Generating 10 character password

Anon

I'd like to generate a password that is only 10 characters long

However

$password=$rand(10,100);
$password=(string)$password;
$password=md5($password);

Creates a HUGE password. No good. How can I get unique 10 letter passwords generated?

Regards

Elizabeth

salmon

See if this works for you . . .

<code>
function MakePassword($length = 7)
{
// purpose: return a random password of length $length

    srand( (double) microtime() );


$which = "";
$password = "";


for ($i=0; $i < $length; $i++) {
	$which = rand(1, 3);

	// character will be a digit 2-9
	if ( $which == 1 ) $password .= rand(0,10);

	// character will be a lowercase letter
	elseif ( $which == 2 ) $password .= chr( rand(65, 90) );

	// character will be an uppercase letter
	elseif ( $which == 3 ) $password .= chr( rand(97, 122) );
}

return $password;

}
</code>

Anon

Thanks Ben,

I modified the code slightly to be

$password = $password.chr etc.

(I might have an older version of php

However, there's still a problem. It always returns:

89UjtJgUoc

and nothing else!

Very puzzling!

Help!

Thanks again

Regards

Elizabeth

salmon

Try this one for PHP 3.0.7 and older. The difference is in the 2nd arguement for some of the calls to the rand() function (in older versions, the 2nd argument was the range instead of the inclusive maximum).

Also, on the first version I posted, the line "if ( $which == 1 ) $password .= rand(0,10);" should have been "
if ( $which == 1 ) $password .= rand(0,9);"

function MakePassword($length = 7)
{
// purpose: return a random password of length $length

srand( (double) microtime() );

$which = "";
$password = "";

for ($i=0; $i < $length; $i++) {
$which = rand(1, 3);

// character will be a digit 2-9
if ( $which == 1 ) $password .= rand(0,10);

// character will be a lowercase letter
elseif ( $which == 2 ) $password .= chr( rand(65, 26) );

// character will be an uppercase letter
elseif ( $which == 3 ) $password .= chr( rand(97, 26) );
}

return $password;
}

znouza

try:

srand(time());

$i=($QUERY_STRING)?($QUERY_STRING):"10";
while($i--)
while(ereg("[a-zA-Z0-9]",$chr=sprintf("%c",rand(48,127))))
echo $chr;

it generates $i length password, consist of small and caps letters and numbers (defined in ereg) - it's quite elegant 🙂

znouza

I'm sorry, I did error, here comes corrected:

srand(time());

$i=($QUERY_STRING)?($QUERY_STRING):"10";
while($i--)
{
while(!ereg("[a-zA-Z0-9]",$chr=sprintf("%c",rand(48,127)))) ;
echo $chr;
}

kparker

Are you sure the password really needs to be <i>unique</i> rather than just unpredictable? If so, you're probably asking your password to do to much (i.e. it's partly an identifier and not just a password.) But if it doesn't need to be strictly unique, then just chop off the last n chars from the md5 hash you're getting and use those. And please use mt_rand() rather than just plain rand(), it generates much rander random numbers!

dajoyce

Hi:
I used mt_srand()and mt_rand() with the code that Ben posted. I also added a return statement, so that the function may be used multiple times in a document (why?- who knows). In any case, the passwords generated were MUCH more random than with the standard srand / rand combo. Hope this helps somebody! Oh yeah, here's that code:

function makepass($length){
// seed with microseconds since last "whole"
// second.
mt_srand ((double) microtime() * 1000000);

$which = "";
$password = "";

for ($i=0; $i < $length; $i++) {
$which = mt_rand(1, 3);

// character will be a digit 2-9 
if ( $which == 1 ){
$password .= rand(0,9); 
}
// character will be lowercaseletter 
elseif ( $which == 2 ){
$password .= chr( rand(65, 90) ); 
}
// character will be uppercaseletter 
elseif ( $which == 3 ){
$password .= chr( rand(97, 122) ); 
}

}
return $password;
}

salmon

Yes, mt_srand() and mt_rand() are a much better combo. It's also important to remember that you should really only call mt_srand() once per script, so having it inside a function is probabably not the best call.

dajoyce

I am storing the password-generator function in a separate library file, which is included in on a per-need basis. Would I just mt_srand at the top of that library file, prior to any functions? Thanks.

salmon

It's probably best just to make the call outside of the file. That way if you want to include the file in a script where you've already called mt_srand, then you won't automatically call it again just by including the file.

Anon

thanks Ben Jones, I'm successfully using it.