Jump to content

PHP: echo variable as stars '****'


Go to solution Solved by trq,

Recommended Posts

  • Solution

Passwords are stored (or at least should be) as a hash, so there is no way of knowing how long the original password is. Are you planning an storing the length of the unhashed password somewhere? Then you could just use:

 

 

echo str_repeat("*", $passlength);

What's the point in even having a line that says "Current Password: **********" anyways?  What function does that possibly serve anyone? The only "useful" thing that's related is when password change forms require you to ENTER your current password, in addition to the new one, as final verification.  Simply displaying a line of text with stars is pointless and IMO kinda dumb. 

Thanks trq.

 

 

.josh, This is a forums. Im here to ask questions, you don't have to be a grumpy fuck. Doesn't matter what its for.

 

Yep, this is a forums, and you are here to ask questions.  And you did get an answer.  However, I'm free to point out when something isn't a "best practice" or generally not a good idea, or just plain stupid.   It's like if my kid were to ask me what's the best way to make a homemade parachute to jump out of a tree.  I could tell him which sheet to use and how to tie the rope around the corners..or I could tell him that jumping out of a tree with a homemade parachute is damn stupid.  

 

We aren't here to just blindly answer questions.  We're here to try and help people become better programmers. Sometimes becoming a better programmer is recognizing that there are better ways to do what you are doing, or accepting that what you are doing doesn't make sense or is just stupid.  Instead of acting like a 2 year old stomping your feet, swallow your pride and listen to advice given, and you just might learn something. 

FWIW: Displaying any information about a password - even it's length is a bad practice. You should not provide any information about a user's password. A malicious user could use that information to narrow the possibilities of passwords to try. And, as stated above, it provides no value to the user.

 

Plus, if I was ever to see that on an application, my first reaction would be to assume they are not hashing my password and would be a huge red flag. That would never pass a security audit.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.