Generating passwords in PHP

There are those things you encounter again and again and again. Generating passwords is one of those. My experience is that whenever an application needs to be created which deals with user account creation, it is best to let my application create a password for the user.

Why? Simply, I am lazy.

Good developers and users alike are and should be thus lazy that they should not want to think of a new password. All they need is to just generate one with a click and jot it down somewhere!
I have now encountered three or four separate applications which dealt with user creation and every time I have turned to Google and find a method for generating passwords which I subsequently adapt for my own specific application.

To help myself and perhaps you (who probably came from the Google website as well) I have posted (one of) my password generating method(s). The code which I have used here is originally from someone else but I forgot to mention this in my source file. If you recognize this code as your own please comment it so I can give recognition where due. Thought I must comment that I have changed it quite a bit..

/**
 * This method generates a random character value between the 33(!) and 126(~)
 * @return int
 */
function getRandomNum()
{
    $rndNum = rand(0,100) *10; // between 0 - 1000
    $rndNum = ($rndNum % 94) + 33; // rndNum from 33 - 127
    return $rndNum;
}

/**
 * Check if a character value is a special / punctuation character, if so returns true
 * @param int $num
 * @return boolean
 */
function checkPunc($num)
{
    if ((($num >=33) && ($num <=47))
    || (($num >=58) && ($num <=64))
    || (($num >=91) && ($num <=96))
    || (($num >=123) && ($num <=126))) {
        return true;
    }
    return false;
}

/**
 * Generates a new password, if the length parameter equals false then
 * a random length is chosen between 5 and 15 characters long.
 * @param int|boolean $length
 * @param boolean $noPunctuation
 * @return string
 */
function generatePassword($length = 8, $noPunctuation = true)
{
    $password = '';
    if ($length === false) {
        $length = rand(5,15);
    }
    for ($i=0; $i < $length; $i++) {
        $numI = getRandomNum();
        while ($noPunctuation && checkPunc($numI)) {
            $numI = getRandomNum();
        }
        $password .= chr($numI);
    }
    return $password;
}

Update 11-01-2009:
As it seems I had to implement a password generator in javascript today.
So I Googled one and found it on http://psacake.com/web/ei.asp. This version funnily looks the same as the PHP version posted above, perhaps they share the same roots?
Anyhow, here it is:

function generatePassword(length, punction, randomLength)
{
    if (parseInt(navigator.appVersion) < = 3) {
        alert("Sorry this only works in 4.0 browsers");
        return true;
    }

    if (!length) length = 8;
    var password = "";

    if (randomLength) {
        length = Math.random();
        length = parseInt(length * 100);
        length = (length % 7) + 6
    }

    for (i=0; i < length; i++) {
        numI = getRandomNum();
        if (!punction) {
            while (checkPunc(numI)) {
                numI = getRandomNum();
            }
        }
        password = password + String.fromCharCode(numI);
    }
    return password;
}

function getRandomNum()
{
    // rndNum from 0 - 1000
    rndNum = parseInt(Math.random() * 1000);
    // rndNum from 33 - 127
    rndNum = (rndNum % 94) + 33;
    return rndNum;
}

function checkPunc(num)
{
    if (((num >=33) && (num < = 47))
    || ((num >=58)  && (num < = 64))
    || ((num >=91)  && (num < = 96))
    || ((num >=123) && (num < = 126))) {
        return true;
    }
    return false;
}

Leave a Reply

Your email address will not be published. Required fields are marked *