[PHP] [REL] Password Generator Script

Earlier on today I released a PHP password generator that I created and a few people asked for the source codes to it -- I am not releasing the FULL site, but what I will release is the function I had created to generate the functions.

Use it as you wish, I'm not bothered about credits, but it would be nice!

Function:

PHP Code:

---

function GeneratePassword( $l, $s, $n, $uc, $lc )
{
    /** ABOUT THE PARAMETERS
      * $l  - integer - length of the password to be generated
      * $s  - integer - include symbols in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $n  - integer - include numbers in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $uc - integer - include upper-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $lc - integer - include lower-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      */
    
    $symbols               = "¬!\"£$%^&*()_+{}:@~<>?`-=[];'#,./";
    $numbers               = "1234567890";
    $upper                 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $lower                 = "abcdefghijklmnopqrstuvwxyz";
    $characters_to_include = "";
    $password              = "";
    
    if ( $s == "1" ) $characters_to_include .= $symbols;
    if ( $n == "1" ) $characters_to_include .= $numbers;
    if ( $uc == "1" ) $characters_to_include .= $upper;
    if ( $lc == "1" ) $characters_to_include .= $lower;
    
    /*none selected*/
    if ( !$s || !$n || !$uc || !$lc ) $characters_to_include = $numbers . $upper . $lower;
    /*none selected*/
    
    for( $p = 1; $p <= $l; $p++ )
    {
        $password .= substr( $characters_to_include, mt_rand( $p, strlen( $characters_to_include ) ), 1 );
    }
    return htmlentities( $password );
} 


---

Usage:

PHP Code:

---

<?php
echo GeneratePassword( 7, 0, 1, 1, 1 );
?>

---

Result:
Will generate a 7 digit long password consisting of numbers, lower-case and upper-case letters.

Enjoy,
m0nsta.

Cool man, I'll add this to my common functions.

No worries, hope it helps!

Woah, nice, adding this to my library :P

I'm not a php pro but what does this script do in the website? Does it works like Cryptographic hash function?

Quote:

---

Originally Posted by NubPro

I'm not a php pro but what does this script do in the website? Does it works like Cryptographic hash function?

---

This release is a PHP function. It requires multiple parameters, and returns a string. Based on the parameters entered, the string returned will be a possible option for a random password for you or anyone of your users to use.

He has documentation at the start of the function to tell you which each parameter is.

PHP Code:

---

function GeneratePassword( $l, $s, $n, $uc, $lc )
{
    /** ABOUT THE PARAMETERS
      * $l  - integer - length of the password to be generated
      * $s  - integer - include symbols in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $n  - integer - include numbers in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $uc - integer - include upper-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $lc - integer - include lower-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      */ 


---

In terms of the code itself, it is alright. Right off the bat, I suggest that you use booleans instead of integers that only handle 0/1 (for the parameters).

From the looks of the code, this line:

PHP Code:

---

if ( !$s || !$n || !$uc || !$lc ) $characters_to_include = $numbers . $upper . $lower; 


---

will not act as wanted. The comments claim that the if will only be true if nothing is selected, i.e. the last 4 parameters are all 0[false]. The problem is that this will return true if even one of them is set to 0[false]. Change each || to && to fix this.

There are one or two things you could simplify about the code, but it may hinder on customizability or/and novice end-developers(i.e. people using this code in their scripts) understanding of the function.

For example, you could remove the $upper variable and instead use

PHP Code:

---

if ( $uc == "1" ) $characters_to_include .= strtoupper($lower); 


---

I like how it returns a string after it has been 'secured' via the htmlentities function; this is very good, especially since it may be displayed to the end user.

For added customizability, you could make the configuration variables - currently hardcoded in to the functions - take their data from globals (ex. $GLOBAL['lower']). This would allow the end-developer to easily change a certain configuration variable for this function in the midst of doing pretty much anything else.
But, since this is a relatively simplistic function, and one that most people won't need to change the configuration variables, let alone in the midst of doing something else in the code.. this probably would add more hassle than anything.

My last minor suggestion would be to use english-esque variable names for something with this many parameters. You do this for the most part throughout the function - except for the parameters. If someone forgets what the parameters mean, then they would have to reread the documentation within the function. If you used english-esque variable names, ex. $includeUpper instead of $uc, then most people would be able to look at the parameter names and immediately know exactly what they are used for.

Quote:

---

Originally Posted by timebomb

This release is a PHP function. It requires multiple parameters, and returns a string. Based on the parameters entered, the string returned will be a possible option for a random password for you or anyone of your users to use.

He has documentation at the start of the function to tell you which each parameter is.

PHP Code:

---

function GeneratePassword( $l, $s, $n, $uc, $lc )
{
    /** ABOUT THE PARAMETERS
      * $l  - integer - length of the password to be generated
      * $s  - integer - include symbols in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $n  - integer - include numbers in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $uc - integer - include upper-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      * $lc - integer - include lower-case characters in the password (VALUES: '1' or '0' -- 1=yes, 0=no)
      */ 


---

In terms of the code itself, it is alright. Right off the bat, I suggest that you use booleans instead of integers that only handle 0/1 (for the parameters).

From the looks of the code, this line:

PHP Code:

---

if ( !$s || !$n || !$uc || !$lc ) $characters_to_include = $numbers . $upper . $lower; 


---

will not act as wanted. The comments claim that the if will only be true if nothing is selected, i.e. the last 4 parameters are all 0[false]. The problem is that this will return true if even one of them is set to 0[false]. Change each || to && to fix this.

There are one or two things you could simplify about the code, but it may hinder on customizability or/and novice end-developers(i.e. people using this code in their scripts) understanding of the function.

For example, you could remove the $upper variable and instead use

PHP Code:

---

if ( $uc == "1" ) $characters_to_include .= strtoupper($lower); 


---

I like how it returns a string after it has been 'secured' via the htmlentities function; this is very good, especially since it may be displayed to the end user.

For added customizability, you could make the configuration variables - currently hardcoded in to the functions - take their data from globals (ex. $GLOBAL['lower']). This would allow the end-developer to easily change a certain configuration variable for this function in the midst of doing pretty much anything else.
But, since this is a relatively simplistic function, and one that most people won't need to change the configuration variables, let alone in the midst of doing something else in the code.. this probably would add more hassle than anything.

My last minor suggestion would be to use english-esque variable names for something with this many parameters. You do this for the most part throughout the function - except for the parameters. If someone forgets what the parameters mean, then they would have to reread the documentation within the function. If you used english-esque variable names, ex. $includeUpper instead of $uc, then most people would be able to look at the parameter names and immediately know exactly what they are used for.

---

You are awesome. And yeah, I totally forgot about the || and &&! I never even thought to check.

The only reason I used 0/1 to handle the characters and not booleans was because I was using checkboxes on a form, and I was passing the values of the checkbox straight through to the script rather than processing them as booleans etc. If that makes sense?

Thanks for the help too!

why not just use booleans instead of 1 or 0

Quote:

---

Originally Posted by iAkira

why not just use booleans instead of 1 or 0

---

I coded the script how I wanted it - I wasn't intending to release the script in the first place so I coded it to my preferences. I got asked to release the script several times so I just copied and pasted what I had done.

It was a suggestion, but I like the script itself, never thought of doing this like it is, nick work :]

Quote:

---

Originally Posted by m0nsta.

I coded the script how I wanted it - I wasn't intending to release the script in the first place so I coded it to my preferences. I got asked to release the script several times so I just copied and pasted what I had done.

---

Quote:

---

Originally Posted by iAkira

It was a suggestion, but I like the script itself, never thought of doing this like it is, nick work :]

---

Yeah I wasn't having a go at you haha, I was just saying :P

But yeah - thanks for the feedback! :-]

Well I wanted to test some function which I benchmarked and my result:

PHP Code:

---

<?php
/*
    $l :: the length of your password
    $s :: (1 to include symbols) (0 for no symbols)
    $n :: (1 to include numbers) (0 for no numbers)
    $uc :: (1 to include no upper-case letters) (0 for no upper-case letters)
    $lc :: (1 to include no lower-case letters) (0 for no lower-case letters)
*/

function GeneratePassword( $l, $s, $n, $uc, $lc) {
   $d = array('', '', '', '');
   foreach(range('A', 'z') as $i) {
         if(mb_strlen($d[2]) != 26) $d[2] .= $i; //uppercase letters
         else if(mb_strlen($d[0]) != 6) $d[0] .= $i; //symbols
         else  break; 
   }
   foreach(range('0', '9') as $i) $d[1] .= $i; //numbers
   foreach (range('!', '/') as $i) $d[0] .= $i; //more symbols
   $d[3] .= strtolower($d[2]); //lowercase letters

   $characters_to_include = '';
   $password = '';

   $arg = func_get_args();
   for ($i = 1; $i < 5; $i++) {
     if ($arg[$i] == '1') {
      $characters_to_include .= $d[$i-1];
     } 
   }

   if ( !$s && !$n && !$uc && !$lc ) $characters_to_include = $d[0].$d[2].$d[3];

   for( $p = 1; $p <= $l; $p++ ){
     $password .= substr($characters_to_include, mt_rand($p, strlen($characters_to_include)), 1);
   }
  return htmlentities($password);
}

echo GeneratePassword(5, 0, 1, 1, 1);
?>

---

Quote:

---

Originally Posted by iAkira

Well I wanted to test some function which I benchmarked and my result:

PHP Code:

---

<?php
/*
    $l :: the length of your password
    $s :: (1 to include symbols) (0 for no symbols)
    $n :: (1 to include numbers) (0 for no numbers)
    $uc :: (1 to include no upper-case letters) (0 for no upper-case letters)
    $lc :: (1 to include no lower-case letters) (0 for no lower-case letters)
*/

function GeneratePassword( $l, $s, $n, $uc, $lc) {
   $d = array('', '', '', '');
   foreach(range('A', 'z') as $i) {
         if(mb_strlen($d[2]) != 26) $d[2] .= $i; //uppercase letters
         else if(mb_strlen($d[0]) != 6) $d[0] .= $i; //symbols
         else  break; 
   }
   foreach(range('0', '9') as $i) $d[1] .= $i; //numbers
   foreach (range('!', '/') as $i) $d[0] .= $i; //more symbols
   $d[3] .= strtolower($d[2]); //lowercase letters

   $characters_to_include = '';
   $password = '';

   $arg = func_get_args();
   for ($i = 1; $i < 5; $i++) {
     if ($arg[$i] == '1') {
      $characters_to_include .= $d[$i-1];
     } 
   }

   if ( !$s && !$n && !$uc && !$lc ) $characters_to_include = $d[0].$d[2].$d[3];

   for( $p = 1; $p <= $l; $p++ ){
     $password .= substr($characters_to_include, mt_rand($p, strlen($characters_to_include)), 1);
   }
  return htmlentities($password);
}

echo GeneratePassword(5, 0, 1, 1, 1);
?>

---

---

Holy shit, that looks cool :)

Ha, thanks. Your code is cleaner, mines a bit more complex than yours.

Quote:

---

Originally Posted by m0nsta.

Holy shit, that looks cool :)

---

Thanks of the release. Great job.