some fixes.

David, could you check the pass_complex expressions? They are: .* PASS_TYPE_ANY (any characters are allowed, no check) [a-zA-Z] PASS_TYPE_CASE (password must contain alphanumerics) [a-zA-Z0-9] PASS_TYPE_ALPHA (password must contain alphanumerics and numbers) [a-zA-Z\W] PASS_TYPE_SYMBOL (password must contain alphanumers, numbers and symbols) At the moment the pass complexity check is done within validate_password(), but the expressions are wrong. :) git-svn-id: file:///svn/phpbb/trunk@6317 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-01-18 06:38:43 +01:00 · 2006-08-25 15:15:53 +00:00 · 2006-08-25 15:15:53 +00:00 · e7cbcfe874
commit e7cbcfe874
parent d1ae8c52a4
13 changed files with 74 additions and 27 deletions
--- a/phpBB/cron.php
+++ b/phpBB/cron.php
@ -23,6 +23,15 @@ $auth->acl($user->data);
 $cron_type = request_var('cron_type', '');
 $use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;

+// Output transparent gif
+header('Cache-Control: no-cache');
+header('Content-type: image/gif');
+header('Content-length: 43');
+
+echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
+
+flush();
+
 /**
 * Run cron-like action
 * Real cron-based layer will be introduced in 3.2
@ -217,14 +226,6 @@ else
 	garbage_collection();
 }

-// Output transparent gif
-header('Cache-Control: no-cache');
-header('Content-type: image/gif');
-header('Content-length: 43');
-
-echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
-
-flush();
 exit;

 ?>
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -622,9 +622,11 @@ class acp_users
 					$data['username'] = $data['user'];
 					unset($data['user']);

-					// Validation data
+					// Validation data - we do not check the password complexity setting here
 					$var_ary = array(
-						'user_password'		=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'user_password'		=> array(
+							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('password')),
 						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'warnings'			=> array('num'),
 					);
@ -772,6 +774,7 @@ class acp_users
 				}

 				$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+				$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');

 				if ($user_id == $user->data['user_id'])
 				{
@ -794,8 +797,8 @@ class acp_users
 				}

 				$template->assign_vars(array(
-					'L_NAME_CHARS_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[$config['allow_name_chars']] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+					'L_NAME_CHARS_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
 					'S_FOUNDER'					=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,

 					'S_OVERVIEW'		=> true,
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -535,7 +535,8 @@ function create_thumbnail($source, $destination, $mimetype)
 	// Only use imagemagick if defined and the passthru function not disabled
 	if ($config['img_imagick'] && function_exists('passthru'))
 	{
-		passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+		@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+
 		if (file_exists($destination))
 		{
 			$used_imagick = true;
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1034,6 +1034,7 @@ function validate_match($string, $optional = false, $match)
 * Also checks if it includes the " character, which we don't allow in usernames.
 * Used for registering, changing names, and posting anonymously with a username
 *
+* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check?
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_username($username)
@ -1105,6 +1106,29 @@ function validate_username($username)
 	return false;
 }

+/**
+* Check to see if the password meets the complexity settings
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
+*/
+function validate_password($password)
+{
+	global $config, $db, $user;
+
+	if (!$password)
+	{
+		return false;
+	}
+
+	// We only check for existance of characters
+	if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password))
+	{
+		return 'INVALID_CHARS';
+	}
+
+	return false;
+}
+
 /**
 * Check to see if email address is banned or already present in the DB
 *
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@ -207,9 +207,18 @@ function lock_unlock($action, $ids)
 		$l_prefix = 'POST';
 	}

-	if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock', 'm_lock'))))
+	if (!($forum_id = check_ids($ids, $table, $sql_id, array('m_lock'))))
 	{
-		return;
+		// Make sure that for f_user_lock only the lock action is triggered.
+		if ($action != 'lock')
+		{
+			return;
+		}
+
+		if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock'))))
+		{
+			return;
+		}
 	}

 	$redirect = request_var('redirect', $user->data['session_page']);
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -51,7 +51,9 @@ class ucp_profile

 					// Do not check cur_password, it is the old one.
 					$var_ary = array(
-						'new_password'		=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'new_password'		=> array(
+							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('password')),
 						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'email'				=> array(
 							array('string', false, 6, 60),
@ -207,6 +209,7 @@ class ucp_profile
 				}

 				$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+				$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');

 				$template->assign_vars(array(
 					'ERROR'				=> (sizeof($error)) ? implode('<br />', $error) : '',
@ -218,7 +221,7 @@ class ucp_profile
 					'CUR_PASSWORD'		=> '',

 					'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),

 					'S_FORCE_PASSWORD'	=> ($config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false,
 					'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@ -117,7 +117,9 @@ class ucp_register
 				'username'			=> array(
 					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
 					array('username')),
-				'new_password'		=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+				'new_password'		=> array(
+					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+					array('password')),
 				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
 				'email'				=> array(
 					array('string', false, 6, 60),
@ -433,6 +435,7 @@ class ucp_register
 		}

 		$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+		$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');

 		$lang = (isset($lang)) ? $lang : $config['default_lang'];
 		$tz = (isset($tz)) ? $tz : $config['board_timezone'];
@ -450,7 +453,7 @@ class ucp_register
 			'L_CONFIRM_EXPLAIN'			=> sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
 			'L_REG_COND'				=> $l_reg_cond,
 			'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
-			'L_NEW_PASSWORD_EXPLAIN'	=> sprintf($user->lang['NEW_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+			'L_NEW_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),

 			'S_LANG_OPTIONS'	=> language_select($lang),
 			'S_TZ_OPTIONS'		=> tz_select($tz),
--- a/phpBB/language/en/acp/email.php
+++ b/phpBB/language/en/acp/email.php
@ -41,7 +41,7 @@ $lang = array_merge($lang, array(

 	'LOG_SESSION'			=> 'Log mail session to critical log',

-	'SEND_IMMEDIATLY'		=> 'Send immediatly',
+	'SEND_IMMEDIATLY'		=> 'Send immediately',
 	'SEND_TO_GROUP'			=> 'Send to group',
 	'SEND_TO_USERS'			=> 'Send to users',
 	'SEND_TO_USERS_EXPLAIN'	=> 'Entering names here will override any group selected above. Enter each username on a new line.',
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@ -53,7 +53,7 @@ $lang = array_merge($lang, array(
 	'BBCODE_S_HELP'				=> 'Font color: [color=red]text[/color]  Tip: you can also use color=#FF0000',
 	'BBCODE_U_HELP'				=> 'Underline text: [u]text[/u]  (alt+u)',
 	'BBCODE_W_HELP'				=> 'Insert URL: [url]http://url[/url] or [url=http://url]URL text[/url]  (alt+w)',
-	'BBCODE_D_HELP'				=> 'Flash: [flash=height,width]http://url[/flash]  (alt+d)',
+	'BBCODE_D_HELP'				=> 'Flash: [flash=width,height]http://url[/flash]  (alt+d)',
 	'BUMP_ERROR'				=> 'You cannot bump this topic so soon after the last post.',

 	'CANNOT_DELETE_REPLIED'		=> 'Sorry but you may only delete posts which have not been replied to.',
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@ -120,7 +120,6 @@ $lang = array_merge($lang, array(
 	'CANNOT_REMOVE_FOLDER'		=> 'This folder can not be removed.',
 	'CHANGE_DEFAULT_GROUP'		=> 'Change default group',
 	'CHANGE_PASSWORD'			=> 'Change password',
-	'CHANGE_PASSWORD_EXPLAIN'	=> 'Must be between %1$d and %2$d characters.',
 	'CLICK_RETURN_FOLDER'		=> '%1$sReturn to your "%3$s" folder%2$s',
 	'CONFIRMATION'				=> 'Confirmation of registration',
 	'CONFIRM_EMAIL'				=> 'Confirm email address',
@ -225,6 +224,8 @@ $lang = array_merge($lang, array(

 	'IF_FOLDER_FULL'			=> 'If folder is full',
 	'IMPORTANT_NEWS'			=> 'Important announcements',
+	'INVALID_CHARS_USERNAME'	=> 'The username contains forbidden characters.',
+	'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.',
 	'ITEMS_REQUIRED'			=> 'The items marked with * are required profile fields and need to be filled out',

 	'JOIN_SELECTED'				=> 'Join selected',
@ -261,7 +262,6 @@ $lang = array_merge($lang, array(
 	'NEW_FOLDER_NAME'			=> 'New folder name',
 	'NEW_PASSWORD'				=> 'Password',
 	'NEW_PASSWORD_ERROR'		=> 'The passwords you entered do not match.',
-	'NEW_PASSWORD_EXPLAIN'		=> 'Must be between %1$d and %2$d characters.',
 	'NOTIFY_METHOD'				=> 'Notification method',
 	'NOTIFY_METHOD_BOTH'		=> 'Both',
 	'NOTIFY_METHOD_EMAIL'		=> 'Email only',
@ -313,6 +313,10 @@ $lang = array_merge($lang, array(
 	'NO_WATCHED_FORUMS'			=> 'You are not watching any forums.',
 	'NO_WATCHED_TOPICS'			=> 'You are not watching any topics.',

+	'PASS_TYPE_ALPHA_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must contain alphanumerics',
+	'PASS_TYPE_ANY_EXPLAIN'		=> 'Must be between %1$d and %2$d characters.',
+	'PASS_TYPE_CASE_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must be mixed case',
+	'PASS_TYPE_SYMBOL_EXPLAIN'	=> 'Password must be between %1$d and %2$d chars long and must contain symbols',
 	'PASSWORD_ACTIVATED'		=> 'Your new password has been activated',
 	'PASSWORD_UPDATED'			=> 'Your password has been sent successfully to your original email address.',
 	'PERMISSIONS_RESTORED'		=> 'Successfully restored original permissions.',
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@ -106,7 +106,6 @@ if (!$auth->acl_getf_global('m_'))
 	// Except he is using one of the quickmod tools for users
 	$user_quickmod_actions = array(
 		'lock'			=> 'f_user_lock',
-		'unlock'		=> 'f_user_lock',
 		'make_sticky'	=> 'f_sticky',
 		'make_announce'	=> 'f_announce',
 		'make_global'	=> 'f_announce',
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -808,7 +808,7 @@ if ($submit || $preview || $refresh)
 		{
 			// Lock/Unlock Topic
 			$change_topic_status = $post_data['topic_status'];
-			$perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster']));
+			$perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;

 			if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
 			{
@ -1160,7 +1160,7 @@ $template->assign_vars(array(
 	'S_SIGNATURE_CHECKED'		=> ($sig_checked) ? ' checked="checked"' : '',
 	'S_NOTIFY_ALLOWED'			=> (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify']) ? false : true,
 	'S_NOTIFY_CHECKED'			=> ($notify_checked) ? ' checked="checked"' : '',
-	'S_LOCK_TOPIC_ALLOWED'		=> (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster']))) ? true : false,
+	'S_LOCK_TOPIC_ALLOWED'		=> (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
 	'S_LOCK_TOPIC_CHECKED'		=> ($lock_topic_checked) ? ' checked="checked"' : '',
 	'S_LOCK_POST_ALLOWED'		=> ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
 	'S_LOCK_POST_CHECKED'		=> ($lock_post_checked) ? ' checked="checked"' : '',
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -472,7 +472,7 @@ gen_forum_auth_level('topic', $forum_id, $topic_data['forum_status']);
 $allow_change_type = ($auth->acl_get('m_', $forum_id) || ($user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'])) ? true : false;

 $topic_mod = '';
-$topic_mod .= ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'])) ? (($topic_data['topic_status'] == ITEM_UNLOCKED) ? '<option value="lock">' . $user->lang['LOCK_TOPIC'] . '</option>' : '<option value="unlock">' . $user->lang['UNLOCK_TOPIC'] . '</option>') : '';
+$topic_mod .= ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'] && $topic_data['topic_status'] == ITEM_UNLOCKED)) ? (($topic_data['topic_status'] == ITEM_UNLOCKED) ? '<option value="lock">' . $user->lang['LOCK_TOPIC'] . '</option>' : '<option value="unlock">' . $user->lang['UNLOCK_TOPIC'] . '</option>') : '';
 $topic_mod .= ($auth->acl_get('m_delete', $forum_id)) ? '<option value="delete_topic">' . $user->lang['DELETE_TOPIC'] . '</option>' : '';
 $topic_mod .= ($auth->acl_get('m_move', $forum_id)) ? '<option value="move">' . $user->lang['MOVE_TOPIC'] . '</option>' : '';
 $topic_mod .= ($auth->acl_get('m_split', $forum_id)) ? '<option value="split">' . $user->lang['SPLIT_TOPIC'] . '</option>' : '';