A simple yet powerful PHP-based password generator that creates secure and customizable passwords based on user-defined criteria.
- Overview
- Tech Stack
- Features
- Project Structure
- How It Works
- Security Considerations
- Requirements
- Installation
- Author
- License
- Future Improvements
PHP Strong Password Generator allows users to generate secure and fully customizable passwords directly from a web interface.
Users can define:
- Desired password length
- Inclusion of uppercase letters
- Inclusion of numbers
- Inclusion of special characters
Passwords are generated using a custom algorithm and displayed on a dedicated results page for a clean user experience.
This project was built as an educational exercise to practice PHP logic separation, session handling, and UI integration.
- Language: PHP 8.1+
- Frontend: HTML5, CSS3
- Server: PHP Built-in / Apache
- Data handling: PHP Sessions
✅ Generates passwords with customizable options
✅ Uses a Fisher–Yates shuffle algorithm for extra randomness
✅ Modular structure (functions.php, index.php, result.php)
✅ Securely stores data in session
✅ Lightweight, dependency-free PHP project
php-strong-password-generator/
├── js (JavaScript files folder)
├── screenshots (README screenshots folder)
├── README.md (Project documentation)
├── functions.php (Contains the password generation logic)
├── index.php (Main page with password generation form)
├── result.php (Displays the generated password)
└── style.css (File for styling the webapp)
- The user selects password length and optional character sets.
- The data is sent via GET to the backend.
// index.php
// Stores user's password length request
$userChosenLength = $_GET['pwLength'] ?? null;
// Converting the string into a number
if($userChosenLength != null){
$pwLength = intval($userChosenLength);
}
// Storing user preferences
$pwGotUpperCase = $_GET['upper'] ?? '';
$pwGotNumbers = $_GET['num'] ?? '';
$pwGotSpecial = $_GET['special'] ?? '';-
passwordGeneratorprocesses the request and generates the password:- Always includes lowercase letters.
- Optionally includes uppercase letters, numbers, and/or special characters.
- Randomizes the result using the Fisher–Yates algorithm.
-
The generated password is stored in a PHP session.
// index.php
// When the preferences are set
if (isset($userChosenLength) && $pwLength >= 8 && $pwLength <= 24) {
// Stores the generated password after passing the requests
$pw = passwordGenerator( $pwLength, $pwGotUpperCase, $pwGotNumbers, $pwGotSpecial );
// Password is sent to the result page
$_SESSION['pwd'] = $pw;
// User is redirected
header('Location: ./result.php');
exit;
}- The user is redirected to
result.phpto view the password.
- The user can generate a new password, and can copy the generated one for easier use.
- The password generation happens entirely on the server, ensuring no client-side exposure.
- Passwords are not logged or stored permanently — only kept in session during runtime.
- For production-grade implementations, consider adding:
- HTTPS enforcement
- CSRF protection on form submission
- Rate limiting for API endpoints
PHP 8.1+
Local server (e.g., XAMPP, MAMP, Laragon, or PHP built-in server)
- Clone the repository:
git clone https://github.com/coluccifrancesco/php-strong-password-generator.git
- Move into the project folder:
cd php-strong-password-generator
- Run a local PHP server:
php -S localhost:8000
- Open your browser and visit:
http://localhost:8000
Francesco Colucci
📍 Italy
💼 GitHub Profile
👨🏻💼 LinkedIn Profile
🖋️ Student & Web Developer passionate about PHP, security, and clean UI design.
This project is released under the MIT License. You are free to use, modify, and distribute it, provided the original author is credited.
-
Password strength indicator (frontend) 💪🏻
-
Implement API endpoint for external password requests 💻
-
Add dark/light theme toggle 🌗
-
Docker container for local development 🐋