Generate random password

[infinitizon]

Hi all,

I want to generate random passwords for users on my site and send it to their mail. Rather than re-invent the wheel, I came across this one with a google search

<?php
//[URL unfurl="true"]http://www.laughing-buddha.net/php/password/[/URL]
  function generatePassword ($length = 8)
  {

    // start with a blank password
    $password = "";

    // define possible characters - any character in this string can be
    // picked for use in the password, so if you want to put vowels back in
    // or add special characters such as exclamation marks, this is where
    // you should do it
    $possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";

    // we refer to the length of $possible a few times, so let's grab it now
    $maxlength = strlen($possible);
  
    // check for length overflow and truncate if necessary
    if ($length > $maxlength) {
      $length = $maxlength;
    }
	
    // set up a counter for how many characters are in the password so far
    $i = 0; 
    
    // add random characters to $password until $length is reached
    while ($i < $length) { 

      // pick a random character from the possible ones
      $char = substr($possible, mt_rand(0, $maxlength-1), 1);
        
      // have we already used this character in $password?
      if (!strstr($password, $char)) { 
        // no, so it's OK to add it onto the end of whatever we've already got...
        $password .= $char;
        // ... and increase the counter by one
        $i++;
      }

    }

    // done!
    return $password;

  }

?>

The challenge is that what if the password I just generated has already been used by another? Do I have to be running through the database to check each generated password. If I do this, wont it use up too many resources or even inundate the server?

Has anyone done this in the past, please let me know.

Thanks all

____________________
Men put up a strong face just to cover their weaknesses...good!
But a smile makes them live longer....
Which would you choose?

Think about it.

 

[spamjim]

It is highly unlikely that you will exhaust resources to check for an existing password. I assume you are already checking for an existing username.

Do you expect do have many duplicates within your range of 20 trillion passwords there?

 

[vacunita]

Agreed, checking for an existent password shouldn't use up many resources at all. besides unless you have millions of records the query is so simple it will be done very quickly and will release any resources it was using.

Just a Simple
SELECT password_field FROM database WHERE password=$password.
Is all it would take. If you get a row back, the the password has already been used. If you you don't it's fine.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[infinitizon]

Ok, thanks guys, I'd count on your judgement.

____________________
Men put up a strong face just to cover their weaknesses...good!
But a smile makes them live longer....
Which would you choose?

Think about it.