[SOLVED] random number generator

[dadamssg]

im looking for a way to produce a random string of numbers and letters to use in a confirm membership script. what php function could i use to accomplish this? im going to put the random string in my db and then send it through a url through an email. When they click on it im going to write a script that will check to see if the variable in the url match with the db and confirm them if so. thanks

[Mark Baker]

Either rand() or the better mt_rand()

[Mchl]

feed md5 with rand

[premiso]

Use an md5 or sha1 hash for that.

 

Makes it secure and is easy to generate. IE Use their username with a random number:

 

$verify = sha1($username . rand(11111111,99999999);

 

Add that to the db then send it to them in an email.

[dadamssg]

so like

md5(mt_rand(1,10000))

would do it?

[dadamssg]

oh ok awesome thanks guys

[redarrow]

premiso winner lol.

 

sorry but it much more secure.

 

my version adapted theo.

 

<?php

$username=str_shuffle('redarrow');

$verify = sha1($username . rand(11111111,99999999));

echo $verify;

?>

[Mchl]

I wonder just what makes it more secure?

[gizmola]

im looking for a way to produce a random string of numbers and letters to use in a confirm membership script. what php function could i use to accomplish this? im going to put the random string in my db and then send it through a url through an email. When they click on it im going to write a script that will check to see if the variable in the url match with the db and confirm them if so. thanks

 

I wrote one of these recently, and there was very little involved.  My code did check in the database to make sure that the string hadn't been allocated previously, but that is something you will have to code for yourself.  This simple function does the work of generating a random string.  I also didn't want the first character to be a zero, so I have a little code to prevent that, but you could obviously omit that if you wanted.  As you can see, it's pretty simple stuff and just does a few ascii lookups in combination with rand().

 

This is nothing you couldn't write yourself or modify to your liking.  For my purposes i wanted a string that had numbers and letters.

 

public function generateInviteCode($charnum =  {
        $invitecode = null;
        $startrange = 1;
        for ($x = 0; $x             $rand = rand(0, 61);
            if ($rand                 $invitecode .= $rand;
            else if ($rand                 $invitecode .= chr($rand + 55);
            } else {
                $invitecode .= chr($rand + 61);
            }
        }
        // on first character, don't allow a zero
        if ($invitecode[0] == '0')
            $invitecode[0] = rand(1, 9);
        return $invitecode;
}

[gizmola]

BTW, you might ask why not use the SHA or MD5 versions above.  If you want to take that approach I have no complaint with doing so but it does have these drawbacks. 

 

-Those hash functions are computationally expensive. 

-The hashes themselves are very long (36 or 40 characters depending on which you choose).

 

If you want something shorter, you might want to consider the approach I outlined.  The function can actually create whatever size string you want, but you could start producing collisions if it was too short.  6-8 characters provides a nice compromise. 

[dadamssg]

sweet thanks, does anyone know how many characters sha1 outputs? i wanna know the varchar() i need to setup in my db. its either 20 or 40, can't really decipher the php manual....

[premiso]

I wonder just what makes it more secure?

 

Nothing....just another way to do it

 

 

A varchar of 40 should be fine for SHA1

[dadamssg]

awesome thanks

[Mchl]

I wonder just what makes it more secure?

 

Nothing....just another way to do it

Exactly. Security has nothing to do here.

 

A varchar of 40 should be fine for SHA1

 

char(40) would actualy be better, since we know all strings will have exactly 40 characters. This will save a byte or two per row.