Password Generator Help

desjardins2013 · March 8, 2016, 5:33pm

Hey Guys/Gals

I’m trying to figure out a snippet to use that will create a strong password using upper, lower numbers and special characters BASED on user input… the form asks users if they want to include special chars, numbers, lower and upper…

based on the input it generated the password… what I can’t figure out is how to change the string based on input…

example, I tried this and I know it’s completely off

[php]if (!empty($_POST)) {
$incl_num = $_POST[‘incl_num’];
$special = $_POST[‘special’];
$upper = $_POST[‘upper’];
$lower = $_POST[‘lower’];
$length = $_POST[‘length’];
$set1 = ‘abcdefghijklmnopqrstuvwxyz’;
$set2 = ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’;
$set3 = ‘123456789’;
$set4 = ‘!$%^&)’;
$generate = TRUE;

	$set1 = $set1.if($incl_num==yes){echo $set3;}.if($special==yes){echo $set4;}.if($upper==yes){echo $set2;};[/php]

The idea was to have a base set being the lowercase number set and then check if the user requested the other sets and append them to the end of the original set…

any help would be appreciated.

Strider64 · March 8, 2016, 5:56pm

I would validate what the user enters, either accept it, reject it or just simply tell them that their password isn’t strong. It’s up to you how you want to handle passwords.

Here’s an example:

[php]function passwordCheck($password, $verify) {
$valid = [ ‘validPassword’ => TRUE, ‘matchPassword’ => FALSE];
/*
*
* Explaining !preg_match_all(’$\S*(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$’, $password)
* $ = beginning of string
* \S* = any set of characters
* (?=\S{8,}) = of at least length 8
* (?=\S*[a-z]) = containing at least one lowercase letter
* (?=\S*[A-Z]) = and at least one one uppercase letter
* (?=\S*[\d]) = and at least one number
* (?=\S*[\W]) = and at least a special character (non-word character)
* $ = end of the string:
*
/
if (!preg_match_all(’$\S(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$’, $password)) {
$valid[‘validPassword’] = false; // False means it’s an invalid password:
return $valid;
}
if ($password != $verify) {
$valid[‘matchPassword’] = false; // False means passwords don’t match:
$return $valid;
}
return $valid;
}[/php]

desjardins2013 · March 8, 2016, 6:06pm

Not really what I’m after - I want to take user input and generate a password based on input -

Here is the function I’m using…
[php]
function randomPassword() {
$alphabet = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789!$%^&’;
$pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass); //turn the array into a string
}
[/php]

Now I need to modify this to use upper case only if user selected to use uppercase on the form, use special chars only if the user selected to use special chars…

the form is asking user if they want to use ( UpperCase, LowerCase, Numbers, Special Chars & How many Chars to use )

so the function is using abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789!$%^&’ but if the user opted to not have uppercase I need to remove upper case if they opted to not have special chars I need remove special chars…

how can I accomplish this

JimL · March 8, 2016, 6:17pm

[php]<?php

function randomPassword($charset, $passLength) {
$pass = ‘’;
$charsetLength = strlen($charset);

for ($i = 0; $i < $passLength; $i++) {
    $n = mt_rand(0, $charsetLength); // mt_rand is a better rand
    $pass .= substr($charset, $n, 1); // easier to just append to a string than to add to an array just to implode it
}
return $pass;

}

$lower = isset($_POST[‘lower’]);
$upper = isset($_POST[‘upper’]);
$incl_num = isset($_POST[‘incl_num’]);
$special = isset($_POST[‘special’]);
$length = isset($_POST[‘length’]) ? $_POST[‘length’] : 8;

$set1 = ‘abcdefghijklmnopqrstuvwxyz’;
$set2 = ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’;
$set3 = ‘123456789’;
$set4 = ‘!$%^&)’;
$generate = TRUE;

$set = ‘’;

if ($lower) {
$set .= $set1;
}

if ($upper) {
$set .= $set2;
}

if ($incl_num) {
$set .= $set3;
}

if ($special) {
$set .= $set4;
}

echo randomPassword($set, 10); // 1U3!oV4Gjy[/php]

Could of course be improved and structured better. but it should get you going

desjardins2013 · March 8, 2016, 7:04pm

Thanks Jim

So here is what I got - just when I run it I get undefined var ‘set’

[php]

<?php if (!empty($_POST)) { $generate = TRUE; $lower = $_POST['lower']; $upper = $_POST['upper']; $incl_num = $_POST['incl_num']; $special = $_POST['special']; $length = $_POST['length']; $set1 = 'abcdefghijklmnopqrstuvwxyz'; $set2 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $set3 = '123456789'; $set4 = '!$%^&)'; $set = ''; if ($lower == 'Yes') { $set .= $set1; } if ($upper == 'Yes') { $set .= $set2; } if ($incl_num == 'Yes') { $set .= $set3; } if ($special == 'Yes') { $set .= $set4; } echo $set; function randomPassword() { $alphabet = $set; $pass = array(); //remember to declare $pass as an array $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache for ($i = 0; $i < 8; $i++) { $n = rand(0, $alphaLength); $pass[] = $alphabet[$n]; } return implode($pass); //turn the array into a string } } ?> " method="POST"> Include Numbers: Yes No Special Characters: Yes No Include Upper (A-Z): Yes No Include Lower (a-z): Yes No Select Length: 5 8 12 15 24 36 <input type="text" value="<?php echo randomPassword(); ?>"

</form>

[/php]

JimL · March 8, 2016, 7:07pm

You don’t pass $set into the function. I’d suggest you just use the one I supplied, it’s better.

desjardins2013 · March 8, 2016, 7:09pm

I rather try using what I have learning curve… what I posted here I didn’t have var being passed to func but I did try running it with randomPassword($set) that resulted in the same error…

desjardins2013 · March 8, 2016, 7:15pm

ok using your example now I’m getting result but only 1 digit…

[php]

<?php $generate = FALSE; if (!empty($_POST)) { $generate = TRUE; $lower = isset($_POST['lower']); $upper = isset($_POST['upper']); $incl_num = isset($_POST['incl_num']); $special = isset($_POST['special']); $length = isset($_POST['length']); $set1 = 'abcdefghijklmnopqrstuvwxyz'; $set2 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $set3 = '123456789'; $set4 = '!$%^&)'; $set = ''; if ($lower) { $set .= $set1; } if ($upper) { $set .= $set2; } if ($incl_num) { $set .= $set3; } if ($special) { $set .= $set4; } function randomPassword($charset, $passLength) { $pass = ''; $charsetLength = strlen($charset); for ($i = 0; $i < $passLength; $i++) { $n = mt_rand(0, $charsetLength); // mt_rand is a better rand $pass .= substr($charset, $n, 1); // easier to just append to a string than to add to an array just to implode it } return $pass; } } ?>

[/php]

Strider64 · March 8, 2016, 8:42pm

I still think you could incorporate php regex into what you are trying to do, I think it would be easier. But whatever… (I would still give the user the opportunity to accept or reject the generated password, unless it simply going to be used for verification or a one time membership).

An for security reasons, I don’t think you’ll generate a true secure password, for even people who do that for a living do a lot of testing before they make it public. An we’ll all have seen what happens when they fail.

ErnieAlex · March 9, 2016, 1:31pm

Also, not sure if the logic of this process is correct. Why go thru the process of making up a password for a user
and then altering their input? Seems like a waste of time and code. Just use the current standard of encrypting
the password and saving the hash of it. The user can pick their own password which is the way users prefer it.
(Most users would not want to have to memorize some complicated password of yours.)

I would think it would be better to just secure the user’s own password instead of forcing one on them. But, this
is just my humble opinion…