makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Bug #13181 - Honor minimum and maximum password length in generated passwords as much as we can.

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10479 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Andreas Fischer 2010-02-07 00:20:46 +00:00
parent aec50a4328
commit c0836e8835
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View file

@ -93,6 +93,7 @@
<ul> <ul>
<li>[Fix] Correctly sort database backup file list by date on database restore page. (Bug #57385)</li> <li>[Fix] Correctly sort database backup file list by date on database restore page. (Bug #57385)</li>
<li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li> <li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li>
<li>[Fix] Honor minimum and maximum password length in generated passwords as much as we can. (Bug #13181)</li>
</ul> </ul>
<a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3> <a name="v306"></a><h3>1.ii. Changes since 3.0.6</h3>

11
phpBB/includes/ucp/ucp_remind.php
View file

@ -77,11 +77,12 @@ class ucp_remind
$server_url = generate_board_url(); $server_url = generate_board_url();
$key_len = 54 - strlen($server_url); // Make password at least 8 characters long, make it longer if admin wants to.
$key_len = max(6, $key_len); // we want at least 6 // gen_rand_string() however has a limit of 12 or 13.
$key_len = ($config['max_pass_chars']) ? min($key_len, $config['max_pass_chars']) : $key_len; // we want at most $config['max_pass_chars'] $user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
$user_actkey = substr(gen_rand_string(10), 0, $key_len);
$user_password = gen_rand_string(8); // For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(rand(6, 10));
$sql = 'UPDATE ' . USERS_TABLE . " $sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'