我试图在PHP中创建一个随机字符串,我得到绝对没有输出:
<?php
function RandomString()
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randstring = '';
for ($i = 0; $i < 10; $i++) {
$randstring = $characters[rand(0, strlen($characters))];
}
return $randstring;
}
RandomString();
echo $randstring;
我做错了什么?
当前回答
这个问题有很多答案,但没有一个是利用加密安全伪随机数生成器(CSPRNG)的。
简单、安全、正确的答案是使用RandomLib,不要白费力气。
对于那些坚持发明自己的解决方案的人,PHP 7.0.0将为此目的提供random_int();如果你还在使用PHP 5。x,我们为random_int()写了一个PHP 5的polyfill,这样你甚至可以在升级到PHP 7之前使用新的API。
在PHP中安全地生成随机整数并不是一项简单的任务。在生产环境中部署自己开发的算法之前,您应该始终与常驻StackExchange密码学专家进行检查。
有了安全的整数生成器,使用CSPRNG生成随机字符串就像在公园里散步一样简单。
创建安全的随机字符串
/**
* Generate a random string, using a cryptographically secure
* pseudorandom number generator (random_int)
*
* This function uses type hints now (PHP 7+ only), but it was originally
* written for PHP 5 as well.
*
* For PHP 7, random_int is a PHP core function
* For PHP 5.x, depends on https://github.com/paragonie/random_compat
*
* @param int $length How many characters do we want?
* @param string $keyspace A string of all possible characters
* to select from
* @return string
*/
function random_str(
int $length = 64,
string $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
): string {
if ($length < 1) {
throw new \RangeException("Length must be a positive integer");
}
$pieces = [];
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
用法:
$a = random_str(32);
$b = random_str(8, 'abcdefghijklmnopqrstuvwxyz');
$c = random_str();
演示:https://3v4l.org/IMJGF(忽略PHP 5失败;它需要random_compat)
其他回答
以前的答案会生成不安全或难以输入的密码。
这是安全的,并且提供了用户更有可能实际使用的密码,而不是因为一些薄弱的东西而被丢弃。
// NOTE: On PHP 5.x you will need to install https://github.com/paragonie/random_compat
/**
* Generate a password that can easily be typed by users.
*
* By default, this will sacrifice strength by skipping characters that can cause
* confusion. Set $allowAmbiguous to allow these characters.
*/
static public function generatePassword($length=12, $mixedCase=true, $numericCount=2, $symbolCount=1, $allowAmbiguous=false, $allowRepeatingCharacters=false)
{
// sanity check to prevent endless loop
if ($numericCount + $symbolCount > $length) {
throw new \Exception('generatePassword(): $numericCount + $symbolCount are too high');
}
// generate a basic password with just alphabetic characters
$chars = 'qwertyupasdfghjkzxcvbnm';
if ($mixedCase) {
$chars .= 'QWERTYUPASDFGHJKZXCVBNML';
}
if ($allowAmbiguous) {
$chars .= 'iol';
if ($mixedCase) {
$chars .= 'IO';
}
}
$password = '';
foreach (range(1, $length) as $index) {
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while ($char == substr($password, -1)) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password .= $char;
}
// add numeric characters
$takenSubstitutionIndexes = [];
if ($numericCount > 0) {
$chars = '23456789';
if ($allowAmbiguous) {
$chars .= '10';
}
foreach (range(1, $numericCount) as $_) {
$index = random_int(0, strlen($password) - 1);
while (in_array($index, $takenSubstitutionIndexes)) {
$index = random_int(0, strlen($password) - 1);
}
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while (substr($password, $index - 1, 1) == $char || substr($password, $index + 1, 1) == $char) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password[$index] = $char;
$takenSubstitutionIndexes[] = $index;
}
}
// add symbols
$chars = '!@#$%&*=+?';
if ($allowAmbiguous) {
$chars .= '^~-_()[{]};:|\\/,.\'"`<>';
}
if ($symbolCount > 0) {
foreach (range(1, $symbolCount) as $_) {
$index = random_int(0, strlen($password) - 1);
while (in_array($index, $takenSubstitutionIndexes)) {
$index = random_int(0, strlen($password) - 1);
}
$char = $chars[random_int(0, strlen($chars) - 1)];
if (!$allowRepeatingCharacters) {
while (substr($password, $index - 1, 1) == $char || substr($password, $index + 1, 1) == $char) {
$char = $chars[random_int(0, strlen($chars) - 1)];
}
}
$password[$index] = $char;
$takenSubstitutionIndexes[] = $index;
}
}
return $password;
}
你完全做错了,因为你依赖于数字,而不是字符,我不确定如果你想要随机输出只是数字,如果是这样,为什么需要得到所有的字母和所有的数字,并提取它们的长度?为什么不用rand(0,62)呢?,即使你在声明函数之前忘记初始化变量$randstring。
不管怎样,PHP为此目的提供了一个非常方便的函数。它的作用是()。下面是一个适合您需要的例子。
< ?php 函数随机字符串(){ $字符= '0123456789abcdefghijklmnopqrstuvwxyz '; 返回str_shuffle($字符); } echo randomString ();
如果您使用的是PHP 7 +
public function generateRandom(){
$string = bin2hex(openssl_random_pseudo_bytes(10)); // 20 chars
// OR
$string = base64_encode(random_bytes(10)); // ~14 characters, includes /=+
// or
$string = substr(str_replace(['+', '/', '='], '', base64_encode(random_bytes(32))), 0, 32); // 32 characters, without /=+
// or
$string = bin2hex(random_bytes(10)); // 20 characters, only 0-9a-f
}
function generateRandomString($length = 10, $hasNumber = true, $hasLowercase = true, $hasUppercase = true): string
{
$string = '';
if ($hasNumber)
$string .= '0123456789';
if ($hasLowercase)
$string .= 'abcdefghijklmnopqrstuvwxyz';
if ($hasUppercase)
$string .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
return substr(str_shuffle(str_repeat($x = $string, ceil($length / strlen($x)))), 1, $length);
}
和使用:
echo generateRandomString(32);
使用random_bytes函数生成加密安全的随机字节。
$bytes = random_bytes(16);
echo bin2hex($bytes);
可能的输出
da821217e61e33ed4b2dd96f8439056c
使用openssl_random_pseudo_bytes函数生成伪随机字节。
$bytes = openssl_random_pseudo_bytes(16);
echo bin2hex($bytes);
可能的输出
e2d1254506fbb6cd842cd640333214ad
最好的用例是
function getRandomBytes($length = 16)
{
if (function_exists('random_bytes')) {
$bytes = random_bytes($length / 2);
} else {
$bytes = openssl_random_pseudo_bytes($length / 2);
}
return bin2hex($bytes);
}
echo getRandomBytes();
可能的输出
ba8cc342bdf91143
