Is it really not possible to write a php cli password prompt that hides the password in windows?

Question

I have spent several hours trying to find a means of writing a cross platform password prompt in php that hides the password that is input by the user. While this is easily accomplished in Unix environments through the use of stty -echo, I have tried various means of passthru() and system() calls to make windows do the same thing to no avail.

I have tried:

passthru('set /p pass=Password: ');
system('echo %pass% > out.txt');
$pass = file_get_contents('out.txt', 'r');

This seems to hang on the passthru('set /p pass=Password: '); line without allowing me to input any text and must be killed with a Ctrl-c.

I have also tried various methods of fgetc and fgets and printing backspace characters to hide the input since this works in other languages. However, PHP does not appear to be able to interact with text prior to a carriage return.

I would really like to find a way to make this work, is this an impossible task or is this something that can be done?

Note that I am aware that I could wrap the php script in a batch file and pass the password as a command line argument, but that doesn't work for me in this case.

Answer 1

There doesn't seem to be an IOCTL or STTY extension for PHP. I found the following trick here:

<?php
echo 'Password: ';
$pwd = preg_replace('/\r?\n$/', '', `stty -echo; head -n1 ; stty echo`);
echo "\n";
echo "Your password was: {$pwd}.\n";
?>

Answer 2

I think you cannot do that in PHP with the standard library but you can do better :

Catch the first letter, then display a *. Catch the second one, then display two *...

Ergonomically, this is handy because the user can see what he have entered. Security is not at risk because if somebody can see the password one letter by one letter, he can see the guy typing it on the keyboard anyway. But it still prevent somebody from seeing it by accident in one time.

Answer 3

Here's a Windows solution, using the COM extension for PHP. I tested this on Windows XP with PHP 5.2.6.

<?php

$pwObj = new Com('ScriptPW.Password');

print "Password: ";
$passwd = $pwObj->getPassword();

echo "Your password is $passwd\n";

?>