downloads | documentation | faq | getting help | mailing lists | reporting bugs | sites | links | my 
search for in the  
view the version of this page
Last updated: Thu, 21 Aug 2003

XI. Crack functions


These functions allow you to use the CrackLib library to test the 'strength' of a password. The 'strength' of a password is tested by that checks length, use of upper and lower case and checked against the specified CrackLib dictionary. CrackLib will also give helpful diagnostic messages that will help 'strengthen' the password.


More information regarding CrackLib along with the library can be found at


In order to use these functions, you must compile PHP with Crack support by using the --with-crack[=DIR] option.

Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

Table 1. Crack configuration options

For further details and definition of the PHP_INI_* constants see ini_set().

Resource Types

This extension has no resource types defined.

Predefined Constants

This extension has no constants defined.


This example shows how to open a CrackLib dictionary, test a given password, retrieve any diagnostic messages, and close the dictionary.

Example 1. CrackLib example

// Open CrackLib Dictionary
$dictionary = crack_opendict('/usr/local/lib/pw_dict')
     or die('Unable to open CrackLib dictionary');

// Perform password check
$check = crack_check($dictionary, 'gx9A2s0x');

// Retrieve messages
$diag = crack_getlastmessage();
echo $diag; // 'strong password'

// Close dictionary

Note: If crack_check() returns TRUE, crack_getlastmessage() will return 'strong password'.

Table of Contents
crack_check -- Performs an obscure check with the given password
crack_closedict -- Closes an open CrackLib dictionary
crack_getlastmessage -- Returns the message from the last obscure check
crack_opendict -- Opens a new CrackLib dictionary

add a note add a note User Contributed Notes
Crack functions
14-May-2002 06:36
Following the source of Cracklib 2.7 possible return strings are:
- it is based on a dictionary word
- it is based on a (reversed) dictionary word
- it's WAY too short
- it is too short
- it does not contain enough DIFFERENT characters
- it is all whitespace
- it is too simplistic/systematic
- it looks like a National Insurance number
It may be useful for example in localization of your scripts...
clay at killersoft dot com
06-Apr-2002 01:01
If you set a "crack.default_dictionary" value in your php.ini file, you don't need to call the "crack_opendict" and "crack_closedict" functions.

Example php.ini entry:

crack.default_dictionary = "/usr/local/lib/pw_dict"

Enables this:

// Perform password check
$check crack_check('Twawt-Alv2');

// Retrieve messages
$diag crack_getlastmessage();
$diag// 'strong password'

Check out validateEmail.php 2.0

 Last updated: Thu, 21 Aug 2003
show source | credits | sitemap | mirror sites 
Copyright © 2001-2003 The PHP Group
All rights reserved.
This mirror generously provided by:
Last updated: Sat 01 Nov 2003 04:13:36 EST EST