PHP Strings Primer - Checking password strength
(Page 21 of 37 )
Passwords are used everywhere in today's world. Unfortunately, poor passwords are used everywhere also. But, we can do something to help eliminate poor passwords from being used in systems we build. Namely, we can check to make sure they adhere to certain lengths. It is also possible to verify that they don't use the same characters within their password too frequently. Let's take a look at a basic script that will accomplish both of these tasks.
<?php $password = 'mississippi'; $length = strlen ($password); $unique = strlen (count_chars ($password, 3));
if ($length < 6) Â Â echo "Sorry. Passwords must be at least 6 characters.";
$difference = $length - $unique; if ($difference > 2) Â Â echo "Sorry. Too many of the same characters used."; ?> |
The password coded into this script will pass the first check but fail the second. The word mississippi is longer than 6 characters so it is obvious why it passes the first check. The second is not quite so evident, so let's take a closer look. In order to understand what is happening, we must know how the 'count_chars()' function works.
As you can see, the first parameter passed to the function is the string we want to analyze. The second parameter tells 'count_chars()' how to operate. There are 5 possible modes of operation, each represented by an integer between 0 and 4. Each of the modes is detailed below.
0 -This option returns an array with the ASCII value of the character as they key and the frequency it appeared as the value. All ASCII values from 0 to 255 are returned, regardless of their frequency. This is 'count_chars()' default mode of operation if none is specified.1 -This mode returns an array similar to mode 0, with the exception that only ASCII values with a frequency of greater than zero are listed.2 -ASCII values with frequency equal to zero are returned in an array as described in mode 0.3 -This mode returns a string containing each unique character used in the input string.4 -This last mode is the opposite of mode 3. It returns a string that contains all characters not used in the input string.
Now that we understand the different modes that can be used with 'count_chars()', the result from using the function in the above code should be clear. If we were to echo out the result from the 'count_chars()' function call, it would appear as so:
The result is the unique characters in the string. So, when we take the length of that result and subtract it from the length of the entire string, we are able to determine that the difference is outside of our threshold of 2.
There are many other password validation routines that you can run to be sure that passwords are secured. Other common methods are to check for a combination of alpha and numeric characters, ensure that the password does not contain common words, enforce the use of numeric characters in the middle of the password, and a whole host of others. We will examine some of these methods later in this tutorial.
Next: Generating Statistics >>
More Programming Basics Articles
More By Matt Wade