how to generate a dynamic string

Question

For the security sector, I neet to create a string that is constantly changing. something like choosing as random from a array:

$arr = array ('asfsdg','t3hbwed','gwefa@','43fsd4');
$string = $arr[array_rand($arr)];

But there is no array (because the number of array items are limited) and i need to generate a string that is not already defined. In other word, How do I generate a string that its duplicate possibility be too low.

e.g: With 'a', 'b', we can generate 2*3=6 modes

a, b, ab, ba, aa, bb

e.g: With 'a', 'b', '1' , we can generate 3*3*3=27 modes

a, b, 1, ab1, 1ab, ba1, etc ...

Now i want to create a system to generate me a string that be one of the results of (for example) 'a', 'b', 'c', 'd, '1', '2', '@', '#' . In addition, the system generates a string randomly each time. some thing like this:

1ad@cb2#

EDIT

I already asked this question: How to prevent crawlers depending on XPath from getting pages contents

Now i want to create class name for my classes.

How about using http://php.net/manual/de/function.uniqid.php -> but read carefully about its hint concerning security. also, seems duplicate: http://stackoverflow.com/questions/4356289/php-random-string-generator — DerStoffel, Jun 02 '15 at 09:27
uniqid() is a good function, but a terrible choice for anything related to security. — Joel Hinz, Jun 02 '15 at 09:29
Frankly, if you're writing code that needs security considerations and you do not understand the basics of security, then stop. You *will* make a mistake and you *will* create insecure code. — Phylogenesis, Jun 02 '15 at 09:34
Perhaps you should edit your question and tell us why you want this and what for. It allows us to give you a better answer that might be more safe and secure than some random string generator. — icecub, Jun 02 '15 at 09:37
So if I understand correctly, you want to create random css class names that can't be "guessed" by the algorithm? — icecub, Jun 02 '15 at 09:50

Ashwani Goyal · Answer 1 · 2015-06-02T09:51:06.103

0

You can generate a string that is always unique by concatenating date('Ymdhis'). As you may be aware already, this will give you the unique number every time you run.

For more preciseness you can concatenate the alphabets before or after. Also, you can encrypt it with PHP encryption functions.

Only a sample example. for telling purpose what i want to say above:-

 <?php

echo 's'.date('Ymdhis').'<br>';
echo 's'.time('his');

?>

edited Jun 02 '15 at 09:51

answered Jun 02 '15 at 09:30

Ashwani Goyal

616
4
18

Can you give me a example of `date(Ymdhis)` ? – Jun 02 '15 at 09:33
i gave it, please check. you are flexible to use formats. – Ashwani Goyal Jun 02 '15 at 09:40
if answer seems good to you then either mark it as an answer or vote it up. thanks. it will help others. – Alive to die - Anant Jun 02 '15 at 09:47
it is better to use timestampto avoid unnecessary conversions or even microtime – splash58 Jun 02 '15 at 09:47
It is good, but is't safe. Anyone can understand my generation algorithm easily and guesses the next string. anyway tnx – Jun 02 '15 at 09:48
for that purpose you can use `time`. it also given in my code. – Ashwani Goyal Jun 02 '15 at 09:51
Your algorithm changes only one character within 60 seconds, Producing a string by date and time is easily hacked. – Jun 02 '15 at 10:27

Geoff Atkins · Accepted Answer · 2015-07-04T08:31:46.267

0

If you just want a random string, here's a function I used to generate tokens for validation emails. You simply call it and define how long you want the string to be. You can add additional characters to the $alphanum array to include uppercase letters or special characters.

function getToken($length = 10) {
    $alphanum = str_split('abcdefghijklmnopqrstuvwxyz0123456789-_',1);
    $token = '';
    while (strlen($token) <= $length) {
      $token .= $alphanum[array_rand($alphanum)];
    }
    return $token;
}

To chain this to return an array of multiple tokens (default of three, and all of which will be checked as unique):

function getTokens($length = 10, $count = 3) {
    $alphanum = str_split('abcdefghijklmnopqrstuvwxyz0123456789-_',1);
    $output = array();
    while (count($output) <= $count) {
        $token = '';
        while (strlen($token) <= $length) {
          $token .= $alphanum[array_rand($alphanum)];
        }
        if (!in_array($output,$token)) {
          $output[] = $token;
        }
    }
    return $output;
}

edited Jul 04 '15 at 08:31

answered Jun 02 '15 at 09:32

Geoff Atkins

1,693
1
17
23

duplicate answer: http://stackoverflow.com/questions/4356289/php-random-string-generator – DerStoffel Jun 02 '15 at 09:35
@stack - no, it uses the length as the limit of how it populates the token (which starts as an empty string and is then populated in the while loop. It's a fairly commonly used segment of code and variants of it can be found all over the new, DerStoffel is right that it has been answered before. I'd like to think that my version is slightly more refined. – Geoff Atkins Jun 02 '15 at 09:55
Can you tell me, Approximately how much time you take to runs (your function)? I want to know that it is optimal for each page of my website, i run this function ? – Jun 02 '15 at 10:22
I've never run a performance test on it, but from experience it's negligible. – Geoff Atkins Jun 02 '15 at 10:25
I have a new question, how can i generate 3 strings (once execute function). And how to be sure that the three strings are not duplicate? – Jun 03 '15 at 15:20
@stack - I've edited my answer with an additional option to do what you want, and yes - it will check that they all of the tokens returned are unique. – Geoff Atkins Jun 04 '15 at 09:02

alex436 · Answer 3 · 2015-06-02T09:48:50.423

0

DO NOT use uniqid() for security purposes. Instead you can use openssl_random_pseudo_bytes()

If you want something that looks like an hexadecimal string you can write

bin2hex(openssl_random_pseudo_bytes(256))

would ouput for example

49f82a54d8015699bef300c7e6e2f9307b235def885c88d35b4251dc3a6033e9d4560ff241c7afdb5a409cb267f4ee1455930381c018fd52515266f1b85ea618362355c878070509909b46af6d0338ba550a2308183fcac9e64ea87c7e3d0cf68cd9e0ebd1bb6aaf1f78fd9ee38083c32131354ed3585ad2fde8d101ddfd021e0d97ef9da0739ad92ac7cf50ae77aae408939fe84009a1e856e3bc68aeeca7908f5d8686187d712a1c0995cba63fb77ded7d9767dddd056bfba550a24235b78e26e8447a537cd426dd923649f2c293f6cf07154aae599dda07b6814c3c842acc15be33ea20b4dcfde543f2849261d5b44ed5d4c102043c0b26f00e55d17f0622

edited Jun 02 '15 at 09:48

answered Jun 02 '15 at 09:40

alex436

120
8

Can you give me a example ?! – Jun 02 '15 at 09:41
I did it and give me a error: **Call to undefined function openssl_random_pseudo_bytes()** – Jun 02 '15 at 09:50
i made an error previously you need to use bin2hex instead of dechex. although that will not solve your problem. which version of php are you using? openssl_random_pseudo_bytes is normally built-in (in php >= 5.3 as stated in the manual) – alex436 Jun 02 '15 at 09:51
I couldn't do that, I think my php version is old, anyway tnx – Jun 02 '15 at 10:16

how to generate a dynamic string

3 Answers3