Merge branch 'ticket/bantu/9751' into develop-olympus

* ticket/bantu/9751: [ticket/9751] Add shortcut logic for pass_complex == PASS_TYPE_ANY. [ticket/9751] Compare $password with empty string instead of casting it to bool [ticket/9751] Use a switch/case block without break for password complexity. [ticket/9751] Password requirement "Must contain letters and numbers" fails
2025-02-24 20:13:22 +01:00 · 2011-04-01 15:11:10 +02:00 · 2011-04-01 15:11:10 +02:00 · f392f55d9b
commit f392f55d9b
parent 564ce6c7f6 4dce53628c
2 changed files with 96 additions and 17 deletions
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1605,8 +1605,9 @@ function validate_password($password)
 {
 	global $config, $db, $user;
-	if (!$password)
+	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
 	{
 		// Password empty or no password complexity required.
 		return false;
 	}
@ -1617,7 +1618,6 @@ function validate_password($password)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
 		$let = '\p{L}';
 		$num = '\p{N}';
 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
 		$pcre = true;
@ -1627,7 +1627,6 @@ function validate_password($password)
 		mb_regex_encoding('UTF-8');
 		$upp = '[[:upper:]]';
 		$low = '[[:lower:]]';
 		$let = '[[:lower:][:upper:]]';
 		$num = '[[:digit:]]';
 		$sym = '[^[:upper:][:lower:][:digit:]]';
 		$mbstring = true;
@ -1636,7 +1635,6 @@ function validate_password($password)
 	{
 		$upp = '[A-Z]';
 		$low = '[a-z]';
 		$let = '[a-zA-Z]';
 		$num = '[0-9]';
 		$sym = '[^A-Za-z0-9]';
 		$pcre = true;
@ -1646,22 +1644,22 @@ function validate_password($password)
 	switch ($config['pass_complex'])
 	{
 		// No break statements below ...
 		// We require strong passwords in case pass_complex is not set or is invalid
 		default:
 		// Require mixed case letters, numbers and symbols
 		case 'PASS_TYPE_SYMBOL':
 			$chars[] = $sym;
 		// Require mixed case letters and numbers
 		case 'PASS_TYPE_ALPHA':
 			$chars[] = $num;
 		// Require mixed case letters
 		case 'PASS_TYPE_CASE':
 			$chars[] = $low;
 			$chars[] = $upp;
 		break;
 		case 'PASS_TYPE_ALPHA':
 			$chars[] = $let;
 			$chars[] = $num;
 		break;
 		case 'PASS_TYPE_SYMBOL':
 			$chars[] = $low;
 			$chars[] = $upp;
 			$chars[] = $num;
 			$chars[] = $sym;
 		break;
 	}
 	if ($pcre)
--- a/tests/regex/password_complexity_test.php
+++ b/tests/regex/password_complexity_test.php
@ -0,0 +1,81 @@
 <?php
 /**
 *
 * @package testing
 * @copyright (c) 2010 phpBB Group
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 *
 */
 require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
 class phpbb_password_complexity_test extends phpbb_test_case
 {
 	public function password_complexity_test_data_positive()
 	{
 		return array(
 			array('12345', 'PASS_TYPE_ANY'),
 			array('qwerty', 'PASS_TYPE_ANY'),
 			array('QWERTY', 'PASS_TYPE_ANY'),
 			array('QwerTY', 'PASS_TYPE_ANY'),
 			array('q$erty', 'PASS_TYPE_ANY'),
 			array('qW$rty', 'PASS_TYPE_ANY'),
 			array('QwerTY', 'PASS_TYPE_CASE'),
 			array('QwerTY123', 'PASS_TYPE_ALPHA'),
 			array('QwerTY123$&', 'PASS_TYPE_SYMBOL'),
 			array('', 'PASS_TYPE_ANY'),
 		);
 	}
 	public function password_complexity_test_data_negative()
 	{
 		return array(
 			array('qwerty', 'PASS_TYPE_CASE'),
 			array('QWERTY', 'PASS_TYPE_CASE'),
 			array('123456', 'PASS_TYPE_CASE'),
 			array('#$&', 'PASS_TYPE_CASE'),
 			array('QTY123$', 'PASS_TYPE_CASE'),
 			array('qwerty', 'PASS_TYPE_ALPHA'),
 			array('QWERTY', 'PASS_TYPE_ALPHA'),
 			array('123456', 'PASS_TYPE_ALPHA'),
 			array('QwertY', 'PASS_TYPE_ALPHA'),
 			array('qwerty123', 'PASS_TYPE_ALPHA'),
 			array('QWERTY123', 'PASS_TYPE_ALPHA'),
 			array('#$&', 'PASS_TYPE_ALPHA'),
 			array('QTY123$', 'PASS_TYPE_ALPHA'),
 			array('qwerty', 'PASS_TYPE_SYMBOL'),
 			array('QWERTY', 'PASS_TYPE_SYMBOL'),
 			array('123456', 'PASS_TYPE_SYMBOL'),
 			array('QwertY', 'PASS_TYPE_SYMBOL'),
 			array('qwerty123', 'PASS_TYPE_SYMBOL'),
 			array('QWERTY123', 'PASS_TYPE_SYMBOL'),
 			array('#$&', 'PASS_TYPE_SYMBOL'),
 			array('qwerty123$', 'PASS_TYPE_SYMBOL'),
 			array('QWERTY123$', 'PASS_TYPE_SYMBOL'),
 		);
 	}
 	/**
 	* @dataProvider password_complexity_test_data_positive
 	*/
 	public function test_password_complexity_positive($password, $mode)
 	{
 		global $config;
 		$config['pass_complex'] = $mode;
 		$this->assertFalse(validate_password($password));
 	}
 	/**
 	* @dataProvider password_complexity_test_data_negative
 	*/
 	public function test_password_complexity_negative($password, $mode)
 	{
 		global $config;
 		$config['pass_complex'] = $mode;
 		$this->assertEquals('INVALID_CHARS', validate_password($password));
 	}
 }