Random Passwords

[Eric]

Got a tad bored today, so wrote a function for random passwords. Maybe it will help someone. :tu:

<?php

/**
* Generate a random password.
*
* @param  integer  $numchars      How long do we need the password to be?
* @param  boolean  $specialchars  Include the special characters?
* @param  boolean  $extrashuffle  Include an extra randomization on the password string?
* @return string
*/
function random_pass($numchars = 8, $specialchars = true, $extrashuffle = false)
{
	$numchars = intval($numchars);
	$numchars = ($numchars > 16 OR $numchars < 8) ? 8 : $numchars;

	$chars = array_merge(range('a', 'z'), range(0, 9));

	if ($specialchars)
	{
		$chars = array_merge($chars, array('!', '$', '_', '-', '#', '@'));
	}
	shuffle($chars);

	$pass = '';

	for ($i = 0; $i <= $numchars; $i++)
	{
		$pass .= $chars[$i];
	}

	if ($extrashuffle)
	{
		return str_shuffle($pass);
	}
	return $pass;
}

// Example, returns: 3ck#4sib2
echo random_pass(8, true, true);

?>

 

[Daniel]

  <?php

/**
* Generate a random password.
*
* @param  integer  $numchars      How long do we need the password to be?
* @param  boolean  $specialchars  Include the special characters?
* @param  boolean  $extrashuffle  Include an extra randomization on the password string?
* @param  boolean  $mixedcase     Mixed case or solely lowercase?
* @return string
*/
function random_pass($numchars = 8, $specialchars = true, $extrashuffle = false, $mixedcase = true)
{
    $numchars = intval($numchars);
    $numchars = ($numchars > 16 OR $numchars < 8) ? 8 : $numchars;
    
    $chars = array_merge(range('a', 'z'), range(0, 9));

    if ($mixedcase) /* Extra case */
    {
        $chars = array_merge($chars, range('A','Z'));
    }
    
    if ($specialchars)
    {
        $chars = array_merge($chars, array('!', '$', '_', '-', '#', '@'));
    }
    shuffle($chars);

    $pass = '';

    for ($i = 0; $i < $numchars; $i++) /* Changed to < only sign, otherwise it would be 1 character longer than needed */
    {
        $pass .= $chars[$i];
        shuffle($chars); /* Get repeated characters, would add as an option, but I'm lazy */
    }

    if ($extrashuffle)
    {
        return str_shuffle($pass);
    }
    return $pass;
}

// Example, returns: 3ck#4si2
echo random_pass(8, true, true, true);

?>

Added an extra shuffle after each character, so you can get repeated characters too. (I prefer it that way).
Added MiXeD case option
Fixed the length ($i = 0; $i <=$numchars) part.

 

[Barrucadu]

Both good, but heres a function I made a while ago and have been using, it may not be as customizable, but the passwords are very difficult to guess:

<?php
function prand($len = 10){
     $pass = '';
     for($i = 0; $i < $len; $i ++){
          $pass .= chr(rand(33, 126));
     }
     return $pass;
}

echo prand();
?>

 

[jimmysanders]

i had to go for the smallest one

function randomPassword($length = 8) {
	return	substr(base64_encode(md5(time())), 0, $length);
}

creates random string of A–Z, a–z, and 0–9 of max of 42ish chars

 

[unknowngiver]

i had to go for the smallest one

function randomPassword($length = 8) {
	return	substr(base64_encode(md5(time())), 0, $length);
}

creates random string of A–Z, a–z, and 0–9 of max of 42ish chars

lol protection much...base64 and md5 encryption lol

 

[Daniel]

i had to go for the smallest one

function randomPassword($length = 8) {
	return	substr(base64_encode(md5(time())), 0, $length);
}

creates random string of A–Z, a–z, and 0–9 of max of 42ish chars

lol protection much...base64 and md5 encryption lol

Not very secure, if you knew say what time roughly they made it, and how long, it could easily be cracked.

Dan

 

[user-7256]

If you know exactly what second after Unix Epoch they made that password, then yes... you could guess it...

Unless we add a little bit of salt

// Modified function, original given by jimmysanders

function randomPassword($length = 8) {
    $saltLength = 1;
    return    substr(base64_encode(md5(time())), 0, $length - $saltLength) . substr(md5($length + $time), 5, $saltLength);

// To use for your own, change:
// 5 on the second substr() function such that it's > 0 and < 42.
// $saltLength should be < $length
// If each person who used this function changed these values to
// some of their own choice, guessing it by just time() would be much trickier.
}

That should be a little trickier.

 

[Cavemaneca]

This is what I've been using for any random string

function randstr($l, $sp = 'false') {
$useChars='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz?!-+*=/\|&@#%^';
$string = $useChars{mt_rand(0,9)};
for($i = 1 ; $i < $l ; $i++)
{
    if ($sp) {
    $string .= $useChars{mt_rand(0,76)};
    }
    else {
    $string .= $useChars{mt_rand(0,61)};
    }
}
return $string;
}

usually works out fine. I don't know much encryption though. For that I usually just use

crypt($user_input, $db_pass);

 

[Kate]

I use this:

function rand_string($len, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
{
    $string = '';
    for ($i = 0; $i < $len; $i++)
    {
        $pos = rand(0, strlen($chars)-1);
        $string .= $chars{$pos};
    }
    return $string;
}

 

[Daniel]

function rand_string($len, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
{
    $string = '';
    $strlen = strlen($chars)-1;
    for ($i = 0; $i < $len; $i++)
    {
        $pos = rand(0, $strlen);
        $string .= $chars{$pos};
    }
    return $string;
}

Slightly optimized

~

And @Cavemaneca

(bool) $sp = 'false' evals to TRUE, not FALSE.

Just be careful with this, as it can definitely fall into unexpected behaviour (although it's not really all that 'unexpected'.

var_dump( (bool) 'false' ); // Returns bool (true)