Unique random password and license number stored with one action

Question

I'm currently working on a project where users are logging into a portal for education. Users are supposed to log in with randomly generated licenses and passwords.

Why do they need to be random?

The users are part of a workplace where someone in charge of safety has decided that everyone hired needs to take part in a "fire hazards of the workplace" education. This in order to maintain a required level of safety in the workspace.

The person in charge of safety places an order for the twenty employees. An admin of the education-portal confirms the order and generates 20 licenses and passwords. The keys generate and stores within the database under "user" and then get sent to the company that ordered them. Once the employees receive the login information they can attach their name to a license to prove that they've passed the education.

Anyway I'm having trouble creating and storing the key in mysql. Here's my current code.

{
function genRandomString($length = 10) {
    $characters = ‘0123456789abcdefghijklmnopqrstuvwxyz’;
    $string = ”;
    for ($p = 0; $p < $length; $p++) {
        $string .= $characters[mt_rand(0, strlen($characters))];
    }

    return $string;

INSERT INTO user(email, company, courseID, no_licenses, password, licenseid)

    VALUES('{$_POST['email']}','{$_POST['company']}','{$_POST['courseID']}', '{$_POST['antal']}', '{genRandomString, . random_string(10)}',{'genRandomString, . random_string(10)'})

Right now I'm using this to test the genRandomString. The random string comes out as just "genRandomString" and not a random string at all. Does anyone know why the function wont work?

This is my first question here. I'm sorry if i formatted it wrong or anything.

Thanks in advance.

I tried a combination of some of the answers and I'm thankful. It seems to be generating a random string now although insertion of the data is not occuring. I'm getting a couple of undefined variable errors. I'm not sure what's wrong.

  Notice: Use of undefined constant ‘0123456789abcdefghijklmnopqrstuvwxyz’ - assumed '‘0123456789abcdefghijklmnopqrstuvwxyz’' in C:\xampp\htdocs\Webbprojekt\admin.php on line 15
”gim�ts2ymc
Notice: Undefined variable: pass in C:\xampp\htdocs\Webbprojekt\admin.php on line 28

Notice: Undefined variable: license in C:\xampp\htdocs\Webbprojekt\admin.php on line 29

Notice: Undefined variable: sql in C:\xampp\htdocs\Webbprojekt\admin.php on line 31

Notice: Undefined variable: pass in C:\xampp\htdocs\Webbprojekt\admin.php on line 32

Notice: Undefined variable: license in C:\xampp\htdocs\Webbprojekt\admin.php on line 34
Error, insert query failed

here's the entire code.

<head>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
  <title>Generera Licenser</title>
</head>

<?php
include('template.php');

if(isset($_POST['email']))

{
function genRandomString($length = 10) {
    $characters = ‘0123456789abcdefghijklmnopqrstuvwxyz’;
    $string = '”';
    for ($p = 0; $p < $length; $p++) {
        $string .= $characters[mt_rand(0, strlen($characters))];
    }

    return $string;
}

echo genRandomString();

    $query = <<<END
     $pass = genRandomString();
     $license = genRandomString(); 
     $sql = "INSERT INTO
 user(email, company, courseID, antal, password, licenseid) 
 VALUES('{$_POST['email']}','{$_POST['company']}','{$_POST['courseID']}',  
        '{$_POST['antal']}', '$pass','$license')";


END;
    $mysqli->query($query) or die ('Error, insert query failed');

echo 'Nya licenser har lagts till i databasen';

}
 $content = <<<END
 <div class="row">
         <div class="container">
            <div class="jumbotron">

          <div class="container">

  <h2>Generera Licenser</h2>


            <form action="admin.php" method="post">
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="company" placeholder="Företag">
              </div>
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="email" placeholder="Email">
              </div>
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="antal" placeholder="Antal licenser">
              </div>
              <div class="form-group">
                <div class="checkbox">
                    <label>
                        <input type="checkbox" aria-describedby="basic-addon1" name="courseID">Licenser till Webbutbildningen i Allmän brandskyddskunskap
                    </label>
                </div>

                 <div class="checkbox">
                    <label>
                        <input type="checkbox" aria-describedby="basic-addon1" name="role">Skapa en ny administrativ användare
                    </label>
                </div>
                </div>
              <input type="submit" class="btn btn-default" value="Beställ">
              </form>
            </div><!-- Stänger jumbotronen --> 
         </div><!-- Stänger container --> 
      </div><!-- Stänger row --> 
END;
  echo $navigation;
  echo $content;
  echo $header;
  ?>

you've a whole bunch of curly quotes and some missing quotes. — Funk Forty Niner, Apr 04 '16 at 12:11
why use the extra comma `'{genRandomString, . random_string(10)}'` here? — Murad Hasan, Apr 04 '16 at 12:20
Your code is not complete, try adding full code so we can explain. As the curly bracket is opened at starting and function ends no where — Nehal, Apr 04 '16 at 12:22
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Apr 04 '16 at 12:35

Hamza Zafeer · Answer 1 · 2016-04-04T12:34:33.560

function genRandomString($length = 10) {
   $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
   $string = "";
   for ($p = 0; $p < $length; $p++) {
      $string .= $characters[mt_rand(0, strlen($characters))];
   }
  return $string; 
}

echo genRandomString();

Here is your function working, check it.

And if you are facing issues in inserting it into DB. then i think create variables and then use that variables in your query like given in the following.

$email= //get your email
$company= //get your company
$courseId= //get your courseId
$company= //get your no_licenses
$password= //get your password
$licenseid= //get your licenseid

INSERT INTO user(email, company, courseID, no_licenses, password, licenseid)
values ($email,$company,$courseId,$no_licenses,$password,$licenseid)

score 0 · Accepted Answer · answered Apr 04 '16 at 12:39

Function genRandomString seems ok. But the manner you manipulate the string during sql creation seems very odd to me.

What about this:

$pass = genRandomString();
$license = genRandomString(); 
$sql = "INSERT INTO
 user(email, company, courseID, no_licenses, password,    licenseid) 
 VALUES('{$_POST['email']}','{$_POST['company']}','{$_POST['courseID']}',  
        '{$_POST['antal']}', '$pass','$license')";

Unique random password and license number stored with one action

2 Answers2