-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password longer than 64 characters is accepted on registration #3790
Comments
Thank you for the report. Looking at this there are two options.
If you have a preference, let me know. |
The second option might be what is happening right now. At least the registration was accepted, but I didn't confirm that the password was just the truncated original, instead made a new one. But I would prefer the first option, that is used everywhere else, and would make less of a surprise, than the first, when the registration is successful, but with a different password, than was originally supplied. |
Sounds good to me ... Spuds@961b2eb should take care of the issue during registration and password changes. |
Describe the bug
When making a new account, the criteria for the password is not written anywhere. When pasting a longer than 64 characters password into the field, it does not display that it's too long. The registration succeeds, but when trying to log in with it, it displays "The supplied password is too long."
ElkArte info
To Reproduce
Steps to reproduce the behavior:
Expected behavior
That the register page has some text that the password has to be at most 64 characters long, and when someone uses a longer password, it warns them again, instead of accepting it.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here such as Webserver version, Database type & version, etc.
The text was updated successfully, but these errors were encountered: