diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index e8db807154..81d06344af 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1605,8 +1605,9 @@ function validate_password($password)
 {
 	global $config, $db, $user;
 
-	if (!$password)
+	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
 	{
+		// Password empty or no password complexity required.
 		return false;
 	}
 
@@ -1617,7 +1618,6 @@ function validate_password($password)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
-		$let = '\p{L}';
 		$num = '\p{N}';
 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
 		$pcre = true;
@@ -1627,7 +1627,6 @@ function validate_password($password)
 		mb_regex_encoding('UTF-8');
 		$upp = '[[:upper:]]';
 		$low = '[[:lower:]]';
-		$let = '[[:lower:][:upper:]]';
 		$num = '[[:digit:]]';
 		$sym = '[^[:upper:][:lower:][:digit:]]';
 		$mbstring = true;
@@ -1636,7 +1635,6 @@ function validate_password($password)
 	{
 		$upp = '[A-Z]';
 		$low = '[a-z]';
-		$let = '[a-zA-Z]';
 		$num = '[0-9]';
 		$sym = '[^A-Za-z0-9]';
 		$pcre = true;
@@ -1646,22 +1644,22 @@ function validate_password($password)
 
 	switch ($config['pass_complex'])
 	{
+		// No break statements below ...
+		// We require strong passwords in case pass_complex is not set or is invalid
+		default:
+
+		// Require mixed case letters, numbers and symbols
+		case 'PASS_TYPE_SYMBOL':
+			$chars[] = $sym;
+
+		// Require mixed case letters and numbers
+		case 'PASS_TYPE_ALPHA':
+			$chars[] = $num;
+
+		// Require mixed case letters
 		case 'PASS_TYPE_CASE':
 			$chars[] = $low;
 			$chars[] = $upp;
-		break;
-
-		case 'PASS_TYPE_ALPHA':
-			$chars[] = $let;
-			$chars[] = $num;
-		break;
-
-		case 'PASS_TYPE_SYMBOL':
-			$chars[] = $low;
-			$chars[] = $upp;
-			$chars[] = $num;
-			$chars[] = $sym;
-		break;
 	}
 
 	if ($pcre)
diff --git a/tests/regex/password_complexity_test.php b/tests/regex/password_complexity_test.php
new file mode 100644
index 0000000000..21e8d12a0a
--- /dev/null
+++ b/tests/regex/password_complexity_test.php
@@ -0,0 +1,81 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
+
+class phpbb_password_complexity_test extends phpbb_test_case
+{
+	public function password_complexity_test_data_positive()
+	{
+		return array(
+			array('12345', 'PASS_TYPE_ANY'),
+			array('qwerty', 'PASS_TYPE_ANY'),
+			array('QWERTY', 'PASS_TYPE_ANY'),
+			array('QwerTY', 'PASS_TYPE_ANY'),
+			array('q$erty', 'PASS_TYPE_ANY'),
+			array('qW$rty', 'PASS_TYPE_ANY'),
+
+			array('QwerTY', 'PASS_TYPE_CASE'),
+			array('QwerTY123', 'PASS_TYPE_ALPHA'),
+			array('QwerTY123$&', 'PASS_TYPE_SYMBOL'),
+
+			array('', 'PASS_TYPE_ANY'),
+		);
+	}
+
+	public function password_complexity_test_data_negative()
+	{
+		return array(
+			array('qwerty', 'PASS_TYPE_CASE'),
+			array('QWERTY', 'PASS_TYPE_CASE'),
+			array('123456', 'PASS_TYPE_CASE'),
+			array('#$&', 'PASS_TYPE_CASE'),
+			array('QTY123$', 'PASS_TYPE_CASE'),
+
+			array('qwerty', 'PASS_TYPE_ALPHA'),
+			array('QWERTY', 'PASS_TYPE_ALPHA'),
+			array('123456', 'PASS_TYPE_ALPHA'),
+			array('QwertY', 'PASS_TYPE_ALPHA'),
+			array('qwerty123', 'PASS_TYPE_ALPHA'),
+			array('QWERTY123', 'PASS_TYPE_ALPHA'),
+			array('#$&', 'PASS_TYPE_ALPHA'),
+			array('QTY123$', 'PASS_TYPE_ALPHA'),
+
+			array('qwerty', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY', 'PASS_TYPE_SYMBOL'),
+			array('123456', 'PASS_TYPE_SYMBOL'),
+			array('QwertY', 'PASS_TYPE_SYMBOL'),
+			array('qwerty123', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY123', 'PASS_TYPE_SYMBOL'),
+			array('#$&', 'PASS_TYPE_SYMBOL'),
+			array('qwerty123$', 'PASS_TYPE_SYMBOL'),
+			array('QWERTY123$', 'PASS_TYPE_SYMBOL'),
+		);
+	}
+
+	/**
+	* @dataProvider password_complexity_test_data_positive
+	*/
+	public function test_password_complexity_positive($password, $mode)
+	{
+		global $config;
+		$config['pass_complex'] = $mode;
+		$this->assertFalse(validate_password($password));
+	}
+
+	/**
+	* @dataProvider password_complexity_test_data_negative
+	*/
+	public function test_password_complexity_negative($password, $mode)
+	{
+		global $config;
+		$config['pass_complex'] = $mode;
+		$this->assertEquals('INVALID_CHARS', validate_password($password));
+	}
+}