User ID reference - not a typical scenario

[richrock]

I'm constructing a registration process that will do the following :

 

Take all the relevant personal details of a user.  Then I need to assign a 5 (or 6) digit code to that user.  This is only displayed instead of their personal details, unless you are a privileged user.

 

This number is not used to log in, or for any other process at all.  It's just a random number which is displayed instead of things like Name, Address, etc.

 

I've got a database with all those fields and added a unique_num as this number.  This number needs to be generated, and preferably semi random (or even fully random), but I can't have duplicates, as the other users need to request to see the details of user number #676548.

 

Any ideas?  I've looked at rand(), and although thats a great step, I have no control if the number exists.  This is a background operation, and I don't want registrants having to refresh the form due to a potential 'User Number Exists' kind of error.

 

I've got no code really, as I want this to plug in to a registration form, and it's not dependent on anything else except when it writes to the DB.

 

Rich

[discomatt]

Why not use an auto increment column?

[richrock]

I did think of that, but I thought that having a random number would reduce the chances of 'guessing' - the other thing I should have asked is -

 

If I go the random option, how can I check that a number already exists?

 

If I do auto-increment - can I have 2 auto-increments in a table?  Sorry if that's a little n00b - but I've only ever seen 1 auto inc in tables.

 

Rich

[discomatt]

Why would you ever need 2? And security through obscurity is a bad practice, imo. If you don't want a user to view the page, build a user authentication system, and deny all others access.

 

And verifying a random number is unique can be done in 2 ways... You can generate the number and query the DB for it and see if it exists, if it does, generate a new number and repeat. Or you can simply attempt to insert the number to a unique column. If the query returns an error, the id probably already exists in the table... generate a new number, repeat.

[richrock]

Guess that told me! 

 

I wasn't trying to do anything by security through obscurity.  I just wanted people not to figure out that the numbers could be sequential.

 

It's not used for authentication in any way, just a 'mask' I guess so instead of showing :

 

Name : My name.

 

Address : My Address.

 

Tel No : My Tel No's.

 

It would just have :

 

Client ID : 235488

 

and a contact this client button.  Which if the client verifies, will unlock it for that other client ID. 

 

Hope this clears things up a little.  Just realised I would have to create a connection table - so each ID can be verified to allow access.

 

Rich (now getting confused)

[.josh]

Does the id have to be numeric? Here's a simple method of generating a 6 char unique id that has no apparent sequential order:

 

$id = substr(md5(time()), 0, 6);

[discomatt]

I like this one a little better myself.

 

$id = substr(md5(uniqid(rand(), true)), 0, 6);

 

Your code will return the same result every second.. so if a duplicate ID is found ,the script could loop for as long as a second, continually polling the DB. The function above should return a new value at the very least every millisecond, assuming rand() returned the same result twice in a row

[GingerRobot]

Your code will return the same result every second.. so if a duplicate ID is found ,the script could loop for as long as a second, continually polling the DB. The function above should return a new value at the very least every millisecond, assuming rand() returned the same result twice in a row

 

You could always use microtime()

[richrock]

Thanks for all the suggestions - I would have thought it easier from a users point of view to have all numbers, but as I've said before, it's just to hide details unless authorised.

 

Rich

[.josh]

Okay well then why not just use ******** ?