stijn0713 Posted August 18, 2012 Share Posted August 18, 2012 probably stupid question, is it possible to generate unique pasword without checking db first? Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/ Share on other sites More sharing options...
Pikachu2000 Posted August 18, 2012 Share Posted August 18, 2012 You shouldn't check the db first. You should check it second. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370513 Share on other sites More sharing options...
Mahngiel Posted August 18, 2012 Share Posted August 18, 2012 what is a "unique password" did you know the most common password is "password" ? Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370515 Share on other sites More sharing options...
stijn0713 Posted August 18, 2012 Author Share Posted August 18, 2012 before sending a mail to the user, i want to generate a password which he'll use to validate him for the survey. Ok, i'll randomly generate one, and query against the db if it doesn't exist yet Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370519 Share on other sites More sharing options...
Mahngiel Posted August 18, 2012 Share Posted August 18, 2012 you can create a random string by simply hashing the user's session ID Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370520 Share on other sites More sharing options...
Christian F. Posted August 18, 2012 Share Posted August 18, 2012 You don't want to be using unique password, but a unique combination of user identifier and password. The former can be a randomly generated ID (GUID), or a username. Just make sure that part is unique for simplicity's sake, though it is really only the combination that needs to be unique. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370525 Share on other sites More sharing options...
stijn0713 Posted August 18, 2012 Author Share Posted August 18, 2012 mm, smart idea to use the ID to make the password unique. However, no session started yet, if he isn't logged in to take the survey, so idea 1 and query db? Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370526 Share on other sites More sharing options...
Mahngiel Posted August 18, 2012 Share Posted August 18, 2012 logged in users aren't the only people who get sessions, ya know? Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370527 Share on other sites More sharing options...
stijn0713 Posted August 18, 2012 Author Share Posted August 18, 2012 @christianF ... no the password also needs to be unique, because users with unique ID can take different surveys and a particular user may not use his password for taking another survey. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370531 Share on other sites More sharing options...
Mahngiel Posted August 18, 2012 Share Posted August 18, 2012 if you're using a user database, what's the purpose of your implementation? let the user sign up with their own email/password combo, send them an email verification with some random string being the activation code, access to that link activates their account. now that you have a successfully auth'd user, keep track of what survey's they're allowed to partake in and which ones they already have. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370532 Share on other sites More sharing options...
stijn0713 Posted August 18, 2012 Author Share Posted August 18, 2012 what i'm making is a little system for the administrator where he can creates surveys and invites people that he has in his database to take part in the survey. This invitation is a mail with a link. I cannot allow the invited person to logg in with the email and pasword from the users database because that will allow him to also take part in other surveys. I therefore want to generate a unique pasword code for each invitation in the script where the administrator sends the invitation (email) Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370534 Share on other sites More sharing options...
stijn0713 Posted August 18, 2012 Author Share Posted August 18, 2012 . Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370536 Share on other sites More sharing options...
Pikachu2000 Posted August 18, 2012 Share Posted August 18, 2012 Why not add the users that have been invited to a table indicating they've been invited? Then check the table for the survey and user id to verify permission. Sure would be a lot less hassle than creating additional passwords, and would allow you to see who has been invited to what, and track their participation as a side benefit. You could also use it to remind people if they have outstanding invites when they log in. The benefits are almost limitless. Well OK, not limitless, but there are benefits . . Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370537 Share on other sites More sharing options...
Drongo_III Posted August 18, 2012 Share Posted August 18, 2012 $uniquePW = rand() . time(); Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370539 Share on other sites More sharing options...
teng84 Posted August 19, 2012 Share Posted August 19, 2012 date and time is always unique Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370628 Share on other sites More sharing options...
spiderwell Posted August 20, 2012 Share Posted August 20, 2012 i was going to suggest the same as the two entries above. date and time will never be the same until time travel is invented Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370785 Share on other sites More sharing options...
Christian F. Posted August 20, 2012 Share Posted August 20, 2012 Sure about that? What happens if two people load the page at exactly the same time? The more users you have, the higher the likelihood (and frequency) of it happening. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370814 Share on other sites More sharing options...
Mahngiel Posted August 20, 2012 Share Posted August 20, 2012 No offense to any of you, but the entire thread should really be read before posting. The "solutions" given the past few posts to answer the OP do not actually provide an adequate solution to the OP's need. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370825 Share on other sites More sharing options...
yamikowebs Posted August 20, 2012 Share Posted August 20, 2012 Use a timestamp or something that uses the timestamp like a hash of the time stamp. I personally would think its better to store who should have access to the survey send an email with just a link. On the page itself check if the user was one of the invited users. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370866 Share on other sites More sharing options...
xyph Posted August 20, 2012 Share Posted August 20, 2012 $uniquePW = rand() . time(); There's not enough entropy in this solution. The passwords are far too 'guessable' Here's a decent solution. Requires the mcrypt library. <?php $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $password_length = rand(10,15); $size = strlen($characters); $rand = mcrypt_create_iv($password_length,MCRYPT_DEV_URANDOM); $password = ''; foreach( str_split($rand) as $char ) $password .= $characters[floor(ord($char)*($size/256))]; echo $password; ?> Keep in mind, there's slight 'bias' with the floor command. It's still incredibly more difficult to predict than any of the above examples. It's also quite 'wasteful' with the random stream, but that's not a huge deal on smaller traffic sites. Unless you have absolutely no choice, you should never use time to generate anything sensitive. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370871 Share on other sites More sharing options...
yamikowebs Posted August 20, 2012 Share Posted August 20, 2012 @ChristianF Its not possible for two people to load the page at the exact same time the request are handled in an order. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370881 Share on other sites More sharing options...
xyph Posted August 20, 2012 Share Posted August 20, 2012 @ChristianF Its not possible for two people to load the page at the exact same time the request are handled in an order. Multi-threaded software. Multi-core computers. It's very possible to do multiple things at the exact same time with modern computing. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370882 Share on other sites More sharing options...
Drummin Posted August 20, 2012 Share Posted August 20, 2012 I had grabbed this off the web some time ago and used in in several situations like this. Might work for you. <?php //Generate a random $min=6; // minimum length of keycode $max=8; // maximum length of keycode $kcode=""; // to store generated keycode for($i=0;$i<rand($min,$max);$i++){ $num=rand(48,122); if(($num > 97 && $num < 122)){ $kcode.=chr($num); } else if(($num > 65 && $num < 90)){ $kcode.=chr($num); } else if(($num >48 && $num < 57)){ $kcode.=chr($num); } else if($num==95){ $kcode.=chr($num); } else{ $i--; } } echo "$kcode"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370887 Share on other sites More sharing options...
xyph Posted August 20, 2012 Share Posted August 20, 2012 I had grabbed this off the web some time ago and used in in several situations like this. Might work for you. <?php //Generate a random $min=6; // minimum length of keycode $max=8; // maximum length of keycode $kcode=""; // to store generated keycode for($i=0;$i<rand($min,$max);$i++){ $num=rand(48,122); if(($num > 97 && $num < 122)){ $kcode.=chr($num); } else if(($num > 65 && $num < 90)){ $kcode.=chr($num); } else if(($num >48 && $num < 57)){ $kcode.=chr($num); } else if($num==95){ $kcode.=chr($num); } else{ $i--; } } echo "$kcode"; ?> rand is pseudo-random. It uses time to seed it's results. Only use this solution if a cryptographically-secure random stream isn't available. It's also some UGLY code. Better off giving a list of valid characters, making a random number between 0,(number of characters - 1), and picking with that. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1370901 Share on other sites More sharing options...
yamikowebs Posted August 21, 2012 Share Posted August 21, 2012 @ChristianF Its not possible for two people to load the page at the exact same time the request are handled in an order. Multi-threaded software. Multi-core computers. It's very possible to do multiple things at the exact same time with modern computing. My understanding is that even with multithreading things are not truly happening at the same time. Only the processor is multithreaded and things like disk reading/writting and ram access are not. Quote Link to comment https://forums.phpfreaks.com/topic/267286-generating-unique-password-without-going-to-db/#findComment-1371250 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.