If you operate a user registration script on your website you may want to ensure users are protected. There are certain aspects of this you cannot control such as the user's self selected password. Here I have a script that will detect the user's password strength and base on that you could reject the password or just make notice to the user their password's strength.
Basically we're checking against a few things here and we give a rating to each criteria and then add up the final score to see where they rank. Here is what we'll be checking against:
- Length – 10 Points
- Lower Case Characters – 20 Points
- Upper Case Characters – 20 Points
- Numbers – 20 Points
- Special Characters – 30 Points
The points are given based on how much value they may add to the password. Enough talking I present you the function:
//Strength Scoring
$pass_score = 0;
$pass_len = FALSE;
$pass_lc = FALSE;
$pass_uc = FALSE;
$pass_num = FALSE;
$pass_weird = FALSE;
//Pad
$password = 0 . $password;
//Check Length
if (strlen($password)>6) $pass_len = TRUE;
//Check Lowercase Characters
for ($i = 97; $i <=122; $i++) {
if (@strpos($password, chr($i))) $pass_lc = TRUE;
}
//Check Uppercase Characters
for ($i = 65; $i <=90; $i++) {
if (@strpos($password, chr($i))) $pass_uc = TRUE;
}
//Check Numbers
for ($i = 48; $i <=57; $i++) {
if (@strpos($password, chr($i))) $pass_num = TRUE;
}
//Check Weird Characters
for ($i = 33; $i <=126; $i++) {
//Excempt
if (($i>47 && $i<58) || ($i>64 && $i<91) || ($i>96 && $i<123)) {
//Null
} else {
if (@strpos($password, chr($i))) $pass_weird = TRUE;
}
}
//Points
if ($pass_len) $pass_score = $pass_score + 10;
if ($pass_lc) $pass_score = $pass_score + 20;
if ($pass_uc) $pass_score = $pass_score + 20;
if ($pass_num) $pass_score = $pass_score + 20;
if ($pass_weird) $pass_score = $pass_score + 30;
//Displaying
if ($display) {
echo '<div style="width: 210px; height: 15px; border: 1px solid #919191; padding: 1px; font-size: 9px; color: #FFFFFF; font-family: Arial;">';
if ($pass_score <= 40) echo '<div style="width: 65px; height: 13px; background: #910e0e; padding: 2px 0 0 5px;">WEAK</div>';
if ($pass_score > 40 && $pass_score < 70) echo '<div style="width: 135px; height: 13px; background: #ceb827; padding: 2px 0 0 5px;">AVERAGE</div>';
if ($pass_score >= 71) echo '<div style="width: 205px; height: 13px; background: #3ca01a; padding: 2px 0 0 5px;">STRONG</div>';
echo '</div>
';
}
return $pass_score;
}
The script itself has a built in display bar which will visuallize how strong or weak the password maybe which could turn off. Here's an example of calling the script:
//Showing the Password Strength with Visual Bar
password_strength($password);
//Not Showing anything at all but storing strength as a variable
$strength = password_strength($password, FALSE);
Share It
Tags: PHP Script, Security
Thanks a lot for this, I'd tried out several scripts but this script was perfect for my needs, thanks.