2017 © Pedro Peláez
 

library php-password-checker

image

fusionspim/php-password-checker

  • Wednesday, March 7, 2018
  • by weshooper
  • Repository
  • 5 Watchers
  • 0 Stars
  • 251 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 5 Versions
  • 31 % Grown

The README.md

PHP Password Checker

Passwords must be at least 10 characters in length and not be commonly used - there's no means to override this., (*1)

Numeric looking passwords are rejected, to weed out obvious memorable dates and phone numbers., (*2)

All password checks are case insensitive., (*3)

$checker = new PasswordChecker;
$checker->validate('abc123'); // throws PasswordException (too short)
$checker->validate('password123'); // throws PasswordException (too common)
$checker->validate('123-456-7890'); // throws PasswordException (too numeric)
$checker->validate('31/12/1999'); // throws PasswordException (too numeric)
$checker->validate('we love php'); // returns true

That's it. Though you can add further (optional, but recommended) checks and restrictions., (*4)

Password reuse

Prevent password reuse by storing previous password hashes in your application and passing them in:, (*5)

$checker = new PasswordChecker;
$checker->setPreviousPasswords($arrayOfHashes); // generated from password_hash()
$checker->validate($userSuppliedPassword);

Password confirmation

If you ask users to confirm their new password, you can pass that in too - simply to have all checks handled consistently:, (*6)

$checker = new PasswordChecker;
$checker->setConfirmation($userSuppliedConfirmation);
$checker->validate($userSuppliedPassword);

User or application obvious

Provide a blacklist of words that are obvious in the context of the user/application. If they're within (i.e. not necessarily equal to) the user supplied password, validation will fail:, (*7)

$checker = new PasswordChecker(['clem', 'fandango', 'MyAmazingApp']);
$checker->validate('myamazingapp'); // throws PasswordException
$checker->validate('myamazingapp123'); // throws PasswordException
$checker->validate('clemfandango'); // throws PasswordException
$checker->validate('fandango123'); // throws PasswordException

Complexity requirements

Complexity requirements can be enabled to require user passwords to contain a lower case letter, upper case letter, number and special character., (*8)

This is disabled by default, since it isn't a recommended approach., (*9)

$checker = new PasswordChecker;
$checker->setComplexityRequirements([
    PasswordChecker::REQUIRE_LOWERCASE,
    PasswordChecker::REQUIRE_UPPERCASE,
    PasswordChecker::REQUIRE_NUMBER,
    PasswordChecker::REQUIRE_SYMBOL
]);
$checker->validate('myamazingapp'); // throws PasswordException
$checker->validate('myamazingapp123'); // throws PasswordException
$checker->validate('myamazongpp123!'); // throws PasswordException
$checker->validate('Myamazingapp123!); // return true

The Versions

07/03 2018

dev-master

9999999-dev

  Sources   Download

The Requires

  • php ^7.1

 

The Development Requires

07/03 2018

2.0.0

2.0.0.0

  Sources   Download

The Requires

  • php ^7.1

 

The Development Requires

07/03 2018

dev-feature/v2

dev-feature/v2

  Sources   Download

The Requires

  • php ^7.1

 

The Development Requires

05/03 2018

1.0.0

1.0.0.0

  Sources   Download

The Requires

  • php ^7.1

 

The Development Requires

04/03 2018

dev-expand

dev-expand

  Sources   Download

The Requires

 

The Development Requires