Web Cash

If you’re working on a user-management system, you may find it useful to be able to create a random password for users.

Some systems generate these initially and have the user log in to set a permanent password. You might also have a “Reset” button, where the script generates a random password and e-mails it to the user.

This quick tutorial will show you how to create an 8 character random password containing a mix of letters and numbers. Or, if you’re impatient, jump straight to the function’s source code

There are plenty of ways to do this. The simplest method would be to take a random number, generate an md5 hash, and then use the first 8 characters as the password.

$password = md5( time() );
$password = substr($password, 0, 8);

But this doesn’t guarantee you an even mix of upper case letters, lower case letters, and numbers. To do that, we’ll need to use a few simple php functions and build a short script.

Build a Loop to Create Eight Characters

We’ll start our script by creating a blank string, looping eight times, and entering a character in the string each time.

$password = '';
for ($x = 0; $x < 8; $x++) {
   $password .= 'a';
}

This creates a blank string ($password) and iterates a loop eight times. At this point, the loop simply enters the letter ‘a’ into $password – so you end output should be ‘aaaaaaaa.’

Generate Random Characters

Now we need to generate random characters to go inside of the string. To do this, we can make use of the rand() and chr() functions. Replace the loop contents with this line.

$password = chr( rand(60, 95) );

chr() takes an integer and returns the ASCII equivalent of that number. In this case, we’re using rand() to get a number between 60 and 95 – so we should get an uppercase letter in return. Our random password should now contain eight random upper-case letters.

Randomly Enter Uppercase, Lowercase, and Numbers

To make the random password more secure, we should randomize whether the new character is a number, an upper-case letter, or a lower-case letter. We can execute a simple “switch” statement to randomly choose which type of character to enter.

Replace the loop contents with this new snippet.

switch ( rand(1, 3) ) {
 
   //  Add a random digit, 0-9
   case 1:
   $password .= rand(0, 9);
   break;
 
   //  Add a random upper-case letter
   case 2:
   $password .= chr( rand(65, 90) );
   break;
 
   //  Add a random lower-case letter
   case 3:
   $password  .= chr( rand(97, 122) );
   break;
}

We’re using rand(1, 3) to randomly choose which case to execute. Each case then enters a different type of character in the string. The first case simply returns a random digit. The second and third cases use chr() and rand() to return a random character.

At this point, the script should give you an eight-character password with a random mix of uppercase letters, lowercase letters, and numbers. Now you can e-mail the password to the user, take a hash of the password, and store it in the database.

For reference, here’s the entire script placed in a function.

function randPassword() {
   $password = '';
 
   for ($x = 1; $x <= 8; $x++) {
      switch ( rand(1, 3) ) {
 
      //  Add a random digit, 0-9
      case 1:
      $password .= rand(0, 9);
      break;
 
      //  Add a random upper-case letter
      case 2:
      $password .= chr( rand(65, 90) );
      break;
 
      //  Add a random lower-case letter
      case 3:
      $password  .= chr( rand(97, 122) );
      break;
      }
   }
 
   return $password;
}

Tags: code, function, password, php, Security, snippet, tutorial, user