Hello Friends,
I was building a web form where user get registered themselves but I am having a problem regarding generating a unique registration number for every user.
I want that when a user get registered a unique registration number in alphanumeric should be sent to his or her email address.How can I accomplish this. Please help.
<?php
$code_feed = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyv0123456789";
$code_length = 10; // Set this to be your desired code length
$final_code = "";
$feed_length = strlen($code_feed);
for($i = 0; $i < $code_length; $i ++) {
$feed_selector = rand(0,$feed_length-1);
$final_code .= substr($code_feed,$feed_selector,1);
}
echo $final_code;
?>
Actually, why not just use the primary key of the users table? If it is a username, take a SHA1 hash.
Thanks very much friends......
My problem is nearby solved..
Laserlight, the only issue I could see with that would be if I knew the userID or the username, and knew SHA1 was being employed to create the random code, then I could, in theory, spoof the script. (If I'm understanding what you are saying)
Laserlight, the only issue I could see with that would be if I knew the userID or the username, and knew SHA1 was being employed to create the random code, then I could, in theory, spoof the script. (If I'm understanding what you are saying)
True, but it may not matter at all since an attacker could just spoof the look and feel of the email for phishing purposes. I am assuming that this registration number is just to provide a way to identify the user for confirmation of registration. Such a number does not need to be unpredictable, only unique, and even then, only unique among the unconfirmed registrants.
If you really wanted it to be unpredictable, you could add something onto their username, ex.:
$hash = SHA1($username . 'RegConf');laserlight wrote:True, but it may not matter at all since an attacker could just spoof the look and feel of the email for phishing purposes. I am assuming that this registration number is just to provide a way to identify the user for confirmation of registration. Such a number does not need to be unpredictable, only unique, and even then, only unique among the unconfirmed registrants.
Good point. I always enjoy reading your posts and gaining perspective from your insight. ;-)
bradgrafelman wrote:If you really wanted it to be unpredictable, you could add something onto their username, ex.:
$hash = SHA1($username . 'RegConf');
Ooh, ooh, ooh, I want in... How about using the SHA1 on the $username with bradgrafelman's addition to create the $code_feed variable to put into my script, and then use my script to create the randomly generated code...