Does this small piece of code seem ok? |
Don't forget there are also costs involved in checking. Which is why GUIDs are designed so you don't have the management of repeat number overhead to worry about.
I know it doesn't seem like much of a problem to do a select before hand, but lets say you've got hundreds of thousands of visitors and these unique ids are tied to dynamically generated form inputs which a user could have many of, hundreds if not more, and before they generate a new one the db has to do a check. It could affect performance. Choose a suitably large number random and this would avoid this. Expect of course, for the birthday paradox http://betterexplained.com/articles/unde...y-paradox/ And some more interesting ideas solving the birthday paradox http://getsolid.io/blog/birthday-paradox-coding-solid/ But yes I do understand your point.
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
@iamthwee
Yes, you are right the probabilities are astounding. But it can also happen on the first day, or every day for a year. Unlikely but it can. And knowing me, as soon as the first paying customer tries it, it will fail and the customer will think 'This is rubbish, it does not work.'. @Narf That is a fabulous idea. Why I didn't think of that I don't know. Basing the code on the time plus a random string is brilliant. Also, the way you have done it is just fantastic. I have spent ages on php fiddle breaking it all out and trying to work out how it works. Code: $guest_code = bin2hex(pack('N', microtime(TRUE))).bin2hex(get_instance()->security->get_random_bytes(4)); Microtime is time with microseconds since epoch. Micortime = 1446237483.42 Packing it with 'N' makes sure it is 32 bits long, or four bytes, or 4 characters. bin2hex makes it all 'normal' characters and 8 in length, 2 characters per digit for hex encoding. Joined with random 4 bytes, hex encoded to 8 in length, making 16 in total. Simply Brilliant :-) I also had great fun trying to work all that out. Thanks everyone. I learned tons of stuff and that small bit of code that was bugging me I have finally put to rest :-) Best wishes, Paul.
10-30-2015, 02:12 PM
(This post was last modified: 10-30-2015, 02:15 PM by PaulD. Edit Reason: Added image ) Quote:Expect of course, for the birthday paradox Ha, I love that paradox. It is genuinely the best example of our brains being naturally a bit stupid that I know. Except of course this one: http://io9.com/5935588/why-does-this-sti...ar-to-move Image attached Both of those examples, although full explained, are always mind blowing. Best wishes, Paul. PS We crossed post each other so I missed you last post with my last post - if that makes sense.
Haha no worries about cross posting. Actually, this thread has opened my eyes on a few things. I never knew about the birthday paradox before reading this and just thought a random 16 digit string would have the same probability of collison (very low).
But when you consider if data strings already exist in the database then the birthday paradox comes into play. Obviously for huge string like GUIDs the birthday paradox is practically insignificant. Also I believe narf's solution is based on generating a truly random number, so it's more the algorithm used that is significant rather than anything else. I'm assuming rand_alnum doesn't make use of php's openssl function thingy which bin2hex does. Also, here's another perplexing question, why does the dots NOT move when you squint your eyes
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
lol
How about, even when I know exactly what it is, why does my brain refuse to accept that the face is rotating to the right, not the left. https://www.youtube.com/watch?v=sKa0eaKsdA0 Paul.
I see it rotating to the right, but half way the inner part of the mask seems to rotate to the left
(10-30-2015, 09:41 AM)PaulD Wrote: That is an awesome solution!!!! I know you already find a better solution, but I'm just curious to know why you think a recursive function is better than a loop. It seems like a lot of people hate loops. I like loops. Loops are cool!
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/ (10-30-2015, 10:10 AM)iamthwee Wrote: With a random 16 alphanumeric string, I don't even check if it is duplicated. The chances are too low. If you're still worried increase the string length. Your logic is based on the precondition that it is indeed a random string ... sadly, it's not. It looks random, but mt_rand() (which provides the "randomness" here) is not random at all; it's output is almost 100% predictable once you know the seed value, and the seed is IIRC based on the process ID. So the chances of a collision are way higher than you would expect. That's why this function is not good for cryptographic purposes. (10-30-2015, 02:33 PM)iamthwee Wrote: Also I believe narf's solution is based on generating a truly random number, so it's more the algorithm used that is significant rather than anything else. I'm assuming rand_alnum doesn't make use of php's openssl function thingy which bin2hex does. Just a little correction - bin2hex() just encodes binary data into hexadecimal strings, it's CI_Security::get_random_bytes() that provides the randomness. Also, the randomness itself is not the result of an algorithm (the uniqueness is).
Thanks for the correction, is there any particular reason why rand_alnum() and others does not make use of the security class to improve random number generation.
I'd assume it would be easy enough to change (or is it) or are there other factors to consider?
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
|
Welcome Guest, Not a member yet? Register Sign In |