• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Random Password Generator

#1
[eluser]the_unforgiven[/eluser]
Hi all,

Building an application and need to build a simple yet secure "forgot password" module

Basically i want it show a input field for their email address which will send them a sha1 password in plan english:

sha1 = hdf748yudf84hdr6394h for example would translate to password in the email that gets sent to the customer.

I just wondered what is the best way to do this and can someone show me examples so i know I'm on the right tracks.

I did find this helper
Code:
<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');


if ( ! function_exists('get_random_password'))
{
    /**
     * Generate a random password.
     *
     * get_random_password() will return a random password with length 6-8 of lowercase letters only.
     *
     * @access    public
     * @param    $chars_min the minimum length of password (optional, default 6)
     * @param    $chars_max the maximum length of password (optional, default 8)
     * @param    $use_upper_case boolean use upper case for letters, means stronger password (optional, default false)
     * @param    $include_numbers boolean include numbers, means stronger password (optional, default false)
     * @param    $include_special_chars include special characters, means stronger password (optional, default false)
     *
     * @return    string containing a random password
     */    
    function get_random_password($chars_min=6, $chars_max=8, $use_upper_case=false, $include_numbers=false, $include_special_chars=false)
    {
        $length = rand($chars_min, $chars_max);
        $selection = 'aeuoyibcdfghjklmnpqrstvwxz';
        if($include_numbers) {
            $selection .= "1234567890";
        }
        if($include_special_chars) {
            $selection .= "!@\"#$%&[]{}?|";
        }
                                
        $password = "";
        for($i=0; $i<$length; $i++) {
            $current_letter = $use_upper_case ? (rand(0,1) ? strtoupper($selection[(rand() % strlen($selection))]) : $selection[(rand() % strlen($selection))]) : $selection[(rand() % strlen($selection))];            
            $password .=  $current_letter;
        }                
        
        return $password;
    }

}
But not sure if its what i need, please help!?

#2
[eluser]CroNiX[/eluser]
That should work ok for what you want to do. When you send the email to them with the "password", store it in the database so you can check against it when they enter it. Then, delete the temp password from the db after they've used it. For additional protection, you can add a timestamp to the db for when the password gets sent out and only have the password valid for x hours.

You can also hash the $password with sha1 before returning it from that function, although it sounds like you are sending the raw password to them (as opposed to a link to click on) and want to keep the password shorter. Personally, I'd use a link for them to click on with additional instructions if their email reader mangles the link (always put links on their own line in email to help avoid that)

#3
[eluser]the_unforgiven[/eluser]
Great i understand the logic, any chance you can how me how it should read in code lol Smile

I think the link in email would work better too to be honest a bit more secure


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.