PHP: How to generate a random, unique, alphanumeric string for use in a secret link?
How would it be possible to generate a random, unique string using numbers and letters for use in a verify link? Like when you create an account on a website, and it sends y
-
- Generate a random number using your favourite random-number generator
- Multiply and divide it to get a number matching the number of characters in your code alphabet
- Get the item at that index in your code alphabet.
- Repeat from 1) until you have the length you want
e.g (in pseudo code)
int myInt = random(0, numcharacters) char[] codealphabet = 'ABCDEF12345' char random = codealphabet[i] repeat until long enough讨论(0) -
I think this is the best method to use.
str_shuffle(md5(rand(0,100000)))讨论(0) -
function random_string($length = 8) { $alphabets = range('A','Z'); $numbers = range('0','9'); $additional_characters = array('_','='); $final_array = array_merge($alphabets,$numbers,$additional_characters); while($length--) { $key = array_rand($final_array); $password .= $final_array[$key]; } if (preg_match('/[A-Za-z0-9]/', $password)) { return $password; }else{ return random_string(); } }讨论(0) -
I believe the problem with all the existing ideas is that they are probably unique, but not definitely unique (as pointed out in Dariusz Walczak's reply to loletech). I have a solution that actually is unique. It requires that your script have some sort of memory. For me this is a SQL database. You could also simply write to a file somewhere. There are two implementations:
First method: have TWO fields rather than 1 that provide uniqueness. The first field is an ID number that is not random but is unique (The first ID is 1, the second 2...). If you are using SQL, just define the ID field with the AUTO_INCREMENT property. The second field is not unique but is random. This can be generated with any of the other techniques people have already mentioned. Scott's idea was good, but md5 is convenient and probably good enough for most purposes:
$random_token = md5($_SERVER['HTTP_USER_AGENT'] . time());Second method: Basically the same idea, but initially pick a maximum number of strings that will ever be generated. This could just be a really big number like a trillion. Then do the same thing, generate an ID, but zero pad it so that all IDs are the same number of digits. Then just concatenate the ID with the random string. It will be random enough for most purposes, but the ID section will ensure that it is also unique.
讨论(0) -
Object-oriented version of the most up-voted solution
I've created an object-oriented solution based on Scott's answer:
<?php namespace Utils; /** * Class RandomStringGenerator * @package Utils * * Solution taken from here: * http://stackoverflow.com/a/13733588/1056679 */ class RandomStringGenerator { /** @var string */ protected $alphabet; /** @var int */ protected $alphabetLength; /** * @param string $alphabet */ public function __construct($alphabet = '') { if ('' !== $alphabet) { $this->setAlphabet($alphabet); } else { $this->setAlphabet( implode(range('a', 'z')) . implode(range('A', 'Z')) . implode(range(0, 9)) ); } } /** * @param string $alphabet */ public function setAlphabet($alphabet) { $this->alphabet = $alphabet; $this->alphabetLength = strlen($alphabet); } /** * @param int $length * @return string */ public function generate($length) { $token = ''; for ($i = 0; $i < $length; $i++) { $randomKey = $this->getRandomInteger(0, $this->alphabetLength); $token .= $this->alphabet[$randomKey]; } return $token; } /** * @param int $min * @param int $max * @return int */ protected function getRandomInteger($min, $max) { $range = ($max - $min); if ($range < 0) { // Not so random... return $min; } $log = log($range, 2); // Length in bytes. $bytes = (int) ($log / 8) + 1; // Length in bits. $bits = (int) $log + 1; // Set all lower bits to 1. $filter = (int) (1 << $bits) - 1; do { $rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes))); // Discard irrelevant bits. $rnd = $rnd & $filter; } while ($rnd >= $range); return ($min + $rnd); } }
Usage
<?php use Utils\RandomStringGenerator; // Create new instance of generator class. $generator = new RandomStringGenerator; // Set token length. $tokenLength = 32; // Call method to generate random string. $token = $generator->generate($tokenLength);Custom alphabet
You can use custom alphabet if required. Just pass a string with supported chars to the constructor or setter:
<?php $customAlphabet = '0123456789ABCDEF'; // Set initial alphabet. $generator = new RandomStringGenerator($customAlphabet); // Change alphabet whenever needed. $generator->setAlphabet($customAlphabet);Here's the output samples
SRniGU2sRQb2K1ylXKnWwZr4HrtdRgrM q1sRUjNq1K9rG905aneFzyD5IcqD4dlC I0euIWffrURLKCCJZ5PQFcNUCto6cQfD AKwPJMEM5ytgJyJyGqoD5FQwxv82YvMr duoRF6gAawNOEQRICnOUNYmStWmOpEgS sdHUkEn4565AJoTtkc8EqJ6cC4MLEHUx eVywMdYXczuZmHaJ50nIVQjOidEVkVna baJGt7cdLDbIxMctLsEBWgAw5BByP5V0 iqT0B2obq3oerbeXkDVLjZrrLheW4d8f OUQYCny6tj2TYDlTuu1KsnUyaLkeObwa
I hope it will help someone. Cheers!
讨论(0) -
PHP 7 standard library provides the
random_bytes($length)function that generate cryptographically secure pseudo-random bytes.Example:
$bytes = random_bytes(20); var_dump(bin2hex($bytes));The above example will output something similar to:
string(40) "5fe69c95ed70a9869d9f9af7d8400a6673bb9ce9"More info: http://php.net/manual/en/function.random-bytes.php
PHP 5 (outdated)
I was just looking into how to solve this same problem, but I also want my function to create a token that can be used for password retrieval as well. This means that I need to limit the ability of the token to be guessed. Because uniqid is based on the time, and according to php.net "the return value is little different from microtime()",
uniqiddoes not meet the criteria. PHP recommends usingopenssl_random_pseudo_bytes()instead to generate cryptographically secure tokens.A quick, short and to the point answer is:
bin2hex(openssl_random_pseudo_bytes($bytes))which will generate a random string of alphanumeric characters of length = $bytes * 2. Unfortunately this only has an alphabet of
[a-f][0-9], but it works.
Below is the strongest function I could make that satisfies the criteria (This is an implemented version of Erik's answer).function crypto_rand_secure($min, $max) { $range = $max - $min; if ($range < 1) return $min; // not so random... $log = ceil(log($range, 2)); $bytes = (int) ($log / 8) + 1; // length in bytes $bits = (int) $log + 1; // length in bits $filter = (int) (1 << $bits) - 1; // set all lower bits to 1 do { $rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes))); $rnd = $rnd & $filter; // discard irrelevant bits } while ($rnd > $range); return $min + $rnd; } function getToken($length) { $token = ""; $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $codeAlphabet.= "abcdefghijklmnopqrstuvwxyz"; $codeAlphabet.= "0123456789"; $max = strlen($codeAlphabet); // edited for ($i=0; $i < $length; $i++) { $token .= $codeAlphabet[crypto_rand_secure(0, $max-1)]; } return $token; }crypto_rand_secure($min, $max)works as a drop in replacement forrand()ormt_rand. It uses openssl_random_pseudo_bytes to help create a random number between $min and $max.getToken($length)creates an alphabet to use within the token and then creates a string of length$length.Source: http://us1.php.net/manual/en/function.openssl-random-pseudo-bytes.php#104322
讨论(0)
加载中...
- 热议问题