mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

Bug #13181 - Honor minimum and maximum password length in generated passwords as much as we can.

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10479 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Andreas Fischer
2010-02-07 00:20:46 +00:00
parent aec50a4328
commit c0836e8835
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View File

@@ -93,6 +93,7 @@
<ul>
<li>[Fix] Correctly sort database backup file list by date on database restore page. (Bug #57385)</li>
<li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li>
<li>[Fix] Honor minimum and maximum password length in generated passwords as much as we can. (Bug #13181)</li>
</ul>
<a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3>

11
phpBB/includes/ucp/ucp_remind.php
View File

@@ -77,11 +77,12 @@ class ucp_remind
$server_url = generate_board_url();
$key_len = 54 - strlen($server_url);
$key_len = max(6, $key_len); // we want at least 6
$key_len = ($config['max_pass_chars']) ? min($key_len, $config['max_pass_chars']) : $key_len; // we want at most $config['max_pass_chars']
$user_actkey = substr(gen_rand_string(10), 0, $key_len);
$user_password = gen_rand_string(8);
// Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
// For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(rand(6, 10));
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'