I'm writing a php script that uses MySQL, I have 2 logins for the script, and everything actually works very well (I think it's pretty good for the first time I've ever tryied to program in php and Mysql). However, I will be using the script when I'm out and about and I want to hide the asterisk when typing in the password (just like when you login to a bash shell). I'm told that by doing this if the computer I'm on uses a password manager it will not be able to grab the password.

Incase it's needed, I'm running Slackware 9.1, PHP 4.3.3, Apache 1.3.28, and Mysql 4.0.15a.

I hope I worded everything alright. And I'm not even sure if that can be done. Here is a paste of my login.php

<html><head><title>Login</title></head><body>
<?php
if (isset($_POST['submit'])) {
require_once ('mysql_connect.php');
function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}
$message = NULL;
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter in your password!</p>';
} else {
$p = escape_data($_POST['password']);
}
if ($u && $p) {
$query = "SELECT username, password FROM user WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
session_start();
$_SESSION['username'] = $row[0];
ini_set ('session.gc_maxlifetime', 60);
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
echo "ok";
exit();
} else {
$message .= '<p>The username and password entered do not match those on file.</p>';
echo $row[0];
}
mysql_close();
} else {
$message .= '<p>Please try again.</p>';
}
}
$page_title = 'Login';
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type='text' name="username" size="20" maxlength="20" value="" /></p>
// Right here is where I have the password field.
// I know all about not storing db passwords in plain text, that will be fixed
// soon
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset></form>
<?php
require_once ('mysql_connect.php');
?>
</body></html>

Any help will be greatly appreciated.

I thought hiding the input stuff was a HTML Form thing?
<input type=password>

Architect is right. Of course, sending it over the wire it will be plain text, unless you are using https

I realize that things will be sent at pure text when the page is not encrypted. I just don't want a password manager to snatch up my pw. I did find a way to do it with javascript where the javascript will ast as a kind of keylogger so when you type and not in any fields it will save everything to a variable, then that variable is subbmitted in my $_POST[array] to the db and the connection and authentication is made.

Any reason you're against password managers?
They ask the user if they want to save the passwords before saving, so it shouldnt be much of an issue.