Now, I know how to make a random token with characters and numbers. But for my old upload script I had a for() method which didn't need a set parameter of characters to use. It used like char() or something. Here is what I got currently:


<?php

function TokenW($l=8) {
$parts = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$tmp_gen = "";
while(strlen($tmp) < $l) {
$tmp_gen .= $str{mt_rand(0, strlen($str))};
}
return tmp_gen;
}

echo TokenW();

?>


I revised the function for practicle use, before was just an example.


// Method by Velox Letum
function gen_pass($len) {
for ($i = 0; $i < $len; $i++) {
$password .= chr(mt_rand(0, 255));
}
return $password;
}

Moved to PHP Snippets forum :)

stuff

I don't really see any questions in there, but this:

if($l == "") {
$l = 8;
}

is not the correct way to make a parameter optional, and your snip throws parse errors because of it.

Use instead:

function nameToken($l = 8) {
$str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$tmp = "";
while(strlen($tmp) < $l) {
$tmp .= $str{mt_rand(0, strlen($str))};
}
return $tmp;
}

echo nameToken();


Most people, I think, just use md5(microtime()); to get a pseudorandom token.

edit: oops, it's supposed to be a snippet.

Actually, I often use md5(uniqid(microtime())) however I do think this method is perfectly resonable.

However, ralph is right about your optional paramaters. You can do something like this:


function funcname( $optional_var = 8 ){
// And so forth
}

Sorry ralph, didnt see that you had already explained this :)

to assign default values to arguments. If you didnt get an error when running the script, it would mean that you have a low error reporting setting. Always use error_reporting( E_ALL ); when testing scripts.

I don't really see any questions in there, but this:

if($l == "") {
$l = 8;
}

is not the correct way to make a parameter optional, and your snip throws parse errors because of it.

Use instead:

function nameToken($l = 8) {
$str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$tmp = "";
while(strlen($tmp) < $l) {
$tmp .= $str{mt_rand(0, strlen($str))};
}
return $tmp;
}

echo nameToken();


Most people, I think, just use md5(microtime()); to get a pseudorandom token.

edit: oops, it's supposed to be a snippet.

Err... this is a question. I don't want people using this! >.< I'm asking what is a better method using for() and mt_rand() and char() It was very random. And I don't want to use that because on my upload script it was uploading over files when people upload at the same time another file was. for md5(microtime()) At least thats what alot of emails were. I had at least 10 emails a day saying their images have "suddenly become another image" which only leaves the token was generated again. And witht he for() method I had I had no problem after that.

Ahh sorry, it looked like a posted code... I'll move it back.

tempnam(string directory, string prefix) creates a file with a unique name in the specified directory. That should prevent duplicates. Uploaded files should already be assigned unique ids in the server's /tmp/, but I forget exactly how that works.

Actually, I often use md5(uniqid(microtime())) however I do think this method is perfectly resonable.

However, ralph is right about your optional paramaters. You can do something like this:


function funcname( $optional_var = 8 ){
// And so forth
}

Sorry ralph, didnt see that you had already explained this :)

to assign default values to arguments. If you didnt get an error when running the script, it would mean that you have a low error reporting setting. Always use error_reporting( E_ALL ); when testing scripts.

Oh, that is how! Okay, thanks on that part. I thought if I did that it would reset $l if I inputed a number for it.

I use a combination of md5(), mt_rand(), and substr() myself, but another method might be to use an mt_rand(0,255) inside chr().

function gen_pass($len) {
for ($i = 0; $i < $len; $i++) {
$password .= chr(mt_rand(0, 255));
}
return $password;
}

Though this'll use the entire ASCII table, so for limited special chars you might limit it to 33, 127. There's still a few though, so other methods are probably better.

uniqid() works quite well alone.
It is generated from microseconds so microseconds isn't really needed. You could hash the uniqid if you need the token if you like but hashing shouldn't make it more "random" as any value always hashes to the same hash.
Writing a function to generate tokens makes only sense (to me) if you only want specific chars in the token.