All geek questions in one place

Sanitize PHP password string

I have a PHP page that allows people to run htpasswd to update their password. What is the best way to disinfect them. I do not want to severely restrict entry, because I want to allow the use of secure passwords. This is what I have. How can this be improved?

$newPasswd = preg_replace('/[^a-z0-9~!()_+=[]{}<>.\\\/?:@#$%^&*]/is', '', $inputPasswd);
$cmdline = $htpasswd . " " . $passwd_file . " " . escapeshellarg($username) . " " .escapeshellarg($newpasswd);
exec( $cmdline, $output, $return_var );
+3
source share
2 answers

The ecscapeshellarg function is built into PHP and is distinguished by a shell-based system for disinfecting text, so that no "unsafe" characters can be passed to exec.

http://us2.php.net/manual/en/function.escapeshellarg.php

+8
source

preg_replace " ", , -, - . - , ... , , ( ) .

, , . , , , . , , .

+1

Source: https://habr.com/ru/post/1710334/

More articles:


All Articles