I have a form that users can iput their personal details in: name, address, phone number etc. i also want to use some of this information for the users password and username. i have already devised and tested the way to get the user to (unknowingly) get their username and password sorted. the username is made up of the 1st address line and the password is made up of their postcode. they wont get this info unless they have bought a building kit from me. this is only issued after that. what i would like to know is how to remove the white spaces so instead of the password being SE13 1WD (spaces) the password becomes SE131SW (without spaces) i dont mind keeping the spaces in but ppl are used to seeing passwords and usernames without any spaces. i would rather this be done in php instead of javascript. (if this is done in javascript can it be over ridden or bypassed by altering the browser?)

Cant you join without spaces?

Of course, you can always [man]str_replace/man the spaces out.

Hi Buzzby (not to be confused with Buzzly)

Hope you've got a plan B for when a new user comes from the same street and the same postcode as an existing user. I also hope you've got some way of ensuring that a user can't just ask other users what street they live in and then look up their passwords in the telephone book.

I assume you're keeping the URL secret, because now you've told everyone how to create a user ID and password on your site, they won't be needing your building kit any more.

But perhaps I'm just being paranoid?

Norm

You hope!! Why not do something simple like generate a password? You've not been at this long have you, if you had then you would know that everything that can go wrong with a password system will go wrong with it. The 'cleverer' the process the more it will go wrong. Try this for a random 6 character string:

 $newpass = substr(md5(time()),0,6);

it generates an md5 hash string from the system time and truncates it to 6 chars. About as random as you can get.

Just use the user's name and generate a password and send it to them.

As to only one family at an address: people move, get their post code wrong, share houses, don't like to reveal that they live in a flat so forget the A, B etc. Believe me, your system WILL end up issuing the same address/post code combination because that is the real world.

it generates an md5 hash string from the system time and truncates it to 6 chars.

Which means that the total number of possible passwords is 166=16777216
If you were to use a normal alphanumeric password, even one that is not case-sensitive, the total number of possible passwords would be 366=2176782336

So truncate it to 8 or 9 chars or whatever you like. Personally, I think 16,000,000 should cover you, but use as many as you like.

I did not say you had to use Kevin Yank's solution, only that you should use more usual methods to generate your password. I offered Kevin Yank's solution in case you did not know of any way to write your own function or routine.

anybody who has designed for a client will know that the client will stipulate what he wants. he is opened to some design ideas or changes made by the designer but ultimately the client makes the desicion on what goes and what stays. plus since the client pays the bills he is in the advantageous position of basically dictating what goes where. i have not been at this for long but i have been there long enuff to know if i insist on something i loose my job and get/make no money. i know that a simple password/username solution required. i know what the solution should be. i already have the solution in place. its only a link away. i dont want a random password system. the system i have in place is that the user will actually choose his/her password so therefore there will be uniqueness. my client doesnt want that. it has to be job specific. the business is just for london, england and within the M25 (motorway that circles london) FOR NOW