1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to display user password as asterisk (*)

Discussion in 'PHP' started by ketting00, Jul 4, 2011.

  1. #1
    Hi,

    I've a user logged in area and want them to view their account information in the settings.php.
    However, how do I display the user's password as asterisk (*) e.g. Your Password: ******* like on facebook.com setting area so they can change or manage it.

    Thanks
    SEMrush
     
    ketting00, Jul 4, 2011 IP
    SEMrush
  2. dazst

    dazst Active Member

    Messages:
    115
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    78
    #2
    HTML:
    <input type=password>

    or

    PHP:
    $hidden_password = preg_replace("|.|","*",$real_password);
     
    dazst, Jul 4, 2011 IP
  3. ketting00

    ketting00 Well-Known Member

    Messages:
    754
    Likes Received:
    27
    Best Answers:
    3
    Trophy Points:
    128
    #3
    Thanks the preg_replace("|.|","*",$real_password); works perfectly.
     
    ketting00, Jul 4, 2011 IP
  4. subdivisions

    subdivisions Well-Known Member

    Messages:
    1,021
    Likes Received:
    40
    Best Answers:
    1
    Trophy Points:
    145
    #4
    For the record, it's bad to store the plain text password in your database. You should be hashing it.

    If you really want to show the right number of asterisks, you could create a column that stores how long the user's password is :p
     
    subdivisions, Jul 5, 2011 IP
  5. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #5
    Agreed on the above. There's no reason you should ever store passwords in plain text. There's no reason a person needs to see their existing password. Use a function to reset the password if they forget it or need to change it. Store passwords using MD5 or SHA1 and a unique salt.
     
    jestep, Jul 5, 2011 IP
  6. Kyosys

    Kyosys Peon

    Messages:
    226
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Kyosys, Jul 7, 2011 IP
  7. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #7
    SHA-1 is currently the NIST / DOD standard. It's a very fast hashing mechanism. The only faster are MD5 and lesser hashes. There's no reason to use a more complex method for hashing something as small and simple as a password.
     
    jestep, Jul 7, 2011 IP
  8. Kyosys

    Kyosys Peon

    Messages:
    226
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #8
    the faster the algorithm the easier to crack, think about it. Using MD5 for hashing your passwords is basically like not hashing them at all these days anyways
     
    Kyosys, Jul 7, 2011 IP
  9. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #9
    If you use a salt, MD5 is still effectively unbeatable. Without knowing the salt, there's no way to utilize a rainbow table. Even if you accidentally found a known hash, the original value still wont work, because it will be salted before being hashed. This is why adding a salt to all hashed functions is necessary. SHA-1 just decreases the likelihood of having a hash collision by increasing the output bits from 128 to 160. There are hashes that don't have collisions, but if it's good enough for current DOD usage, there's no reason to reinvent the wheel.
     
    jestep, Jul 7, 2011 IP
  10. elixiusx

    elixiusx Peon

    Messages:
    65
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    0
    #10
    You can use something like MD5( SHA1( 'password' ) ).
     
    elixiusx, Jul 7, 2011 IP
  11. Kyosys

    Kyosys Peon

    Messages:
    226
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #11
    That's not what security is.

    And yes, by all means I agree about salts.
     
    Kyosys, Jul 8, 2011 IP