Bug Found: Password Length!

[Xudomus]

So I was having issues connecting to the game. I made accounts on the front page (here https://en.nostalrius.org/#iwannaplay), but every time I would try and log in, I would always get "Unable To Connect". I had made 2 different accounts with the same 20-character long password and both of them were unable to connect. I noticed on one of my login attempts that WoW client seem to stop recording input for a password after (I think) about 16 characters. I then made a third account with an 8-character password, and I was able to log in no problem. This may or may not be intentional, but it would be nice if the sign-up on the front page mentioned something about a maximum password length and/or rejected passwords that were too long.

[Aunstic]

Hmm... I guess no one really thought about the max length in the form. Even though it can be bypassed by editing the pattern through inspect element, it serves no purpose to do so unless you're trying to be malicious. In the post data, the password should also remove whitespace and trimmed to a maximum 16 characters (server-side).
---

You can restrict the input to a certain amount of characters.
Checking the source, I see they're just giving a minimum length:

Code: Select all

<input required="" name="password" type="password" pattern=".{6,16}" placeholder="Password" title="At least 6 characters">
<br>
<input required="" name="password2" type="password" pattern=".{6,16}" placeholder="Repeat password" title="Repeat password">

Not really a bug though. Just an issue with determining length even though a password shouldn't have a max length in the first place. It cuts down on how secure a password is after being hashed and stored in the database. Simple change, but also a useful one.

[AverageJoe]

So I was having issues connecting to the game. I made accounts on the front page (here https://en.nostalrius.org/#iwannaplay), but every time I would try and log in, I would always get "Unable To Connect". I had made 2 different accounts with the same 20-character long password and both of them were unable to connect. I noticed on one of my login attempts that WoW client seem to stop recording input for a password after (I think) about 16 characters. I then made a third account with an 8-character password, and I was able to log in no problem. This may or may not be intentional, but it would be nice if the sign-up on the front page mentioned something about a maximum password length and/or rejected passwords that were too long.

I had the exact same issue as you. When I made my first account, my password was 19 characters long and I kept getting "Unable to connect" messages when trying to login (Recently discovered you get two different login errors depending upon whether you enter a wrong account name or wrong password). When I made my second account, I lessened the character-count of my account and password to match the maximum length of the Account Name and Password fields inside the game client. It worked and I was able to login.

I made a thread way back at the end of March in the Suggestions forum essentially saying the same thing; it'd be helpful for new players if the registration page limited their account name and password to sync with the maximum length of the Account Name and Password fields inside the game client, but it never got any attention.