diff --git a/phpBB/cron.php b/phpBB/cron.php
index 38bcd38d3e..99a8b42955 100644
--- a/phpBB/cron.php
+++ b/phpBB/cron.php
@@ -23,6 +23,15 @@ $auth->acl($user->data);
$cron_type = request_var('cron_type', '');
$use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;
+// Output transparent gif
+header('Cache-Control: no-cache');
+header('Content-type: image/gif');
+header('Content-length: 43');
+
+echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
+
+flush();
+
/**
* Run cron-like action
* Real cron-based layer will be introduced in 3.2
@@ -217,14 +226,6 @@ else
garbage_collection();
}
-// Output transparent gif
-header('Cache-Control: no-cache');
-header('Content-type: image/gif');
-header('Content-length: 43');
-
-echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
-
-flush();
exit;
?>
\ No newline at end of file
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index e658609c5f..fa4327c169 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -622,9 +622,11 @@ class acp_users
$data['username'] = $data['user'];
unset($data['user']);
- // Validation data
+ // Validation data - we do not check the password complexity setting here
$var_ary = array(
- 'user_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+ 'user_password' => array(
+ array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+ array('password')),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'warnings' => array('num'),
);
@@ -772,6 +774,7 @@ class acp_users
}
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+ $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
if ($user_id == $user->data['user_id'])
{
@@ -794,8 +797,8 @@ class acp_users
}
$template->assign_vars(array(
- 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[$config['allow_name_chars']] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
- 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+ 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
+ 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
'S_OVERVIEW' => true,
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 6fc9d83be6..e54c27ed53 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -535,7 +535,8 @@ function create_thumbnail($source, $destination, $mimetype)
// Only use imagemagick if defined and the passthru function not disabled
if ($config['img_imagick'] && function_exists('passthru'))
{
- passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+ @passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+
if (file_exists($destination))
{
$used_imagick = true;
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 870c20f665..b5dfecb45f 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1034,6 +1034,7 @@ function validate_match($string, $optional = false, $match)
* Also checks if it includes the " character, which we don't allow in usernames.
* Used for registering, changing names, and posting anonymously with a username
*
+* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check?
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_username($username)
@@ -1105,6 +1106,29 @@ function validate_username($username)
return false;
}
+/**
+* Check to see if the password meets the complexity settings
+*
+* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
+*/
+function validate_password($password)
+{
+ global $config, $db, $user;
+
+ if (!$password)
+ {
+ return false;
+ }
+
+ // We only check for existance of characters
+ if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password))
+ {
+ return 'INVALID_CHARS';
+ }
+
+ return false;
+}
+
/**
* Check to see if email address is banned or already present in the DB
*
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index b77c3e4451..fe1047db79 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -207,9 +207,18 @@ function lock_unlock($action, $ids)
$l_prefix = 'POST';
}
- if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock', 'm_lock'))))
+ if (!($forum_id = check_ids($ids, $table, $sql_id, array('m_lock'))))
{
- return;
+ // Make sure that for f_user_lock only the lock action is triggered.
+ if ($action != 'lock')
+ {
+ return;
+ }
+
+ if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock'))))
+ {
+ return;
+ }
}
$redirect = request_var('redirect', $user->data['session_page']);
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index d757d6e14d..eec8d4c3da 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -51,7 +51,9 @@ class ucp_profile
// Do not check cur_password, it is the old one.
$var_ary = array(
- 'new_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+ 'new_password' => array(
+ array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+ array('password')),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'email' => array(
array('string', false, 6, 60),
@@ -207,6 +209,7 @@ class ucp_profile
}
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+ $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('
', $error) : '',
@@ -218,7 +221,7 @@ class ucp_profile
'CUR_PASSWORD' => '',
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
- 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang['CHANGE_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+ 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
'S_FORCE_PASSWORD' => ($config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false,
'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 01b92125ac..2a4e376f14 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -117,7 +117,9 @@ class ucp_register
'username' => array(
array('string', false, $config['min_name_chars'], $config['max_name_chars']),
array('username')),
- 'new_password' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+ 'new_password' => array(
+ array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+ array('password')),
'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
'email' => array(
array('string', false, 6, 60),
@@ -433,6 +435,7 @@ class ucp_register
}
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
+ $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
$lang = (isset($lang)) ? $lang : $config['default_lang'];
$tz = (isset($tz)) ? $tz : $config['board_timezone'];
@@ -450,7 +453,7 @@ class ucp_register
'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '', ''),
'L_REG_COND' => $l_reg_cond,
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
- 'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang['NEW_PASSWORD_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
+ 'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
'S_LANG_OPTIONS' => language_select($lang),
'S_TZ_OPTIONS' => tz_select($tz),
diff --git a/phpBB/language/en/acp/email.php b/phpBB/language/en/acp/email.php
index c72bdbcb68..73f061c1db 100644
--- a/phpBB/language/en/acp/email.php
+++ b/phpBB/language/en/acp/email.php
@@ -41,7 +41,7 @@ $lang = array_merge($lang, array(
'LOG_SESSION' => 'Log mail session to critical log',
- 'SEND_IMMEDIATLY' => 'Send immediatly',
+ 'SEND_IMMEDIATLY' => 'Send immediately',
'SEND_TO_GROUP' => 'Send to group',
'SEND_TO_USERS' => 'Send to users',
'SEND_TO_USERS_EXPLAIN' => 'Entering names here will override any group selected above. Enter each username on a new line.',
diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php
index 30ed20d2f2..518b3ec672 100644
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@@ -53,7 +53,7 @@ $lang = array_merge($lang, array(
'BBCODE_S_HELP' => 'Font color: [color=red]text[/color] Tip: you can also use color=#FF0000',
'BBCODE_U_HELP' => 'Underline text: [u]text[/u] (alt+u)',
'BBCODE_W_HELP' => 'Insert URL: [url]http://url[/url] or [url=http://url]URL text[/url] (alt+w)',
- 'BBCODE_D_HELP' => 'Flash: [flash=height,width]http://url[/flash] (alt+d)',
+ 'BBCODE_D_HELP' => 'Flash: [flash=width,height]http://url[/flash] (alt+d)',
'BUMP_ERROR' => 'You cannot bump this topic so soon after the last post.',
'CANNOT_DELETE_REPLIED' => 'Sorry but you may only delete posts which have not been replied to.',
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 39a3831e9a..c9c22c6221 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -120,7 +120,6 @@ $lang = array_merge($lang, array(
'CANNOT_REMOVE_FOLDER' => 'This folder can not be removed.',
'CHANGE_DEFAULT_GROUP' => 'Change default group',
'CHANGE_PASSWORD' => 'Change password',
- 'CHANGE_PASSWORD_EXPLAIN' => 'Must be between %1$d and %2$d characters.',
'CLICK_RETURN_FOLDER' => '%1$sReturn to your "%3$s" folder%2$s',
'CONFIRMATION' => 'Confirmation of registration',
'CONFIRM_EMAIL' => 'Confirm email address',
@@ -225,6 +224,8 @@ $lang = array_merge($lang, array(
'IF_FOLDER_FULL' => 'If folder is full',
'IMPORTANT_NEWS' => 'Important announcements',
+ 'INVALID_CHARS_USERNAME' => 'The username contains forbidden characters.',
+ 'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.',
'ITEMS_REQUIRED' => 'The items marked with * are required profile fields and need to be filled out',
'JOIN_SELECTED' => 'Join selected',
@@ -261,7 +262,6 @@ $lang = array_merge($lang, array(
'NEW_FOLDER_NAME' => 'New folder name',
'NEW_PASSWORD' => 'Password',
'NEW_PASSWORD_ERROR' => 'The passwords you entered do not match.',
- 'NEW_PASSWORD_EXPLAIN' => 'Must be between %1$d and %2$d characters.',
'NOTIFY_METHOD' => 'Notification method',
'NOTIFY_METHOD_BOTH' => 'Both',
'NOTIFY_METHOD_EMAIL' => 'Email only',
@@ -313,6 +313,10 @@ $lang = array_merge($lang, array(
'NO_WATCHED_FORUMS' => 'You are not watching any forums.',
'NO_WATCHED_TOPICS' => 'You are not watching any topics.',
+ 'PASS_TYPE_ALPHA_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must contain alphanumerics',
+ 'PASS_TYPE_ANY_EXPLAIN' => 'Must be between %1$d and %2$d characters.',
+ 'PASS_TYPE_CASE_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must be mixed case',
+ 'PASS_TYPE_SYMBOL_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must contain symbols',
'PASSWORD_ACTIVATED' => 'Your new password has been activated',
'PASSWORD_UPDATED' => 'Your password has been sent successfully to your original email address.',
'PERMISSIONS_RESTORED' => 'Successfully restored original permissions.',
diff --git a/phpBB/mcp.php b/phpBB/mcp.php
index 0ecef72efa..1b09eb1e2c 100644
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@@ -106,7 +106,6 @@ if (!$auth->acl_getf_global('m_'))
// Except he is using one of the quickmod tools for users
$user_quickmod_actions = array(
'lock' => 'f_user_lock',
- 'unlock' => 'f_user_lock',
'make_sticky' => 'f_sticky',
'make_announce' => 'f_announce',
'make_global' => 'f_announce',
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 8210767ec2..fc3ce33c11 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -808,7 +808,7 @@ if ($submit || $preview || $refresh)
{
// Lock/Unlock Topic
$change_topic_status = $post_data['topic_status'];
- $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster']));
+ $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
{
@@ -1160,7 +1160,7 @@ $template->assign_vars(array(
'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '',
'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify']) ? false : true,
'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '',
- 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster']))) ? true : false,
+ 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '',
'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 9a8b893e59..14ab1f69ee 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -472,7 +472,7 @@ gen_forum_auth_level('topic', $forum_id, $topic_data['forum_status']);
$allow_change_type = ($auth->acl_get('m_', $forum_id) || ($user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'])) ? true : false;
$topic_mod = '';
-$topic_mod .= ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'])) ? (($topic_data['topic_status'] == ITEM_UNLOCKED) ? '' : '') : '';
+$topic_mod .= ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $topic_data['topic_poster'] && $topic_data['topic_status'] == ITEM_UNLOCKED)) ? (($topic_data['topic_status'] == ITEM_UNLOCKED) ? '' : '') : '';
$topic_mod .= ($auth->acl_get('m_delete', $forum_id)) ? '' : '';
$topic_mod .= ($auth->acl_get('m_move', $forum_id)) ? '' : '';
$topic_mod .= ($auth->acl_get('m_split', $forum_id)) ? '' : '';