+		);
+	}
+
+	/**
+	* @dataProvider password_complexity_test_data_positive
+	*/
+	public function test_password_complexity_positive($password, $mode)
+	{
+		global $config;
+		$config['pass_complex'] = $mode;
+		$this->assertFalse(validate_password($password));
+	}
+
+	/**
+	* @dataProvider password_complexity_test_data_negative
+	*/
+	public function test_password_complexity_negative($password, $mode)
+	{
+		global $config;
+		$config['pass_complex'] = $mode;
+		$this->assertEquals('INVALID_CHARS', validate_password($password));
+	}
+}