Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9751

Password requirement "Must contain letters and numbers" is not working properly

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.7-PL1
    • Fix Version/s: 3.0.9-RC1
    • Labels:
      None
    • Environment:
      Fresh phpBB 3.0.7-PL1 install on Linux server, PHP Version 5.2.13, MySQL(i) 5.1.43-community

      Description

      ACP > User registration settings > Password complexity
      The description says: "subsequent options include the previous ones"

      • No requirements --> Any characters
      • Must be mixed case --> Both uppercase and lowercase letter
      • Must contain letters and numbers: As for the description said, the password should contain: uppercase letters, lowercase letters and numbers. But it works also using only uppercase letters and numbers or lowercase letters and numbers.

      Therefore, I think there is a bug or the description should be more precise. The next level (symbols) seems to be correct: it requires uppercase letters, lowercase letters, numbers and symbols.

      Thank you in advance!

        Issue Links

          Activity

          Hide
          ToonArmy Chris Smith added a comment -

          The bug here is "Must contain letters and numbers" should enforce mixed case and numbers.

          Show
          ToonArmy Chris Smith added a comment - The bug here is "Must contain letters and numbers" should enforce mixed case and numbers.
          Hide
          ToonArmy Chris Smith added a comment -

          The change to allowing any case and numbers in the code despite the generated UCP text saying:

          Password must be between 6 and 30 characters long, must contain letters in mixed case and must contain numbers.

          From a user point of view that tells me I must have a lowercase and uppercase letter, and the administrators viewpoint is the same.

          I think we should alter the ACP to explicitly state what classes of letters are expected, and do away with the sum of previous plus selected limitation.

          Show
          ToonArmy Chris Smith added a comment - The change to allowing any case and numbers in the code despite the generated UCP text saying: Password must be between 6 and 30 characters long, must contain letters in mixed case and must contain numbers. From a user point of view that tells me I must have a lowercase and uppercase letter, and the administrators viewpoint is the same. I think we should alter the ACP to explicitly state what classes of letters are expected, and do away with the sum of previous plus selected limitation.
          Hide
          bantu Andreas Fischer added a comment -

          Agree with Chris.

          Show
          bantu Andreas Fischer added a comment - Agree with Chris.
          Hide
          RMcGirr83 Rich McGirr added a comment -

          ATM,

          There is
          'PASS_TYPE_ALPHA' => 'Must contain letters and numbers',
          'PASS_TYPE_ANY' => 'No requirements',
          'PASS_TYPE_CASE' => 'Must be mixed case',
          'PASS_TYPE_SYMBOL' => 'Must contain symbols',

          at least as it is defined within the ACP (which the PASS_TYPE_ALPHA also includes mixed case as mentioned), would a good alternative be

          No requirements
          Alpha and numeric
          Alpha mixed case
          Alpha mixed case and numeric
          Symbols

          ...and adjust the code accordingly?

          I was just working on this today and decided to do a search for it in the tracker.

          Show
          RMcGirr83 Rich McGirr added a comment - ATM, There is 'PASS_TYPE_ALPHA' => 'Must contain letters and numbers', 'PASS_TYPE_ANY' => 'No requirements', 'PASS_TYPE_CASE' => 'Must be mixed case', 'PASS_TYPE_SYMBOL' => 'Must contain symbols', at least as it is defined within the ACP (which the PASS_TYPE_ALPHA also includes mixed case as mentioned), would a good alternative be No requirements Alpha and numeric Alpha mixed case Alpha mixed case and numeric Symbols ...and adjust the code accordingly? I was just working on this today and decided to do a search for it in the tracker.

            People

            • Assignee:
              rxu Ruslan Uzdenov
              Reporter:
              roBBx roBBx
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development