我试图在PHP中创建一个随机字符串,我得到绝对没有输出:
<?php
function RandomString()
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randstring = '';
for ($i = 0; $i < 10; $i++) {
$randstring = $characters[rand(0, strlen($characters))];
}
return $randstring;
}
RandomString();
echo $randstring;
我做错了什么?
当前回答
首先,定义你想要使用的字母:
$alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$special = '~!@#$%^&*(){}[],./?';
$alphabet = $alphanum . $special;
然后,使用openssl_random_pseudo_bytes()生成适当的随机数据:
$len = 12; // length of password
$random = openssl_random_pseudo_bytes($len);
最后,使用这些随机数据创建密码。因为$random中的每个字符可以是chr(0)直到chr(255),代码使用其序数与$alphabet_length除法后的余数来确保只从字母表中选择字符(注意这样做会偏向随机性):
$alphabet_length = strlen($alphabet);
$password = '';
for ($i = 0; $i < $len; ++$i) {
$password .= $alphabet[ord($random[$i]) % $alphabet_length];
}
或者,通常更好的方法是使用RandomLib和SecurityLib:
use SecurityLib\Strength;
$factory = new RandomLib\Factory;
$generator = $factory->getGenerator(new Strength(Strength::MEDIUM));
$password = $generator->generateString(12, $alphabet);
其他回答
<?php
/**
* Creates a random string
*
* @param (int) $length
* Length in characters
* @param (array) $ranges
* (optional) Array of ranges to be used
*
* @return
* Random string
*/
function random_string($length, $ranges = array('0-9', 'a-z', 'A-Z')) {
foreach ($ranges as $r) $s .= implode(range(array_shift($r = explode('-', $r)), $r[1]));
while (strlen($s) < $length) $s .= $s;
return substr(str_shuffle($s), 0, $length);
}
// Examples:
$l = 100;
echo '<b>Default:</b> ' . random_string($l) . '<br />';
echo '<b>Lower Case only:</b> ' . random_string($l, array('a-z')) . '<br />';
echo '<b>HEX only:</b> ' . random_string($l, array('0-9', 'A-F')) . '<br />';
echo '<b>BIN only:</b> ' . random_string($l, array('0-1')) . '<br />';
/* End of file */
这是一个简单的句子。您将得到至少一个小写字母、一个大写字母、一个数字和一个符号。使用random_int,这应该是密码安全的。不过,我并不认为这是安全的。我不是安全专家。
复制+粘贴:(只需将$len更改为所需的长度。)
$len=26;for ($chars = array('0123456789','abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ','!@#$%^&*()_+-='),$randomString="",$i=0;$i<$len;$i++)$randomString .= substr($chars[$i%4], random_int(0,strlen($chars[$i%4])), 1);
echo $randomString;
再细分一下:
for (
$chars = array('0123456789','abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ','!@#$%^&*()_+-='),
$randomString="",
$i=0;
$i<12;$i++)
$randomString .=
substr($chars[$i%4],
random_int(0, strlen($chars[$i%4])), 1);
我在循环中使用$chars[$ I %4]来选择从哪组字符中获取随机字符。它保证数组中的每一组字符都有多个字符。
它肯定可以改进(随机设置每个字符集的数量),但对于我的目的来说已经足够好了。
一个班轮。
对于具有唯一性的大字符串,它是快速的。
function random_string($length){
return substr(str_repeat(md5(rand()), ceil($length/32)), 0, $length);
}
我已经测试了那里最流行的函数的性能,在我的盒子上生成1 000 000个32个符号的字符串所需的时间是:
2.5 $s = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,32);
1.9 $s = base64_encode(openssl_random_pseudo_bytes(24));
1.68 $s = bin2hex(openssl_random_pseudo_bytes(16));
0.63 $s = base64_encode(random_bytes(24));
0.62 $s = bin2hex(random_bytes(16));
0.37 $s = substr(md5(rand()), 0, 32);
0.37 $s = substr(md5(mt_rand()), 0, 32);
请注意,它到底有多长并不重要,重要的是哪个更慢,哪个更快,因此您可以根据您的要求进行选择,包括密码准备等。
如果需要小于32个字符的字符串,则在MD5周围添加substr()以保证准确性。
为了回答:字符串没有被连接,而是被覆盖,函数的结果没有被存储。
以前的答案会生成不安全或难以输入的密码。
这是安全的,并且提供了用户更有可能实际使用的密码,而不是因为一些薄弱的东西而被丢弃。
// NOTE: On PHP 5.x you will need to install https://github.com/paragonie/random_compat
/**
* Generate a password that can easily be typed by users.
*
* By default, this will sacrifice strength by skipping characters that can cause
* confusion. Set $allowAmbiguous to allow these characters.
*/
static public function generatePassword($length=12, $mixedCase=true, $numericCount=2, $symbolCount=1, $allowAmbiguous=false, $allowRepeatingCharacters=false)
{
// sanity check to prevent endless loop
if ($numericCount + $symbolCount > $length) {
throw new \Exception('generatePassword(): $numericCount + $symbolCount are too high');
}
// generate a basic password with just alphabetic characters
$chars = 'qwertyupasdfghjkzxcvbnm';
if ($mixedCase) {
$chars .= 'QWERTYUPASDFGHJKZXCVBNML';
}
if ($allowAmbiguous) {
$chars .= 'iol';
if ($mixedCase) {
$chars .= 'IO';
}
}
$password = '';
foreach (range(1, $length) as $index) {
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while ($char == substr($password, -1)) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password .= $char;
}
// add numeric characters
$takenSubstitutionIndexes = [];
if ($numericCount > 0) {
$chars = '23456789';
if ($allowAmbiguous) {
$chars .= '10';
}
foreach (range(1, $numericCount) as $_) {
$index = random_int(0, strlen($password) - 1);
while (in_array($index, $takenSubstitutionIndexes)) {
$index = random_int(0, strlen($password) - 1);
}
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while (substr($password, $index - 1, 1) == $char || substr($password, $index + 1, 1) == $char) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password[$index] = $char;
$takenSubstitutionIndexes[] = $index;
}
}
// add symbols
$chars = '!@#$%&*=+?';
if ($allowAmbiguous) {
$chars .= '^~-_()[{]};:|\\/,.\'"`<>';
}
if ($symbolCount > 0) {
foreach (range(1, $symbolCount) as $_) {
$index = random_int(0, strlen($password) - 1);
while (in_array($index, $takenSubstitutionIndexes)) {
$index = random_int(0, strlen($password) - 1);
}
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while (substr($password, $index - 1, 1) == $char || substr($password, $index + 1, 1) == $char) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password[$index] = $char;
$takenSubstitutionIndexes[] = $index;
}
}
return $password;
}
