From 77295188fbec0561eed513a51af17512247ecd58 Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Sat, 11 Aug 2001 08:51:04 +0000 Subject: Fix for bug 94618: remove restrictions on valid characters in passwords. If crypt() takes it, why shouldn't we? Patch by Myk Melez r= justdave@syndicomm.com --- checksetup.pl | 5 ++--- globals.pl | 11 ++++------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/checksetup.pl b/checksetup.pl index d8414e6c3..14a58eee0 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -1508,9 +1508,8 @@ _End_Of_SQL_ chomp $pass1; if(! $pass1 ) { print "\n\nIt's just plain stupid to not have a password. Try again!\n"; - } elsif ( $pass1 !~ /^[a-zA-Z0-9-_]{3,16}$/ ) { - print "The password must be 3-16 characters in length - and contain only letters, numbers, hyphens (-), and underlines (_)."; + } elsif ( $pass1 !~ /^.{3,16}$/ ) { + print "The password must be 3-16 characters in length."; } } print "\nPlease retype the password to verify: "; diff --git a/globals.pl b/globals.pl index 29024e26d..a3412d634 100644 --- a/globals.pl +++ b/globals.pl @@ -658,10 +658,9 @@ sub GenerateRandomPassword { # Generated passwords are eight characters long by default. $size ||= 8; - # The list of characters that can appear in a password. - # If you change this you must also update &ValidatePassword below. - my @pwchars = (0..9, 'A'..'Z', 'a'..'z', '-', '_'); - #my @pwchars = (0..9, 'A'..'Z', 'a'..'z', '-', '_', '!', '@', '#', '$', '%', '^', '&', '*'); + # The list of characters that can appear in a randomly generated password. + # Note that users can put any character into a password they choose themselves. + my @pwchars = (0..9, 'A'..'Z', 'a'..'z', '-', '_', '!', '@', '#', '$', '%', '^', '&', '*'); # The number of characters in the list. my $pwcharslen = scalar(@pwchars); @@ -688,9 +687,7 @@ sub ValidatePassword { my ($password, $matchpassword) = @_; - if ( $password !~ /^[a-zA-Z0-9-_]*$/ ) { - return "The password contains an illegal character. Legal characters are letters, numbers, hyphens (-), and underlines (_)."; - } elsif ( length($password) < 3 ) { + if ( length($password) < 3 ) { return "The password is less than three characters long. It must be at least three characters."; } elsif ( length($password) > 16 ) { return "The password is more than 16 characters long. It must be no more than 16 characters."; -- cgit v1.2.3-24-g4f1b