PHP Random String



  • Found this while looking for some sample code:

    Genius! It's about 115 lines of code (more if you count the "numbers only" variant) to generate arbitrary length, random strings in PHP.

    To contrast, I dug out a function I wrote a few years back to do the same, which was 6 lines, and only that because I wrote it off the cuff and I tend to be verbose anyway. Crikey



  • These are two functions that you can use to assign random strings of any length. You can use these for session IDs, tracking IDs...

    I'm scared of the developer who builds software complex enough to demand custom-built session IDs but who is stupid enough to include a module like this...



  • I am scared of people finding that useful, then proceeding to the copypasta.



  •  iFUBAR indeed.



  • how about:

    $pass = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890'), 0, 16);



  • @Exteris said:

    how about: $pass = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890'), 0, 16);
    Nice... I used to do something similiar to generate such "password" strings:
    bash$ echo '<?php $passlen = 16; echo substr(base64_encode(md5(uniqid(rand()))),rand(0,43-$passlen),$passlen) ?>' | php



  • @Exteris said:

    how about:

    $pass = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890'), 0, 16);

    IIRC, str_shuffle uses the usual 32-bit random number generator, and hence only generates enough randomness for strings up to about 20 characters in length.

    Don't use str_shuffle. It's another one of those PHP functions.



  • @random_garbage said:

    @Exteris said:

    how about: $pass = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890'), 0, 16);
    Nice... I used to do something similiar to generate such "password" strings:
    bash$ echo '<?php $passlen = 16; echo substr(base64_encode(md5(uniqid(rand()))),rand(0,43-$passlen),$passlen) ?>' | php

     

    Neither of these are proper random string functions.  Even ignoring the problems asuffield noted with str_shuffle, the first guarantees no characters are repeated, which reduces the number of possible strings from 62^16 to 62! / 46!

     

    The second function is using an md5 which outputs a hex string.  Base64 uses 4 characters to represent 3 ASCII bytes, which means you are only using the first 12 hex digits returned by md5.  This reduces the number of possible strings from 64^16 to 16^12.



  • Considering that the site in question is named "I Fuck Up Beyond All Recognition", I am not surprised.



  • @Exteris said:

    how about:

    $pass = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890'), 0, 16);

    Ooh, I never thought of doing it that way :D

    I'd probably do something like:

    <?php
    $chars 
    array_merge(range('a''z'), range('A''Z'), range(09));
    $len 16;
    $output '';

    for (
    $x 0$x $len$x++)
        
    $output .= $chars[array_rand($chars)];

    echo 
    $output;
    ?>

Log in to reply