Home/ Questions/Q 7844707
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T16:58:21+00:00

I have a system set up to generate random codes. It creeates hundreds of

  • 0

I have a system set up to generate random codes. It creeates hundreds of thousands of them:

function createRandomPassword() {
    $chars = "abcdefghijklmnopqrstuvwxyz0123456789";

    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }
    return $pass;
}

Basically this function is used to loop through and give me my desired number of results. However, its VERY important that nobody can get a handful of these codes and figure a way to predict more of them from a given formula or something. Is this possible with my current system? Or is there a way I can make my current system more secure to prevent people from predicting more of the codeS?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I doubt people can easily predict a way to generate more of those codes, unless they have your php code of course.

    You could store the valid codes in the database and check whether the entered code is one generated by you by checking whether or not it exists in the ‘valid_codes’ table.

    Or….

    What I might do is try to add a verification string to the $pass code, so that you can check, after the user enters the passcode, that the code is indeed a valid code (generated by you).

    For example, this would add a 6-character verification string to the end of $pass:

    function createRandomPassword() {
    $chars = "abcdefghijklmnopqrstuvwxyz0123456789";

    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }

    // NEW STUFF HERE
    $salt = 'my_secret_salt';
    // generate an md5 of $pass + our salt
    $verification_md5 = md5($pass . $salt);
    // $verification_code = the first 6 characters of that md5
    $verification_code = substr($verification_md5, 0, 6);

    $pass = $pass . $verification_code;

    return $pass;
}

    Then, when someone enters your code, you can check whether this is a ‘valid’ code by checking the first 6 characters of the md5() + salt of the code they entered(minus the last 6 characters, of course).

    • 0