PHP Library to generate random passwords

Overview

Password Generator Library

Simple library for generating random passwords.

Build Status SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

Requirements

  • PHP >= 7.1

We only support PHP 7.3+

Installation

Install Composer

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

Now tell composer to download the library by running the command:

$ composer require hackzilla/password-generator

Composer will add the library to your composer.json file and install it into your project's vendor/hackzilla directory.

Simple Usage

use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;

$generator = new ComputerPasswordGenerator();

$generator
  ->setOptionValue(ComputerPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_LOWER_CASE, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_NUMBERS, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_SYMBOLS, false)
;

$password = $generator->generatePassword();

More Passwords Usage

If you want to generate 10 passwords that are 12 characters long.

use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;

$generator = new ComputerPasswordGenerator();

$generator
  ->setUppercase()
  ->setLowercase()
  ->setNumbers()
  ->setSymbols(false)
  ->setLength(12);

$password = $generator->generatePasswords(10);

Hybrid Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\HybridPasswordGenerator;

$generator = new HybridPasswordGenerator();

$generator
  ->setUppercase()
  ->setLowercase()
  ->setNumbers()
  ->setSymbols(false)
  ->setSegmentLength(3)
  ->setSegmentCount(4)
  ->setSegmentSeparator('-');

$password = $generator->generatePasswords(10);

If you can think of a better name for this password generator then let me know.

The segment separator will be remove from the possible characters.

Human Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\HumanPasswordGenerator;

$generator = new HumanPasswordGenerator();

$generator
  ->setWordList('/usr/share/dict/words')
  ->setWordCount(3)
  ->setWordSeparator('-');

$password = $generator->generatePasswords(10);

Requirement Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\RequirementPasswordGenerator;

$generator = new RequirementPasswordGenerator();

$generator
  ->setLength(16)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_SYMBOLS, true)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 2)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 8)
;

$password = $generator->generatePassword();

A limit can be removed by passing null

$generator
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, null)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, null)
;

When setting the minimum and maximum values, be careful of unachievable settings.

For example the following will end up in an infinite loop.

$generator
  ->setLength(4)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, false)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 5)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 1)
;

For the moment you can call $generator->validLimits() to test whether the counts will cause problems. If the method returns true, then you can proceed. If false, then generatePassword() will likely cause an infinite loop.

Example Implementations

Random Note

Since version 1.5.0, the library depends on the presence of random_int which is found in PHP 7.0+

Comments
  • Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest

    Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest

    Hello,

    as I have updated Composer to version 1.10.5 2020-04-10 11:44:22, I get the following warning now when I run the following command:

    composer self-update && composer install --no-dev && composer update --lock

    Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest 
    
    opened by tonix-tuft 7
  • Ability to set max length of HumanPasswordGenerator

    Ability to set max length of HumanPasswordGenerator

    You can set the number of words, but it would be nice if you could set the minimum length of the words, and the max length of the password.

    Or be able to set the max length of the password, and the minimum number of words in it.

    enhancement 
    opened by tomsommer 6
  • RequirementPasswordGenerator returns password with different length

    RequirementPasswordGenerator returns password with different length

    Hi! I have a problem with RequirementPasswordGenerator. It generates password with different length on production server with OPcache. I set length = 8, but it sometimes generates password with length 6, 2, etc.

    I couldn't find any reason why this happens. On dev environment everything works fine.

    Symfony: 3.3.9 PHP 7.1.14-1 with FPM

    public function generatePassword(): string
        {
            $this->passwordGenerator
                ->setLength(self::PASS_MIN_LENGTH) // must have a minimum of eight characters,
                ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true) // must be composed of numbers...
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 1) // ...at least one number...
                ->setOptionValue(RequirementPasswordGenerator::OPTION_SYMBOLS, true) // ...and special characters
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 1)
                ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true) // at least one upper
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 1)
                ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true) // ...and one lower
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 1);
    
           // I've written this code to generate pass with required length (FIX)
            do {
                $password = $this->passwordGenerator->generatePassword();
            } while (\strlen($password) !== self::PASS_MIN_LENGTH);
    
            return $password;
        }
    
    question 
    opened by adamsafr 5
  • Specify character list

    Specify character list

    I have a specific requirement where in I can only use certain special characters. Is there anyway to specify what ones will be used when generating a password?

    Another odd requirement is my first character must be alphanumeric, but I can do this after with substr.

    opened by poxin13 4
  • option to set amount of numbers/special characters etc.

    option to set amount of numbers/special characters etc.

    My password validation needs passwords which contain at least two numbers in the password. I'm using this code:

    $generator = new ComputerPasswordGenerator(); $generator ->setOptionValue(ComputerPasswordGenerator::OPTION_UPPER_CASE, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_LOWER_CASE, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_NUMBERS, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_SYMBOLS, true) ->setLength(12); $password = $generator->generatePassword();

    Sometimes I get passwords with only one number. Is there an option to define how many of each character classes will be in the password?

    enhancement 
    opened by akorinek 4
  • In some test detect that package with correct call, not generate password correct

    In some test detect that package with correct call, not generate password correct

    use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;
    
    $generator = new ComputerPasswordGenerator();
    $generator->setUppercase(true)->setLowercase(true)->setNumbers(true)->setSymbols(true)->setLength(12)
    
    $password = $generator->generatePasswords(10);
    => [
         "Qk-K4%*n,]%w",
         "[email protected]",
         "%r{?)e5x64$^", // Wrong. Not uppercase
         ")KeT(YkW4q)S",
         "LD5KRnbQ9e/2",
         "Y7Ej{%.D>mv}",
         "e6}f2ERf>eCn",
         "L6!%e<!QSy,2",
         "V[[email protected]/W",
         "M=LJajjm]C!=",
       ]
    
    

    The problem skipped me when, when using the package in my tests, the validation of the passwords in the generation of password for the creation of users failed me.

    opened by abkrim 2
  • Must include

    Must include

    Hi I there anyway that you can set that is MUST include one for each of the following

    ->setUppercase(true) ->setLowercase(true) ->setNumbers(true) ->setSymbols(false)

    opened by TwinMist 2
  • make the used random source configurable

    make the used random source configurable

    The most critical part of a password-generator is the source of randomness. The ComputerPasswordGenerator however uses mt_rand which "should not be used for cryptographic purposes" (PHP manual).

    Please consider to use a service for the randomness provider and make this service configurable. I'm afraid however that this would break backwards compatibility.

    enhancement 
    opened by ghost 2
  • Cannot set my own special symbols

    Cannot set my own special symbols

    Hi, I cannot add my own symbols, is it possible someway? I tried to defined own option and parameter to it $generator ->setLength(25) ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true) ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true) ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true) ->setOption($symbols, array('type' => Option::TYPE_BOOLEAN, 'default' => false)) ->setParameter($symbols, '[email protected]#$%^&*?_~-,.+') ->setOptionValue($symbols, true)

    but i allways get Hackzilla\PasswordGenerator\Exception\InvalidOptionException. Is there some way to defined it? I need to generate password with specifical symbols. Thanks

    opened by patrikvalentaa 1
  • Fix file and class names for NoRandomGeneratorTest

    Fix file and class names for NoRandomGeneratorTest

    The latest composer snapshot throws the following error when trying to generate an optimised autoloader:

    Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest located in ./vendor/hackzilla/password-generator/Tests/RandomGenerator/NoPasswordGeneratorTest.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v1.11+.
    
    opened by SunMar 1
  • PasswordGeneratorInterface lacks document blocks

    PasswordGeneratorInterface lacks document blocks

    Currently \Hackzilla\PasswordGenerator\Generator\PasswordGeneratorInterface has no document blocks. This confuses any IDE while dealing with chain calls on setOptionValue().

    When I have 5 minutes I will do a PR ;)

    opened by kiler129 1
  • Use random_compat to provide the default source of randomness

    Use random_compat to provide the default source of randomness

    Per #11, there is now a note about using a better source of randomness if possible, and a "PHP 7" generator which uses the crypto-safe random_int function.

    However, if you add a composer dependency for paragonie/random_compat, you can make random_int the default source on all the versions of PHP you support, and that library will automatically polyfill it with the best source available.

    enhancement 
    opened by IMSoP 1
A library for generating and validating passwords

PHP-PasswordLib Build Status Version The current version is considered Beta. This means that it is ready enough to test and use, but beware that you s

Anthony Ferrara 371 Nov 24, 2022
Realistic PHP password strength estimate library based on Zxcvbn JS

Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the the Javascript zxcvbn p

Ben Jeavons 767 Dec 15, 2022
Compatibility with the password_* functions that ship with PHP 5.5

password_compat This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5. See the RFC for more d

Anthony Ferrara 2.2k Dec 30, 2022
A password policy enforcer for PHP and JavaScript

PasswordPolicy A tool for checking and creating password policies in PHP and JS. Installation Use composer to setup an autoloader php composer.phar in

Anthony Ferrara 74 Dec 2, 2022
GenPhrase is a secure passphrase generator for PHP applications.

About GenPhrase is a secure passphrase generator for PHP applications. GenPhrase is based on passwdqc's pwqgen program. See http://www.openwall.com/pa

timoh 110 Nov 30, 2022
Python implementation of the portable PHP password hashing framework

Portable PHP password hashing framework implemented in Python. This Python implementation meant to be an exact port of the the original PHP version.

Rez 46 Jul 19, 2022
Validates passwords against PHP's password_hash function using PASSWORD_DEFAULT. Will rehash when needed, and will upgrade legacy passwords with the Upgrade decorator.

Password Validator Password Validator validates password_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords.

Jeremy Kendall 142 Dec 25, 2022
Fetches random integers from random.org instead of using PHP's PRNG implementation

TrulyRandom Composer-compatible library to interact with random.org's API in order to generate truly random lists of integers, sequences of integers,

Erik Wurzer 46 Nov 25, 2022
Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords.

Laravel Otpify ?? Introduction Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords. Install

Prasanth Jayakumar 2 Sep 2, 2022
Generate Heroku-like random names to use in your php applications.

HaikunatorPHP Generate Heroku-like random names to use in your PHP applications. Installation composer require atrox/haikunator Usage Haikunator is p

Atrox 99 Jul 19, 2022
Generate random typed values and in any shape.

PHP Typed Generators Description Generate random typed values and in any shape. Useful for writing your tests, there's no need to write static set of

(infinite) loophp 2 Jun 8, 2022
A library for generating and validating passwords

PHP-PasswordLib Build Status Version The current version is considered Beta. This means that it is ready enough to test and use, but beware that you s

Anthony Ferrara 371 Nov 24, 2022
A simple package to validate against common passwords and help keep your application secure.

common-passwords A simple package to validate against common passwords and help keep your application secure. composer require crumbls/common-password

Crumbls 4 Oct 16, 2021
Prevent users from reusing recently used passwords

Laravel Password History Validation Prevent users from reusing recently used passwords. Installation You can install the package via composer: compose

Paul Edward 67 Oct 10, 2022
Self-hosted platform to keep and share your content: web links, posts, passwords and pictures.

Shaark is a self-hosted platform to keep and share your content: web links, posts, passwords and pictures. All of your data can be private, public or

MarceauKa 482 Dec 30, 2022
Harden request headers, login interface and passwords to increase backend security.

JvMTECH.NeosHardening Package for Neos CMS Harden request headers, login interface and passwords to increase backend security. Installation composer r

Jung von Matt TECH 3 May 4, 2022
MySecureVault is the most secure passwords, notes and files vault on the Internet.

MySecureVault MySecureVault is the most secure passwords, notes and files vault on the Internet. It has been developed with ultimate privacy and secur

MySecureVault 1 Jan 26, 2022
PHP library for generating random avatars based on avataaars

PHP Avataaar PHP library for generating random avatars based on avataaars. Installation Dependencies PHP 8.0 Composer 2.0 Install Install the library

John Ciacia 2 Feb 27, 2022
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022