0

I have function to generate activation key when user creates new account.
How to check generated key is not generated in the past for other user

Database fields

username
password
email
activationcode

Function

function random_string($length) {
$key = '';
$keys = array_merge(range(0, 9),range('A', 'Z'), range(0, 9), range('a', 'z'));

for ($i = 0; $i < $length; $i++) {
    $key .= $keys[array_rand($keys)];
}

return $key;
}

Code

echo random_string(65);
3
Contributors
7
Replies
23
Views
2 Years
Discussion Span
Last Post by vizz
0

Does it really matter? Usually the activation key is used once in conjunction with the email address, a combination which is probably unique already.

Apart from, my personal solution would be to make the database column a unique key, insert the activation, and if it fails generate a new key and try again. You can always choose to have a stored procedure do this for you.

0

I made little change in code.

I'm not deleting activation key after activation is done. What about Following code

echo  $key=md5(random_string(65).time());

if activation key insertion to databse fails, then how to generate it again ?

0

Use a do .. while loop to keep trying until it succeeds. Make sure to add an escape (e.g. at 100 tries) to break the loop to avoid a hang.

0

If you are going to do it like this, perhaps avoid array functions in favour of string functions as they are a lot faster. In my tests a comparable string script runs twice as fast:

<?php

function get_code($length)
{
    $chars = '0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $max = strlen($chars) - 1;
    $output = '';
    for($x=0;$x<$length;$x++) $output .= substr($chars, mt_rand(0,$max),1);
    return $output;
}

function random_string($length) {
    $key = '';
    $keys = array_merge(range(0, 9),range('A', 'Z'), range(0, 9), range('a', 'z'));
    for ($i = 0; $i < $length; $i++) {
        $key .= $keys[array_rand($keys)];
    }
    return $key;
}

echo "STRING CODE<br />";

$start = microtime(true);

for($i=0;$i<10000;$i++) $me = get_code(65);

$end = microtime(true);

echo ($end - $start) . "<br />";


echo "ARRAY CODE<br />";

$start = microtime(true);

for($i=0;$i<10000;$i++) $me2 = random_string(65);

$end = microtime(true);

echo ($end - $start) . "<br />";

?>

However, if you're just running this once with it being the main function, then I doubt if it will make any difference at all. If the activation string is long enough, then I can't really see you ever getting a duplicate, even if various 'randomize' functions aren't really that random. And as pritaeas points out, it shouldn't really matter. You'd use the combination of email and activation code to activate anyway.

Edited by diafol

0

How is the following, combine email + random key?

$key=md5(random_string(65).time());

$actkey=md5($email);
$actkey.$key;

md5($email) creates constant code & and adding random key to it surely creates random activation key, I think so, What you say?

$actkey is unique for every email,

AND

$key is random

0

Technically the same hash can still be generated for different emails ($actkey is not 100% guaranteed unique, the email itself probably is), and the same hash for a different random, although less likely.

In short, I'd use:

$email . $key

or

base64_encode($email . $key)

assuming email is unique in your table.

Edited by pritaeas

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.