103

So a user reported they couldn't login to our site, so I reset their password to:

uI+ffRT7M2NAzo8uOqzf4QxO3I9tj8PJ4TS0n8zDV7I

And sent them back an email with the updated password. A few minutes later, they replied and said that password didn't work. They even tried a different web browser, etc. I tried it myself, and sure enough, it didn't work.

I spent the next several hours trying to figure out why the password didn't save properly, or why the logic didn't compare them correctly. Perhaps it was some sort of caching issue? Oh the horror.

As it turns out, the problem was a maxlength of 28 on the login form field:

<input type="password" name="password" value="" maxlength="28"/>

I don't know who wrote that code, but it sure wasn't me.

Comments
Add Comment