--- logintoboggan.orig	2008-10-14 16:31:00.000000000 +1300
+++ logintoboggan.module	2008-10-14 16:36:52.000000000 +1300
@@ -660,6 +660,12 @@
     '#default_value' => variable_get('toboggan_min_pass_length', 0),
     '#description' => t('LoginToboggan automatically performs basic password validation for illegal characters. If you would additionally like to have a mimimum password length requirement, select the length here, or set to \'None\' for no password length validation.')
   );
+  $form['other']['toboggan_no_badchars'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Check for bad characters'),
+    '#default_value' => variable_get('toboggan_no_badchars', TRUE) ? 1 : 0,
+    '#description' => t('LoginToboggan can prevent "bad" characters from being used in passwords.')
+  );
 
   return system_settings_form($form);
 }
@@ -721,18 +727,20 @@
   */
 function logintoboggan_validate_pass($pass) {
   if (!strlen($pass)) return t('You must enter a password.');
-  if (ereg(' ', $pass)) return t('The password cannot contain spaces.');
-  if (ereg("[^\x80-\xF7[:graph:]]", $pass)) return t('The password contains an illegal character.');
-  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
-                   '\x{AD}'.                 // Soft-hyphen
-                   '\x{2000}-\x{200F}'.      // Various space characters
-                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
-                   '\x{205F}-\x{206F}'.      // Various text hinting characters
-                   '\x{FEFF}'.               // Byte order mark
-                   '\x{FF01}-\x{FF60}'.      // Full-width latin
-                   '\x{FFF9}-\x{FFFD}]/u',   // Replacement characters
-                   $pass)) {
-    return t('The password contains an illegal character.');
+  if ( variable_get( 'toboggan_no_badchars', TRUE ) ) {
+    if (ereg(' ', $pass)) return t('The password cannot contain spaces.');
+    if (ereg("[^\x80-\xF7[:graph:]]", $pass)) return t('The password contains an illegal character.');
+    if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
+                     '\x{AD}'.                 // Soft-hyphen
+                     '\x{2000}-\x{200F}'.      // Various space characters
+                     '\x{2028}-\x{202F}'.      // Bidirectional text overrides
+                     '\x{205F}-\x{206F}'.      // Various text hinting characters
+                     '\x{FEFF}'.               // Byte order mark
+                     '\x{FF01}-\x{FF60}'.      // Full-width latin
+                     '\x{FFF9}-\x{FFFD}]/u',   // Replacement characters
+                     $pass)) {
+      return t('The password contains an illegal character.');
+    }
   }
   if (strlen($pass) > 30) return t('The password is too long: it must be less than 30 characters.');
   $min_pass_length = variable_get('toboggan_min_pass_length', 0);