Leaderboard

I don't care. If they can't remember their passwords then it's their fault. It's not your job to give them easy to remember passwords. Anything that suggests using MD5 for passwords is bad and you should never, ever look at again. Aren't you going to tell the students their passwords? I don't care how "sensitive" you think this is. A password is a password and there is no excuse for doing it wrong.

As these are not registration keys AND they still have to be validated, you can simply generate a string of random numbers and characters, perhaps with some dashes between them. Here is a simple routine that will spit out strings in the format of xxxx-xxxx-xxxx, with 256^6 combinations (281 trillion+) combinations. function generateRandomCode() { return substr(chunk_split(bin2hex(random_bytes(6)), 4, '-'), 0, -1); } Very low chance you will generate duplicate codes, but you still want your DB to have a unique index on gift_code, and recover should you try and insert a duplicate. Anything like this would work, as again these are not registration codes, are unique, and would be linked to a particular user.