Set password requirements in HTML / PHP? HOW

Hey guys,

Do any of you know how to set Password requirements in an HTML page?
Also but not necessarily i'd like to know how to only output the first letter of a password to a file.

Hopefully you guys can help me quickly (i need it for school :) )

You could use authenticate, if you just want to keep unwanted people from reaching a page:

http://php.net/manual/en/features.http-auth.php

That's not recommended if you want a userbase. You should use MySQL to store user information and password and hashes, but that's not something you can really put together quick before school.

Say you have a variable $password. You can get the first letter using the substr function:

$tmp = substr($password, 0, 1);

You need to access a file, so:

$fstr = fopen($file,'a'); //$file = `filename` ; a gives write permissions only at the end of the file
fwrite($fstr, $tmp);
fclose($file);

This will append the character to the end of the file.

1 Like

awesome, thankyou.

this project is really just for demonstrative purposes.
so that's why i didn't use mysql.

i'll try the first letter thing right away.

i know how to get acces to the file but still thank you.
I did have problems with permissions in the beginning though but i got it working.

The simplest solution, if you just want something that works and is very simple to implement, would be basic http authentication with .htpasswd files. This is the same method @Jeol suggested, but instead of writing the whole thing in PHP, you need only create a single file (and there are online tools that will do it for you) and Apache (your webserver) takes care of everything else for you.

If you can do this at all, YOUR PASSWORD SYSTEM IS BROKEN.

Passwords (even partial passwords) must never be stored in plain text. Not anywhere. Not for any amount of time. You need to hash them. It must be literally impossible to discover what the actual password is by only looking at the stored hash.

In PHP, the only functions you should be using for this purpose are password_hash() and friends. It's very simple to use and has good default options. It uses bcrypt for hashing and creates its own, secure salts. In short, it takes care of all the complicated parts for you and leaves you with a solid, secure way to handle passwords.

2 Likes

don't worry i know passwords should never be stored in plain text.
but i needed this to show how basic phishing works with phishing websites.

you can also create .htaccess and require basic password auth.