Random Password Generation

Wednesday, June 25th, 2008 at 10:42pm, in Randomising, written by Stefan Ashwell

A common feature found on many websites upon user registration are random passwords. This tutorial will walk you through a script that generates a random password to a given length.

For this script we will be creating a PHP function to generate the code. I will not discuss functions in great detail here and so I will presume you know pretty much what they are and how and why they are useful. Put simply, using a function to do the work you can use it from anywhere in your application and therefore do not need to rewrite code. I will also presume you know where to put the function (or indeed you have your own preference as to where you put your functions for use). If you want to read up on functions in more detail before continuing the PHP manual should point you in a good direction.

function randomPassword($length, $allow = "abcdefghijklmnopqrstuvwxyz0123456789") {

Anyway, onto the code. We've named our function randomPassword. You can of course name it whatever you like relevant to your purpose, just remember to change all references to it in the code! The function has two parameters - $length and $allow. The $length parameter is simply the length of the password you wish to generate. The $allow parameter is optional. This sets what characters you wish to generate the password from. By default we have set it to generate from lower case letters and numbers 0 - 9.

$i = 1;
while ($i <= $length) {

Next up, we will create a loop that loops the number of times you have set in the $length parameter. Therefore in this loop we will generate 1 random character and add it to the final random password...

$max = strlen($allow)-1;
$num = rand(0, $max);

The above code generates a random number between 0 and the number of characters passed in the $allow parameter minus 1. So if there are 20 characters a random number is generated between 0 and 19 - this is because the substr() function used in the next code references the first character of a string as 0 rather than 1.

$temp = substr($allow, $num, 1);
$ret = $ret . $temp;

Above, a random character is chosen from the $allow parameter using the substr() function. This character is then added onto the $ret variable which will be our random password.

$i++;
}
return $ret;
}

The code above ends the loop and returns the generated password. Pretty basic stuff to be honest. Our function is now complete! All that is left to do now is run the function in our code to generate a password where we need to. This is done simply like so:

$password = randomPassword(10);

The above example will generate a random password 10 characters long. Here's another example.

$password = randomPassword(10, '0123456789');

The above example will generate a random password 10 characters long and made up of only numbers.

Hope this tutorial has helped! To finish off, here's the full function listing:

function randomPassword($length, $allow = "abcdefghijklmnopqrstuvwxyz0123456789") {
$i = 1;
while ($i <= $length) {
$max = strlen($allow)-1;
$num = rand(0, $max);
$temp = substr($allow, $num, 1);
$ret = $ret . $temp;
$i++;
}
return $ret;
}