some fixes.

David, could you check the pass_complex expressions? They are:
.* PASS_TYPE_ANY (any characters are allowed, no check)
[a-zA-Z] PASS_TYPE_CASE (password must contain alphanumerics)
[a-zA-Z0-9] PASS_TYPE_ALPHA (password must contain alphanumerics and numbers)
[a-zA-Z\W] PASS_TYPE_SYMBOL (password must contain alphanumers, numbers and symbols)

At the moment the pass complexity check is done within validate_password(), but the expressions are wrong. :)


git-svn-id: file:///svn/phpbb/trunk@6317 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/functions_user.php

@@ -1034,6 +1034,7 @@ function validate_match($string, $optional = false, $match)
 * Also checks if it includes the " character, which we don't allow in usernames.
 * Used for registering, changing names, and posting anonymously with a username
 *
+* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check?
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_username($username)
@@ -1105,6 +1106,29 @@ function validate_username($username)
 	return false;
 }
 
+/**
+* Check to see if the password meets the complexity settings
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
+*/
+function validate_password($password)
+{
+	global $config, $db, $user;
+
+	if (!$password)
+	{
+		return false;
+	}
+
+	// We only check for existance of characters
+	if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password))
+	{
+		return 'INVALID_CHARS';
+	}
+
+	return false;
+}
+
 /**
 * Check to see if email address is banned or already present in the DB
 *