Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10

Thread: Random Token

  1. #1
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Random Token

    Now, I know how to make a random token with characters and numbers. But for my old upload script I had a for() method which didn't need a set parameter of characters to use. It used like char() or something. Here is what I got currently:

    PHP Code:
    <?php

    function TokenW($l=8) {
      
    $parts "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
      
    $tmp_gen "";
      while(
    strlen($tmp) < $l) {
          
    $tmp_gen .= $str{mt_rand(0strlen($str))};
      }
      return 
    tmp_gen;
    }

    echo 
    TokenW();

    ?>
    Edit: I revised the function for practicle use, before was just an example.


    PHP Code:
    // Method by Velox Letum
    function gen_pass($len) { 
         for (
    $i 0$i $len$i++) { 
              
    $password .= chr(mt_rand(0255)); 
         } 
         return 
    $password

    Last edited by Element; 12-16-2005 at 03:43 AM.

  • #2
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Moved to PHP Snippets forum

  • #3
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    Quote Originally Posted by Element
    stuff
    I don't really see any questions in there, but this:
    PHP Code:
      if($l == "") {
          
    $l 8;
      } 
    is not the correct way to make a parameter optional, and your snip throws parse errors because of it.

    Use instead:
    PHP Code:
    function nameToken($l 8) {
      
    $str "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
      
    $tmp "";
      while(
    strlen($tmp) < $l) {
          
    $tmp .= $str{mt_rand(0strlen($str))};
      }
      return 
    $tmp;
    }

    echo 
    nameToken(); 
    Most people, I think, just use md5(microtime()); to get a pseudorandom token.

    edit: oops, it's supposed to be a snippet.
    Last edited by ralph l mayo; 12-16-2005 at 03:27 AM.

  • #4
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually, I often use md5(uniqid(microtime())) however I do think this method is perfectly resonable.

    However, ralph is right about your optional paramaters. You can do something like this:

    PHP Code:
    function funcname$optional_var ){
      
    // And so forth

    Edit: Sorry ralph, didnt see that you had already explained this


    to assign default values to arguments. If you didnt get an error when running the script, it would mean that you have a low error reporting setting. Always use error_reporting( E_ALL ); when testing scripts.

  • #5
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by ralph l mayo
    I don't really see any questions in there, but this:
    PHP Code:
      if($l == "") {
          
    $l 8;
      } 
    is not the correct way to make a parameter optional, and your snip throws parse errors because of it.

    Use instead:
    PHP Code:
    function nameToken($l 8) {
      
    $str "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
      
    $tmp "";
      while(
    strlen($tmp) < $l) {
          
    $tmp .= $str{mt_rand(0strlen($str))};
      }
      return 
    $tmp;
    }

    echo 
    nameToken(); 
    Most people, I think, just use md5(microtime()); to get a pseudorandom token.

    edit: oops, it's supposed to be a snippet.
    Err... this is a question. I don't want people using this! >.< I'm asking what is a better method using for() and mt_rand() and char() It was very random. And I don't want to use that because on my upload script it was uploading over files when people upload at the same time another file was. for md5(microtime()) At least thats what alot of emails were. I had at least 10 emails a day saying their images have "suddenly become another image" which only leaves the token was generated again. And witht he for() method I had I had no problem after that.

  • #6
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ahh sorry, it looked like a posted code... I'll move it back.

  • #7
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    tempnam(string directory, string prefix) creates a file with a unique name in the specified directory. That should prevent duplicates. Uploaded files should already be assigned unique ids in the server's /tmp/, but I forget exactly how that works.

  • #8
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by missing-score
    Actually, I often use md5(uniqid(microtime())) however I do think this method is perfectly resonable.

    However, ralph is right about your optional paramaters. You can do something like this:

    PHP Code:
    function funcname$optional_var ){
      
    // And so forth

    Edit: Sorry ralph, didnt see that you had already explained this


    to assign default values to arguments. If you didnt get an error when running the script, it would mean that you have a low error reporting setting. Always use error_reporting( E_ALL ); when testing scripts.
    Oh, that is how! Okay, thanks on that part. I thought if I did that it would reset $l if I inputed a number for it.

  • #9
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I use a combination of md5(), mt_rand(), and substr() myself, but another method might be to use an mt_rand(0,255) inside chr().

    PHP Code:
    function gen_pass($len) {
         for (
    $i 0$i $len$i++) {
              
    $password .= chr(mt_rand(0255));
         }
         return 
    $password;

    Though this'll use the entire ASCII table, so for limited special chars you might limit it to 33, 127. There's still a few though, so other methods are probably better.
    "$question = ( to() ) ? be() : ~be();"

  • #10
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    uniqid() works quite well alone.
    It is generated from microseconds so microseconds isn't really needed. You could hash the uniqid if you need the token if you like but hashing shouldn't make it more "random" as any value always hashes to the same hash.
    Writing a function to generate tokens makes only sense (to me) if you only want specific chars in the token.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •