• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Generate code without guess

#1
Hello
I want to generate many code and save it in database and give it for shops
So users get this code from shop and enter it in app.
Now if user guest how do generate this codes so can enter many code in app
How do i generate code that dont have static structure ?
Reply

#2
If you need simple one off codes that dont need to have a specific value I would use a simple hash system.

For example creatinge the hash I would use todays data and exact time and hash that. For example MD5 would alway generate a 32 charatcer long code. This can be easily created in PHP and stored in the database.

The app would then just check for this code. The app does not need to know the date time as it just checkst if it exist in the DB.

The problem with this approch is the length of the code. If a user has to enter that manually then 32 char is rather long.

I hope this helps and give syou some ideas.
On the package it said needs Windows 7 or better. So I installed Linux.
Reply

#3
Here is something I use.

PHP Code:
   public function generate_code() {
 
       // generate a randomish code
 
       $code bin2hex(pack('N'microtime(TRUE))).bin2hex(get_instance()->security->get_random_bytes(4));
 
       return $code;
 
   

It was suggested to me here on these forums somewhere by Narf ages ago but I use it all the time on almost every site I do. It is great for generating unique codes for urls, for all sorts of records, rather than using id. I have it in a functions model that has all my useful functions in. You could use more random bytes if you wanted a longer code.

Generates something like: 59aad953a91644ce

Hope it helps,

Paul

PS This is not for security, this is just to generate a code I can use instead of an ID, i.e.
Code:
Not: www.mysite.co.uk/view/record/4
But: www.mysite.co.uk/view/record/59aad953a91644ce
You still have to check it is unique when storing, and when using to retrieve a record that the user has permission to access it.
Reply

#4
(09-29-2017, 11:43 AM)PaulD Wrote: Here is something I use.

PHP Code:
   public function generate_code() {
 
       // generate a randomish code
 
       $code bin2hex(pack('N'microtime(TRUE))).bin2hex(get_instance()->security->get_random_bytes(4));
 
       return $code;
 
   

It was suggested to me here on these forums somewhere by Narf ages ago but I use it all the time on almost every site I do. It is great for generating unique codes for urls, for all sorts of records, rather than using id. I have it in a functions model that has all my useful functions in. You could use more random bytes if you wanted a longer code.

Generates something like: 59aad953a91644ce

Hope it helps,

Paul

PS This is not for security, this is just to generate a code I can use instead of an ID, i.e.
Code:
Not: www.mysite.co.uk/view/record/4
But: www.mysite.co.uk/view/record/59aad953a91644ce
You still have to check it is unique when storing, and when using to retrieve a record that the user has permission to access it.

PHP Code:
/**
 * Generate a random string
 * 
 * @link https://paragonie.com/b/JvICXzh_jhLyt4y3
 *
 * @param int $length - How long should our random string be?
 * @param string $charset - A string of all possible characters to choose from
 * @return string
 */
function random_str($length 32$charset 'abcdefghijklmnopqrstuvwxyz')
{
    
// Type checks:
    
if (!is_numeric($length)) {
        throw new 
InvalidArgumentException(
            
'random_str - Argument 1 - expected an integer'
        
);
    }
    if (!
is_string($charset)) {
        throw new 
InvalidArgumentException(
            
'random_str - Argument 2 - expected a string'
        
);
    }

    if (
$length 1) {
        
// Just return an empty string. Any value < 1 is meaningless.
        
return '';
    }
    
    
// Remove duplicate characters from $charset
    
$split str_split($charset);
    
$charset implode(''array_unique($split));
    
    
// This is the maximum index for all of the characters in the string $charset
    
$charset_max strlen($charset) - 1;
    if (
$charset_max 1) {
        
// Avoid letting users do: random_str($int, 'a'); -> 'aaaaa...'
        
throw new LogicException(
            
'random_str - Argument 2 - expected a string that contains at least 2 distinct characters'
        
);
    }
    
// Now that we have good data, this is the meat of our function:
    
$random_str '';
    for (
$i 0$i $length; ++$i) {
        
$r random_int(0$charset_max);
        
$random_str .= $charset[$r];
    }
    return 
$random_str;


https://paragonie.com/blog/2015/07/commo...dom-string

https://github.com/paragonie/random_compat

@rtenny, using md5 width a timestamp is not the best idea. Use PaulD code or the random_str from paragonie.
Reply

#5
(09-29-2017, 08:05 AM)rtenny Wrote: If you need simple one off codes that dont need to have a specific value I would use a simple hash system.

For example creatinge the hash I would use todays data and exact time and hash that. For example MD5 would alway generate a 32 charatcer long code. This can be easily created in PHP and stored in the database.

The app would then just check for this code. The app does not need to know the date time as it just checkst if it exist in the DB.

The problem with this approch is the length of the code. If a user has to enter that manually then 32 char is rather long.

I hope this helps and give syou some ideas.

Yes it is helpful Thanks
Reply

#6
(09-29-2017, 11:43 AM)PaulD Wrote: Here is something I use.

PHP Code:
   public function generate_code() {
 
       // generate a randomish code
 
       $code bin2hex(pack('N'microtime(TRUE))).bin2hex(get_instance()->security->get_random_bytes(4));
 
       return $code;
 
   

It was suggested to me here on these forums somewhere by Narf ages ago but I use it all the time on almost every site I do. It is great for generating unique codes for urls, for all sorts of records, rather than using id. I have it in a functions model that has all my useful functions in. You could use more random bytes if you wanted a longer code.

Generates something like: 59aad953a91644ce

Hope it helps,

Paul

PS This is not for security, this is just to generate a code I can use instead of an ID, i.e.
Code:
Not: www.mysite.co.uk/view/record/4
But: www.mysite.co.uk/view/record/59aad953a91644ce
You still have to check it is unique when storing, and when using to retrieve a record that the user has permission to access it.

Yes it is good way
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.