CLI PHP - mask input?

[jet042]

I have the following code that is part of a CLI script. As you can see from the comment, I don't know what to change so that when the user types in the database password the screen either doesn't display anything or masks the input with another character.

[COLOR=green]// Check if database password flag was set but a password was not provided.  If
// so, prompt for it and grab from STDIN.  The input needs to either be masked
// or not echo to the command line in the first place. Not sure how to do that.[/color]
[b]if[/b] (isset($db_pass) && $db_pass == [COLOR=orange]"\0"[/color]) {
  $line = [COLOR=orange]""[/color];
  [b]while[/b] ($line == [COLOR=orange]""[/color]) {
    echo [COLOR=orange]"Enter database password for user $db_user: "[/color];
    $line = trim(fgets(STDIN));
  }
  $db_pass = $line;
}

Does anyone have a good idea? I'm running on Windows currently, but I'd like to make it as platform independent as possible. I've already tried using exec() and system() to send the 'ECHO OFF' command, but no dice.

 

[jet042]

It's so lame to bump my own thread, but I really need some help on this. I've found Java examples that read a single character from STDIN and then echo the backspace control character, but that didn't work for me either. Am I missing something obvious?

 

[jpadie]

just an idea but could you do this? i've not tested it.

#!/usr/bin/php
<php
// Check if database password flag was set but a password was not provided.  If
// so, prompt for it and grab from STDIN.  The input needs to either be masked
// or not echo to the command line in the first place. Not sure how to do that.
if (isset($db_pass) && $db_pass == "\0") {
  $line = "";
  [red]`stty -echo`;[/red] //turn echo off
  while ($line == "") {
    echo "Enter database password for user $db_user: ";
    $line = trim(fgets(STDIN));
  }
  [red]`stty echo`;[/red] //turn back on
  $db_pass = $line;
}
?>

 

[jpadie]

yup, have tested it and it does seem to work.

but your logic may be wrong. i'd guess you'd want to check for empty($db_pass) rather than isset. as in your code the password would need to be \0 and the variable would need to be set before the script would prompt the user to enter the password.

this is the code i used in the end

#!/usr/bin/php
<?php
// Check if database password flag was set but a password was not provided.  If
// so, prompt for it and grab from STDIN.  The input needs to either be masked
// or not echo to the command line in the first place. Not sure how to do that.
if (empty($db_pass)) {
  $line = "";
  `stty -echo`; //turn echo off
  while ($line == "") {
    echo "Enter database password for user $db_user: ";
    $line = trim(fgets(STDIN));
  }
  `stty echo`; //turn back on
  $db_pass = $line;
        echo $db_pass;
}
?>

 

[jet042]

I have to use isset() because I'm using the PEAR::Console_GetOpt package to read the command line input and it returns NULL if there is no value but it also returns NULL if the option wasn't even passed in the command line. I'm taking advantage of isset() not treating NULL and \0 as the same thing when I'm parsing the return from GetOpt into my variables.

I'm using CMD.exe on a Windows box, so stty won't work and it doesn't act like the ` operator can access the basic shell commands. Even sending cls doesn't do anything.

 

[jet042]

Here is my test code. I have the other program running, so I can't make changes to it and test them immediately so I just hacked together another routine for testing.

$pass = "";
$bkspc = sprintf("%c", 8);

while ($pass == "") {
  echo "Enter your password: ";
  do {
    $char = fgetc(STDIN);
    if ($char != "\r" && $char != "\n") {
      $pass .= $char;
    }
    echo $bkspc;
  } while ($char != "\r" && $char != "\n");
}

echo $pass;

 

[progman1010]

If you don't mind my asking, what's the purpose of this code? I'm curious...

 

[jet042]

The whole script creates an interface that connects to a port on a phone system (in this case, an InterTel Axxess one) and reads the event data from it. That data is then parsed and fed into a database. This particular part is in the configuration and setup section where the user starting the script enters the authentication information for the database connection.