PHP Library to generate random passwords

Overview

Password Generator Library

Simple library for generating random passwords.

Build Status SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

Requirements

  • PHP >= 7.1

We only support PHP 7.3+

Installation

Install Composer

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

Now tell composer to download the library by running the command:

$ composer require hackzilla/password-generator

Composer will add the library to your composer.json file and install it into your project's vendor/hackzilla directory.

Simple Usage

use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;

$generator = new ComputerPasswordGenerator();

$generator
  ->setOptionValue(ComputerPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_LOWER_CASE, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_NUMBERS, true)
  ->setOptionValue(ComputerPasswordGenerator::OPTION_SYMBOLS, false)
;

$password = $generator->generatePassword();

More Passwords Usage

If you want to generate 10 passwords that are 12 characters long.

use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;

$generator = new ComputerPasswordGenerator();

$generator
  ->setUppercase()
  ->setLowercase()
  ->setNumbers()
  ->setSymbols(false)
  ->setLength(12);

$password = $generator->generatePasswords(10);

Hybrid Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\HybridPasswordGenerator;

$generator = new HybridPasswordGenerator();

$generator
  ->setUppercase()
  ->setLowercase()
  ->setNumbers()
  ->setSymbols(false)
  ->setSegmentLength(3)
  ->setSegmentCount(4)
  ->setSegmentSeparator('-');

$password = $generator->generatePasswords(10);

If you can think of a better name for this password generator then let me know.

The segment separator will be remove from the possible characters.

Human Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\HumanPasswordGenerator;

$generator = new HumanPasswordGenerator();

$generator
  ->setWordList('/usr/share/dict/words')
  ->setWordCount(3)
  ->setWordSeparator('-');

$password = $generator->generatePasswords(10);

Requirement Password Generator Usage

use Hackzilla\PasswordGenerator\Generator\RequirementPasswordGenerator;

$generator = new RequirementPasswordGenerator();

$generator
  ->setLength(16)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_SYMBOLS, true)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 2)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 2)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 8)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 8)
;

$password = $generator->generatePassword();

A limit can be removed by passing null

$generator
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, null)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, null)
;

When setting the minimum and maximum values, be careful of unachievable settings.

For example the following will end up in an infinite loop.

$generator
  ->setLength(4)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true)
  ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, false)
  ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 5)
  ->setMaximumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 1)
;

For the moment you can call $generator->validLimits() to test whether the counts will cause problems. If the method returns true, then you can proceed. If false, then generatePassword() will likely cause an infinite loop.

Example Implementations

Random Note

Since version 1.5.0, the library depends on the presence of random_int which is found in PHP 7.0+

Issues
  • Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest

    Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest

    Hello,

    as I have updated Composer to version 1.10.5 2020-04-10 11:44:22, I get the following warning now when I run the following command:

    composer self-update && composer install --no-dev && composer update --lock

    Deprecation Notice: Class Hackzilla\PasswordGenerator\Tests\RandomGenerator\HybridPasswordGeneratorTest 
    
    opened by tonix-tuft 7
  • Ability to set max length of HumanPasswordGenerator

    Ability to set max length of HumanPasswordGenerator

    You can set the number of words, but it would be nice if you could set the minimum length of the words, and the max length of the password.

    Or be able to set the max length of the password, and the minimum number of words in it.

    enhancement 
    opened by tomsommer 6
  • RequirementPasswordGenerator returns password with different length

    RequirementPasswordGenerator returns password with different length

    Hi! I have a problem with RequirementPasswordGenerator. It generates password with different length on production server with OPcache. I set length = 8, but it sometimes generates password with length 6, 2, etc.

    I couldn't find any reason why this happens. On dev environment everything works fine.

    Symfony: 3.3.9 PHP 7.1.14-1 with FPM

    public function generatePassword(): string
        {
            $this->passwordGenerator
                ->setLength(self::PASS_MIN_LENGTH) // must have a minimum of eight characters,
                ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true) // must be composed of numbers...
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_NUMBERS, 1) // ...at least one number...
                ->setOptionValue(RequirementPasswordGenerator::OPTION_SYMBOLS, true) // ...and special characters
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_SYMBOLS, 1)
                ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true) // at least one upper
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_UPPER_CASE, 1)
                ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true) // ...and one lower
                ->setMinimumCount(RequirementPasswordGenerator::OPTION_LOWER_CASE, 1);
    
           // I've written this code to generate pass with required length (FIX)
            do {
                $password = $this->passwordGenerator->generatePassword();
            } while (\strlen($password) !== self::PASS_MIN_LENGTH);
    
            return $password;
        }
    
    question 
    opened by adamsafr 5
  • Specify character list

    Specify character list

    I have a specific requirement where in I can only use certain special characters. Is there anyway to specify what ones will be used when generating a password?

    Another odd requirement is my first character must be alphanumeric, but I can do this after with substr.

    opened by poxin13 4
  • option to set amount of numbers/special characters etc.

    option to set amount of numbers/special characters etc.

    My password validation needs passwords which contain at least two numbers in the password. I'm using this code:

    $generator = new ComputerPasswordGenerator(); $generator ->setOptionValue(ComputerPasswordGenerator::OPTION_UPPER_CASE, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_LOWER_CASE, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_NUMBERS, true) ->setOptionValue(ComputerPasswordGenerator::OPTION_SYMBOLS, true) ->setLength(12); $password = $generator->generatePassword();

    Sometimes I get passwords with only one number. Is there an option to define how many of each character classes will be in the password?

    enhancement 
    opened by akorinek 4
  • Fix Requirement

    Fix Requirement

    Because: https://github.com/hackzilla/password-generator/blob/53c13507b5b9875a07618f1f2a7db95e5b8c0638/composer.json#L14

    opened by OskarStark 3
  • make the used random source configurable

    make the used random source configurable

    The most critical part of a password-generator is the source of randomness. The ComputerPasswordGenerator however uses mt_rand which "should not be used for cryptographic purposes" (PHP manual).

    Please consider to use a service for the randomness provider and make this service configurable. I'm afraid however that this would break backwards compatibility.

    enhancement 
    opened by ghost 2
  • Fix minor 'typo' in docu

    Fix minor 'typo' in docu

    Fix minor 'typo' in docu

    opened by elwin1234 2
  • PHP-CS-Fixer config (with StyleCI bridge)

    PHP-CS-Fixer config (with StyleCI bridge)

    Second commit contains fixed Coding Style.

    opened by soullivaneuh 2
  • Cannot set my own special symbols

    Cannot set my own special symbols

    Hi, I cannot add my own symbols, is it possible someway? I tried to defined own option and parameter to it $generator ->setLength(25) ->setOptionValue(RequirementPasswordGenerator::OPTION_UPPER_CASE, true) ->setOptionValue(RequirementPasswordGenerator::OPTION_LOWER_CASE, true) ->setOptionValue(RequirementPasswordGenerator::OPTION_NUMBERS, true) ->setOption($symbols, array('type' => Option::TYPE_BOOLEAN, 'default' => false)) ->setParameter($symbols, '[email protected]#$%^&*?_~-,.+') ->setOptionValue($symbols, true)

    but i allways get Hackzilla\PasswordGenerator\Exception\InvalidOptionException. Is there some way to defined it? I need to generate password with specifical symbols. Thanks

    opened by patrikvalentaa 1
  • no repeating digits or characters

    no repeating digits or characters

    Hi Is there anyway you can add a option to not repeat any digits or characters already used?

    thanks

    opened by TwinMist 4
  • Use random_compat to provide the default source of randomness

    Use random_compat to provide the default source of randomness

    Per #11, there is now a note about using a better source of randomness if possible, and a "PHP 7" generator which uses the crypto-safe random_int function.

    However, if you add a composer dependency for paragonie/random_compat, you can make random_int the default source on all the versions of PHP you support, and that library will automatically polyfill it with the best source available.

    enhancement 
    opened by IMSoP 1
  • How are you using the password generator?

    How are you using the password generator?

    How are you using this password generator library?

    Please comment below as I'm interested in finding out how I can make this better for everyone.

    question 
    opened by hackzilla 10
A library for generating and validating passwords

PHP-PasswordLib Build Status Version The current version is considered Beta. This means that it is ready enough to test and use, but beware that you s

Anthony Ferrara 372 Jul 7, 2021
GenPhrase is a secure passphrase generator for PHP applications.

About GenPhrase is a secure passphrase generator for PHP applications. GenPhrase is based on passwdqc's pwqgen program. See http://www.openwall.com/pa

timoh 94 Aug 29, 2021
Compatibility with the password_* functions that ship with PHP 5.5

password_compat This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5. See the RFC for more d

Anthony Ferrara 2.1k Sep 7, 2021
Realistic PHP password strength estimate library based on Zxcvbn JS

Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the the Javascript zxcvbn p

Ben Jeavons 654 Aug 29, 2021
Python implementation of the portable PHP password hashing framework

Portable PHP password hashing framework implemented in Python. This Python implementation meant to be an exact port of the the original PHP version.

Rez 46 Nov 25, 2019
A password policy enforcer for PHP and JavaScript

PasswordPolicy A tool for checking and creating password policies in PHP and JS. Installation Use composer to setup an autoloader php composer.phar in

Anthony Ferrara 71 Jul 3, 2021