PHPackages                             fusionspim/php-password-checker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. fusionspim/php-password-checker

AbandonedArchivedLibrary[Validation &amp; Sanitization](/categories/validation)

fusionspim/php-password-checker
===============================

Sense checks when a user picks a new password

5.0.1(3y ago)72.6k[1 issues](https://github.com/fusionspim/php-password-checker/issues)MITPHPPHP ^8.0

Since Mar 5Pushed 3y ago1 watchersCompare

[ Source](https://github.com/fusionspim/php-password-checker)[ Packagist](https://packagist.org/packages/fusionspim/php-password-checker)[ RSS](/packages/fusionspim-php-password-checker/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (10)Dependencies (3)Versions (16)Used By (0)

PHP Password Checker
====================

[](#php-password-checker)

Passwords must be at least 10 characters in length and not be commonly used - there's no means to override this.

Numeric *looking* passwords are rejected, to weed out obvious memorable dates and phone numbers.

All password checks are **case insensitive**.

```
$checker = new PasswordChecker;
$checker->validate('abc123'); // throws PasswordException (too short)
$checker->validate('password123'); // throws PasswordException (too common)
$checker->validate('123-456-7890'); // throws PasswordException (too numeric)
$checker->validate('31/12/1999'); // throws PasswordException (too numeric)
$checker->validate('we love php'); // returns true

```

That's it. Though you can add further (optional, but recommended) checks and restrictions.

### Password reuse

[](#password-reuse)

Prevent password reuse by storing previous password hashes in your application and passing them in:

```
$checker = new PasswordChecker;
$checker->setPreviousPasswords($arrayOfHashes); // generated from password_hash()
$checker->validate($userSuppliedPassword);

```

### Password confirmation

[](#password-confirmation)

If you ask users to confirm their new password, you can pass that in too - simply to have all checks handled consistently:

```
$checker = new PasswordChecker;
$checker->setConfirmation($userSuppliedConfirmation);
$checker->validate($userSuppliedPassword);

```

### User or application obvious

[](#user-or-application-obvious)

Provide a blacklist of words that are obvious in the context of the user/application. If they're **within** (i.e. not necessarily equal to) the user supplied password, validation will fail:

```
$checker = new PasswordChecker(['clem', 'fandango', 'MyAmazingApp']);
$checker->validate('myamazingapp'); // throws PasswordException
$checker->validate('myamazingapp123'); // throws PasswordException
$checker->validate('clemfandango'); // throws PasswordException
$checker->validate('fandango123'); // throws PasswordException

```

### Complexity requirements

[](#complexity-requirements)

Complexity requirements can be enabled to require user passwords to contain a lower case letter, upper case letter, number and special character.

This is disabled by default, since it [isn't a recommended approach](https://www.ncsc.gov.uk/collection/passwords/updating-your-approach).

```
$checker = new PasswordChecker;
$checker->setComplexityRequirements([
    PasswordChecker::REQUIRE_LOWERCASE,
    PasswordChecker::REQUIRE_UPPERCASE,
    PasswordChecker::REQUIRE_NUMBER,
    PasswordChecker::REQUIRE_SYMBOL
]);
$checker->validate('myamazingapp'); // throws PasswordException
$checker->validate('myamazingapp123'); // throws PasswordException
$checker->validate('myamazongpp123!'); // throws PasswordException
$checker->validate('Myamazingapp123!); // return true

```

###  Health Score

36

—

LowBetter than 82% of packages

Maintenance17

Infrequent updates — may be unmaintained

Popularity21

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity76

Established project with proven stability

 Bus Factor1

Top contributor holds 57.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~114 days

Recently: every ~104 days

Total

15

Last Release

1386d ago

Major Versions

1.0.0 → 2.0.02018-03-07

2.0.3 → 3.0.02020-03-24

3.1.0 → 4.0.02021-03-09

4.1.1 → 5.0.02021-12-21

PHP version history (6 changes)1.0.0PHP ^7.1

2.0.1PHP ^7.2

3.0.0PHP ^7.3

3.1.0PHP &gt;=7.4

4.1.0PHP ^7.4 || ^8.0

5.0.0PHP ^8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/f78af2dd4348815b22f074885277e2be60bc70f8d2505a466aeaedb972b21132?d=identicon)[weshooper](/maintainers/weshooper)

![](https://www.gravatar.com/avatar/cac532f14dce84f0bb5cfadf79109d9fa9428b6b78af15c1f05d3476bbaf6241?d=identicon)[ziadoz](/maintainers/ziadoz)

![](https://www.gravatar.com/avatar/d071e60022bd5137d78c3940a7bbe4920b58db384c149ad519ad0983ef4774b1?d=identicon)[maxakropolis](/maintainers/maxakropolis)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (78 commits)")[![weshooper](https://avatars.githubusercontent.com/u/2248206?v=4)](https://github.com/weshooper "weshooper (43 commits)")[![ziadoz](https://avatars.githubusercontent.com/u/645637?v=4)](https://github.com/ziadoz "ziadoz (5 commits)")[![liamkeily](https://avatars.githubusercontent.com/u/2040842?v=4)](https://github.com/liamkeily "liamkeily (4 commits)")[![maxakropolis](https://avatars.githubusercontent.com/u/10739767?v=4)](https://github.com/maxakropolis "maxakropolis (4 commits)")[![WillJW](https://avatars.githubusercontent.com/u/1878977?v=4)](https://github.com/WillJW "WillJW (1 commits)")

---

Tags

validationpassword

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/fusionspim-php-password-checker/health.svg)

```
[![Health](https://phpackages.com/badges/fusionspim-php-password-checker/health.svg)](https://phpackages.com/packages/fusionspim-php-password-checker)
```

###  Alternatives

[composer/semver

Version comparison library that offers utilities, version constraint parsing and validation.

3.3k489.6M672](/packages/composer-semver)[giggsey/libphonenumber-for-php

A library for parsing, formatting, storing and validating international phone numbers, a PHP Port of Google's libphonenumber.

5.0k148.7M416](/packages/giggsey-libphonenumber-for-php)[respect/validation

The most awesome validation engine ever created for PHP

5.9k37.4M383](/packages/respect-validation)[propaganistas/laravel-phone

Adds phone number functionality to Laravel based on Google's libphonenumber API.

3.0k35.7M107](/packages/propaganistas-laravel-phone)[opis/json-schema

Json Schema Validator for PHP

64236.9M186](/packages/opis-json-schema)[schuppo/password-strength

This package provides a validator for ensuring strong passwords in Laravel 4 applications.

1432.7M1](/packages/schuppo-password-strength)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)