Command Line Password Prompt in PHP

Found on sitepoint.

function prompt_silent($prompt = "Enter Password:") {  if (preg_match('/^win/i', PHP_OS)) {    $vbscript = sys_get_temp_dir() . 'prompt_password.vbs';    file_put_contents(      $vbscript, 'wscript.echo(InputBox("'      . addslashes($prompt)      . '", "", "password here"))');    $command = "cscript //nologo " . escapeshellarg($vbscript);    $password = rtrim(shell_exec($command));    unlink($vbscript);    return $password;  } else {    $command = "/usr/bin/env bash -c 'echo OK'";    if (rtrim(shell_exec($command)) !== 'OK') {      trigger_error("Can't invoke bash");      return;    }    $command = "/usr/bin/env bash -c 'read -s -p \""      . addslashes($prompt)      . "\" mypassword && echo \$mypassword'";    $password = rtrim(shell_exec($command));    echo "\n";    return $password;  }}

Depending on your environment (i.e., not on Windows), you can use the ncurses library (specifically, the ncurses_noecho() function to stop keyboard echo and ncurses_getch() to read the input) to get the password without displaying it on screen.

You can use my hiddeninput.exe file to get real hidden input without leaking the information anywhere on screen.

<?phpecho 'Enter password: ';$password = exec('hiddeninput.exe');echo PHP_EOL;echo 'Password was: ' . $password . PHP_EOL;

If you remove the last echo, the password should never show up, but you can use that for validation obvoiusly.