0

I want to generate unique and random numbers or IDs which I can use them for email verification, account reset, member invitation purposes, etc

for instance,

http://mywebsite.com/member/9a5af103cd540aa 
http://mywebsite.com/invite/regitration/eef0dd2e0199640 
http://mywebsite.com/reset/account/eef0dd2e0199640

Here I the code I plan to use, do you think it is safe and 'bullet proof'? 

$rand = substr(hash('sha512',uniqid(rand(), true)), 0, 15);
echo $rand;

Or any better options?

Thanks.

EDIT:

I have looked into a couple of options after getting the suggestions from here:

com_create_guid

function create_guid()
{
    if (function_exists('com_create_guid') === true)
    {
        return trim(com_create_guid(), '{}');
    }

    # fallback to mt_rand if php < 5 or no com_create_guid available
    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));

    //return substr(hash('sha512',uniqid(rand(), true)), 0, 15);
}

openssl_random_pseudo_bytes

function generate_password($length = 24) {

    if(function_exists('openssl_random_pseudo_bytes')) {
        $password = base64_encode(openssl_random_pseudo_bytes($length, $strong));
        if($strong == TRUE)
            return substr($password, 0, $length); //base64 is about 33% longer, so we need to truncate the result
    }

    # fallback to mt_rand if php < 5.3 or no openssl available
    $characters = '0123456789';
    $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/+'; 
    $charactersLength = strlen($characters)-1;
    $password = '';

    # select some random characters
    for ($i = 0; $i < $length; $i++) {
        $password .= $characters[mt_rand(0, $charactersLength)];
    }        

    return $password;
}

I found these two functions from php.net.

But my main concern is - are the numbers/ IDs generated by these two functions unique?

mt_rand - this generate randomness but not uniqueness as far as I understand - am I right?

Improve this question
1
  • instead of base64_encode i would use bin2hex Commented Mar 6, 2014 at 11:56

3 Answers 3

Reset to default
3

You can use openssl_random_pseudo_bytes () function to generate as many random bytes as you like.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Well, if you generate 32 bytes with this function I would say they will be unique enough.
0

You can generate a GUID which for all intents and purposes is unique.

Improve this answer

1 Comment

It is in the category Windows Only Extensions.
0

I think for the purposes you list, it's by far unique enough. But I'd still check for duplicates, just to be sure. The chances are pretty small, but nonetheless, still there.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.