form_password()
function form_password(string $name, ?string $value = null, array $attributes = []): string
Description
Generates an HTML password input field with type="password". This input type obscures entered text with dots or asterisks for secure password entry.
Parameters
| Parameter | Type | Description |
|---|---|---|
| $name | string | The name attribute for the password input element. |
| $value | string|null | (optional) The initial value for the password field. Typically empty for security. |
| $attributes | array | (optional) HTML attributes for the password input element. Defaults to an empty array ([]). |
Return Value
| Type | Description |
|---|---|
| string | An HTML password input element with type="password". |
Example #1: Basic Password Input
PHP
echo form_password('password');
// Output:
// <input type="password" name="password">Example #2: Password Input with Common Attributes
PHP
$attributes = [
'placeholder' => 'Enter your password',
'required' => 'required',
'minlength' => '8',
'maxlength' => '32'
];
echo form_password('user_password', '', $attributes);
// Output:
// <input type="password" name="user_password" placeholder="Enter your password" required="required" minlength="8" maxlength="32">Example #3: Password Input with ID and Class
PHP
$attributes = [
'id' => 'login-password',
'class' => 'form-control',
'autocomplete' => 'current-password'
];
echo form_password('login_pass', '', $attributes);
// Output:
// <input type="password" name="login_pass" id="login-password" class="form-control" autocomplete="current-password">Example #4: Complete Login Form Example
View File
<?php
echo form_open('users/login');
echo form_label('Username');
echo form_input('username', '');
echo form_label('Password');
echo form_password('password', '', ['required' => 'required']);
echo form_submit('submit', 'Login');
echo form_close();
?>
<!-- Output includes: -->
<!-- <input type="password" name="password" required="required"> -->- Password fields automatically obscure entered characters for security.
- Use
minlengthandmaxlengthattributes to enforce password length requirements. - For better UX, consider adding a "show password" toggle using JavaScript (not included in Trongate).
- Use
autocomplete="current-password"for login forms andautocomplete="new-password"for registration forms. - Password values in forms are not pre-populated for security reasons - the $value parameter is rarely used.
- Always validate password strength server-side in addition to client-side length checks.
- Never store plain text passwords - always use PHP's
password_hash()andpassword_verify()functions.
Common Issues
When working with password inputs:
- Browsers may offer to save passwords - this can be disabled with
autocomplete="off"but is not recommended for login forms. - Password fields don't show the actual characters typed, making typos harder to catch.
- Always pair password inputs with a confirmation field for user registration forms.
- Some password managers may have difficulty with custom JavaScript password toggles.
- Remember that client-side validation (minlength, pattern) can be bypassed - always validate server-side.