mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 16:56:44 +02:00
some fixes.
David, could you check the pass_complex expressions? They are: .* PASS_TYPE_ANY (any characters are allowed, no check) [a-zA-Z] PASS_TYPE_CASE (password must contain alphanumerics) [a-zA-Z0-9] PASS_TYPE_ALPHA (password must contain alphanumerics and numbers) [a-zA-Z\W] PASS_TYPE_SYMBOL (password must contain alphanumers, numbers and symbols) At the moment the pass complexity check is done within validate_password(), but the expressions are wrong. :) git-svn-id: file:///svn/phpbb/trunk@6317 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
@@ -622,9 +622,11 @@ class acp_users
|
||||
$data['username'] = $data['user'];
|
||||
unset($data['user']);
|
||||
|
||||
// Validation data
|
||||
// Validation data - we do not check the password complexity setting here
|
||||
$var_ary = array(
|
||||
'user_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'user_password' => array(
|
||||
array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
array('password')),
|
||||
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'warnings' => array('num'),
|
||||
);
|
||||
@@ -772,6 +774,7 @@ class acp_users
|
||||
}
|
||||
|
||||
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
|
||||
$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
|
||||
|
||||
if ($user_id == $user->data['user_id'])
|
||||
{
|
||||
@@ -794,8 +797,8 @@ class acp_users
|
||||
}
|
||||
|
||||
$template->assign_vars(array(
|
||||
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[$config['allow_name_chars']] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
|
||||
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
|
||||
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
|
||||
|
||||
'S_OVERVIEW' => true,
|
||||
|
||||
@@ -535,7 +535,8 @@ function create_thumbnail($source, $destination, $mimetype)
|
||||
// Only use imagemagick if defined and the passthru function not disabled
|
||||
if ($config['img_imagick'] && function_exists('passthru'))
|
||||
{
|
||||
passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
|
||||
@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
|
||||
|
||||
if (file_exists($destination))
|
||||
{
|
||||
$used_imagick = true;
|
||||
|
||||
@@ -1034,6 +1034,7 @@ function validate_match($string, $optional = false, $match)
|
||||
* Also checks if it includes the " character, which we don't allow in usernames.
|
||||
* Used for registering, changing names, and posting anonymously with a username
|
||||
*
|
||||
* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check?
|
||||
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
||||
*/
|
||||
function validate_username($username)
|
||||
@@ -1105,6 +1106,29 @@ function validate_username($username)
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check to see if the password meets the complexity settings
|
||||
*
|
||||
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
||||
*/
|
||||
function validate_password($password)
|
||||
{
|
||||
global $config, $db, $user;
|
||||
|
||||
if (!$password)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// We only check for existance of characters
|
||||
if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password))
|
||||
{
|
||||
return 'INVALID_CHARS';
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check to see if email address is banned or already present in the DB
|
||||
*
|
||||
|
||||
@@ -207,9 +207,18 @@ function lock_unlock($action, $ids)
|
||||
$l_prefix = 'POST';
|
||||
}
|
||||
|
||||
if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock', 'm_lock'))))
|
||||
if (!($forum_id = check_ids($ids, $table, $sql_id, array('m_lock'))))
|
||||
{
|
||||
return;
|
||||
// Make sure that for f_user_lock only the lock action is triggered.
|
||||
if ($action != 'lock')
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock'))))
|
||||
{
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$redirect = request_var('redirect', $user->data['session_page']);
|
||||
|
||||
@@ -51,7 +51,9 @@ class ucp_profile
|
||||
|
||||
// Do not check cur_password, it is the old one.
|
||||
$var_ary = array(
|
||||
'new_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'new_password' => array(
|
||||
array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
array('password')),
|
||||
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'email' => array(
|
||||
array('string', false, 6, 60),
|
||||
@@ -207,6 +209,7 @@ class ucp_profile
|
||||
}
|
||||
|
||||
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
|
||||
$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
|
||||
|
||||
$template->assign_vars(array(
|
||||
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
|
||||
@@ -218,7 +221,7 @@ class ucp_profile
|
||||
'CUR_PASSWORD' => '',
|
||||
|
||||
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
|
||||
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
|
||||
'S_FORCE_PASSWORD' => ($config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false,
|
||||
'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
|
||||
|
||||
@@ -117,7 +117,9 @@ class ucp_register
|
||||
'username' => array(
|
||||
array('string', false, $config['min_name_chars'], $config['max_name_chars']),
|
||||
array('username')),
|
||||
'new_password' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'new_password' => array(
|
||||
array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
array('password')),
|
||||
'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'email' => array(
|
||||
array('string', false, 6, 60),
|
||||
@@ -433,6 +435,7 @@ class ucp_register
|
||||
}
|
||||
|
||||
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
|
||||
$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
|
||||
|
||||
$lang = (isset($lang)) ? $lang : $config['default_lang'];
|
||||
$tz = (isset($tz)) ? $tz : $config['board_timezone'];
|
||||
@@ -450,7 +453,7 @@ class ucp_register
|
||||
'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
|
||||
'L_REG_COND' => $l_reg_cond,
|
||||
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
|
||||
'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang['NEW_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
|
||||
|
||||
'S_LANG_OPTIONS' => language_select($lang),
|
||||
'S_TZ_OPTIONS' => tz_select($tz),
|
||||
|
||||
Reference in New Issue
Block a user