Version: 1.1

Type: Sample Code (HOWTO)

Category: Algorithms

License: GNU General Public License

Description: This is a secure password generator. It uses random seeds to assure best randomization. It comes in the form of three strengths: 1) Uberstrong (A-Z, a-z, 0-9, special chars (ie. !@#$%&*(), etc), 26 chars in length. 2) Strong (A-Z, a-z, 0-9), 26 chars in length. 3) Strong-but-compatible (A-Z, a-z, 0-9), 12 chars in length. I have tested them all on securitystats.com and they have given good results (Uberstrong gives full security, Strong and Strong-but-compatible gives about 80% security). All code reasonably commented, so you should be able to get around it alright.



<?php
	// mtpwd.php
	// Version 1.1
	//
	// Current usage instructions:
	// The best way to use this now, is to require("mtpwd.php") or include("mtpwd.php")
	// and call the functions like that, instead of just copying and pasting
	// all the code into your own script.
	//
	// To use it:
	//
	// $uberstrong = mtpwd(MTPWD_UBERSTRONG);
	// $strong		= mtpwd(MTPWD_STRONG);
	// $compatible	= mtpwd(MTPWD_COMPATIBLE);
	//
	// Version history:
	// 1.1: Made everything function based instead of just plain code
	// 1.0: Initial release, everything is just code samples.
	// 
	// ** NOTES ON GENERATED PASSWORDS **
	// You may need to generate a few to make sure
	// that a wide range of characters are available (specially the
	// compatible password, it sometimes may not contain numbers).
	//
	// This is just to be 100% secure. For randomly generated passwords
	// used inside PHP sign-up pages, this will be quite suffice to just use
	// the first password it spits out.
	//
	// You can usually never go wrong with the Uberstrong password.
	//
	// DO NOT BE ALARMED IF THE TEST DOES NOT SHOW THE LAST TWO PASSWORDS
	// this is because some characters cause the browser to break, but this
	// will have no difficulties when storing the passwords in databases, text
	// files, or variables.
	//
	// This code was written by Josh Finlay
	// josh@uranganfisheries.com.au

	// some configuration constants
	define("MTPWD_UBERSTRONG", "0");
	define("MTPWD_STRONG", "1");
	define("MTPWD_COMPATIBLE", "2");

	// Generates a random seed to use with rand()
	function make_seed() {
   	list($usec, $sec) = explode(' ', microtime());
   	return (float) $sec + ((float) $usec * 1000003);
	}
	function mtpwd($type) {
		// Generate an array of characters to use (excluding special characters)  
		for ($x = 48; $x < 58; $x++) {
			$spar[] = $x;
		}
		for ($x = 65; $x < 91; $x++) {
			$spar[] = $x;
		}
		for ($x = 97; $x < 123; $x++) {
			$spar[] = $x;
		}
		// end of array generation

		if ($type == MTPWD_UBERSTRONG) {
			// Generate an Uberstrong password of A-Z, a-z, 0-9, and special characters (eg. %, #, $, etc)
			// Password length is no greater than 26, may be too long for some purposes.
			$uspwd = '';
			for ($i = 0; $i < 27; $i++) {
				srand(make_seed());
				$uspwd .= chr(rand(33, 126));
			}
			return $uspwd;
		}
		// Below is code for the Strong (and strong-but-compatible) passwords
		// These do not contain any special characters
		elseif ($type == MTPWD_STRONG) {
			// Generate Strong password with a length no greater than 26 characters
			// This may not be suitable for some purposes, due to length restrictions.
			$spwd = '';
			for ($i = 0; $i < 27; $i++) {
				srand(make_seed());
				$spwd .= chr($spar[rand(0, count($spar)-1)]);
			}
			return $spwd;
		}
		elseif ($type == MTPWD_COMPATIBLE) {
			// Generate Strong-but-compatible
			// This is the same characters as a Strong password but is shorter to be
			// used in more situations. This has a password length of 12.
			$wpwd = '';
			for ($i = 0; $i < 13; $i++) {
				srand(make_seed());
				$wpwd .= chr($spar[rand(0, count($spar)-1)]);
			}
			return $wpwd;
		}
		else { return "INVALID TYPE"; }
	}
	// end of code.
	
	// this is some demo code, uncomment it to try it out.
	//print "<pre>";
	//print "Uberstrong: ".mtpwd(MTPWD_UBERSTRONG);
	//print "\nStrong: ".mtpwd(MTPWD_STRONG);
	//print "\nCompatible: ".mtpwd(MTPWD_COMPATIBLE);
	//print "</pre>";
?>