一个简单的解决方案是通过丢弃非字母数字字符将64进制转换为字母数字。

它使用random_bytes()来获得加密安全的结果。

function random_alphanumeric(int $length): string
{
    $result='';
    do
    {
        //Base 64 produces 4 characters for each 3 bytes, so most times this will give enough bytes in a single pass
        $bytes=random_bytes(($length+3-strlen($result))*2);
        //Discard non-alhpanumeric characters
        $result.=str_replace(['/','+','='],['','',''],base64_encode($bytes));
        //Keep adding characters until the string is long enough
        //Add a few extra because the last 2 or 3 characters of a base 64 string tend to be less diverse
    }while(strlen($result)<$length+3);
    return substr($result,0,$length);
}

编辑:我只是重新审视了一下，因为我需要一些更灵活的东西。这里有一个解决方案，执行得比上面的好一点，并提供了指定ASCII字符集的任何子集的选项:

<?php
class RandomText
{
    protected
        $allowedChars,
        //Maximum index to use
        $allowedCount,
        //Index values will be taken from a pool of this size
        //It is a power of 2 to keep the distribution of values even
        $distributionSize,
        //This many characters will be generated for each output character
        $ratio;
    /**
     * @param string $allowedChars characters to choose from
     */
    public function __construct(string $allowedChars)
    {
        $this->allowedCount = strlen($allowedChars);
        if($this->allowedCount < 1 || $this->allowedCount > 256) throw new \Exception('At least 1 and no more than 256 allowed character(s) must be specified.');
        $this->allowedChars = $allowedChars;
        //Find the power of 2 equal or greater than the number of allowed characters
        $this->distributionSize = pow(2,ceil(log($this->allowedCount, 2)));
        //Generating random bytes is the expensive part of this algorithm
        //In most cases some will be wasted so it is helpful to produce some extras, but not too many
        //On average, this is how many characters needed to produce 1 character in the allowed set
        //50% of the time, more characters will be needed. My tests have shown this to perform well.
        $this->ratio = $this->distributionSize / $this->allowedCount;
    }

    /**
     * @param int $length string length of required result
     * @return string random text
     */
    public function get(int $length) : string
    {
        if($length < 1) throw new \Exception('$length must be >= 1.');
        $result = '';
        //Keep track of result length to prevent having to compute strlen()
        $l = 0;
        $indices = null;
        $i = null;
        do
        {
            //Bytes will be used to index the character set. Convert to integers.
            $indices = unpack('C*', random_bytes(ceil(($length - $l) * $this->ratio)));
            foreach($indices as $i)
            {
                //Reduce to the smallest range that gives an even distribution
                $i %= $this->distributionSize;
                //If the index is within the range of characters, add one char to the string
                if($i < $this->allowedCount)
                {
                    $l++;
                    $result .= $this->allowedChars[$i];
                }
                if($l >= $length) break;
            }
        }while($l < $length);
        return $result;
    }
}

如果您想在PHP中生成一个唯一的字符串，请尝试以下操作。

md5(uniqid().mt_rand());

在这方面,

uniqid() -它将生成唯一的字符串。此函数返回基于时间戳的唯一标识符作为字符串。

mt_rand() -生成随机数。

md5() -它将生成哈希字符串。

PHP 7标准库提供了random_bytes($length)函数，该函数生成加密安全的伪随机字节。

例子:

$bytes = random_bytes(20);
var_dump(bin2hex($bytes));

上面的例子将输出类似于:

string(40) "5fe69c95ed70a9869d9f9af7d8400a6673bb9ce9"

更多信息:http://php.net/manual/en/function.random-bytes.php

PHP 5(过时)

我只是在寻找如何解决这个相同的问题，但我也希望我的函数创建一个令牌，可以用于密码检索以及。这意味着我需要限制令牌的猜测能力。因为uniqid是基于时间的，而根据php.net“返回值与microtime()相差不大”，uniqid不符合条件。PHP建议使用openssl_random_pseudo_bytes()来生成加密安全的令牌。

一个快速、简短、直截了当的答案是:

bin2hex(openssl_random_pseudo_bytes($bytes))

它将生成一个长度= $bytes * 2的字母数字字符的随机字符串。不幸的是，这只有一个字母[a-f][0-9]，但它是有效的。

---

Below is the strongest function I could make that satisfies the criteria (This is an implemented version of Erik's answer).

function crypto_rand_secure($min, $max)
{
    $range = $max - $min;
    if ($range < 1) return $min; // not so random...
    $log = ceil(log($range, 2));
    $bytes = (int) ($log / 8) + 1; // length in bytes
    $bits = (int) $log + 1; // length in bits
    $filter = (int) (1 << $bits) - 1; // set all lower bits to 1
    do {
        $rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes)));
        $rnd = $rnd & $filter; // discard irrelevant bits
    } while ($rnd > $range);
    return $min + $rnd;
}

function getToken($length)
{
    $token = "";
    $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $codeAlphabet.= "abcdefghijklmnopqrstuvwxyz";
    $codeAlphabet.= "0123456789";
    $max = strlen($codeAlphabet); // edited

    for ($i=0; $i < $length; $i++) {
        $token .= $codeAlphabet[crypto_rand_secure(0, $max-1)];
    }

    return $token;
}

Crypto_rand_secure ($min， $max)作为rand()或mt_rand的替换。它使用openssl_random_pseudo_bytes来帮助创建一个介于$min和$max之间的随机数。

getToken($length)创建一个要在令牌中使用的字母表，然后创建一个长度为$length的字符串。

来源:http://us1.php.net/manual/en/function.openssl-random-pseudo-bytes.php # 104322

我在这里提供了一些很好的研究数据，基于斯科特的答案提供的功能。因此，我为这个为期5天的自动化测试设置了一个数字海洋液滴，并将生成的唯一字符串存储在MySQL数据库中。

在这个测试期间，我使用了5个不同的长度(5、10、15、20、50)，每个长度插入+/- 50万条记录。在我的测试中，在50万个重复中，只有长度5产生了+/-3K个重复，其余长度没有产生任何重复。所以我们可以说，如果我们使用Scott函数的长度为15或以上，那么我们就可以生成高度可靠的唯一字符串。以下是我的研究数据:

更新

我使用这些函数创建了一个简单的Heroku应用程序，它将令牌作为JSON响应返回。该应用程序可以在https://uniquestrings.herokuapp.com/api/token?length=15上访问

一个简单的解决方案是通过丢弃非字母数字字符将64进制转换为字母数字。

它使用random_bytes()来获得加密安全的结果。

function random_alphanumeric(int $length): string
{
    $result='';
    do
    {
        //Base 64 produces 4 characters for each 3 bytes, so most times this will give enough bytes in a single pass
        $bytes=random_bytes(($length+3-strlen($result))*2);
        //Discard non-alhpanumeric characters
        $result.=str_replace(['/','+','='],['','',''],base64_encode($bytes));
        //Keep adding characters until the string is long enough
        //Add a few extra because the last 2 or 3 characters of a base 64 string tend to be less diverse
    }while(strlen($result)<$length+3);
    return substr($result,0,$length);
}

编辑:我只是重新审视了一下，因为我需要一些更灵活的东西。这里有一个解决方案，执行得比上面的好一点，并提供了指定ASCII字符集的任何子集的选项:

<?php
class RandomText
{
    protected
        $allowedChars,
        //Maximum index to use
        $allowedCount,
        //Index values will be taken from a pool of this size
        //It is a power of 2 to keep the distribution of values even
        $distributionSize,
        //This many characters will be generated for each output character
        $ratio;
    /**
     * @param string $allowedChars characters to choose from
     */
    public function __construct(string $allowedChars)
    {
        $this->allowedCount = strlen($allowedChars);
        if($this->allowedCount < 1 || $this->allowedCount > 256) throw new \Exception('At least 1 and no more than 256 allowed character(s) must be specified.');
        $this->allowedChars = $allowedChars;
        //Find the power of 2 equal or greater than the number of allowed characters
        $this->distributionSize = pow(2,ceil(log($this->allowedCount, 2)));
        //Generating random bytes is the expensive part of this algorithm
        //In most cases some will be wasted so it is helpful to produce some extras, but not too many
        //On average, this is how many characters needed to produce 1 character in the allowed set
        //50% of the time, more characters will be needed. My tests have shown this to perform well.
        $this->ratio = $this->distributionSize / $this->allowedCount;
    }

    /**
     * @param int $length string length of required result
     * @return string random text
     */
    public function get(int $length) : string
    {
        if($length < 1) throw new \Exception('$length must be >= 1.');
        $result = '';
        //Keep track of result length to prevent having to compute strlen()
        $l = 0;
        $indices = null;
        $i = null;
        do
        {
            //Bytes will be used to index the character set. Convert to integers.
            $indices = unpack('C*', random_bytes(ceil(($length - $l) * $this->ratio)));
            foreach($indices as $i)
            {
                //Reduce to the smallest range that gives an even distribution
                $i %= $this->distributionSize;
                //If the index is within the range of characters, add one char to the string
                if($i < $this->allowedCount)
                {
                    $l++;
                    $result .= $this->allowedChars[$i];
                }
                if($l >= $length) break;
            }
        }while($l < $length);
        return $result;
    }
}

在阅读了之前的例子后，我得出了以下结论:

protected static $nonce_length = 32;

public static function getNonce()
{
    $chars = array();
    for ($i = 0; $i < 10; $i++)
        $chars = array_merge($chars, range(0, 9), range('A', 'Z'));
    shuffle($chars);
    $start = mt_rand(0, count($chars) - self::$nonce_length);
    return substr(join('', $chars), $start, self::$nonce_length);
}

我复制了10倍的数组[0-9,a - z]和洗牌的元素，在我得到一个随机的起始点substr()更“创造性”:) 你可以添加[a-z]和其他元素到数组中，或多或少地复制，比我更有创造力