Almost every project has an authentication system. In order to authenticate you will need a username and a password.
It is safe to keep the passwords encrypted in the database. That way even the system administrator doesn't know and can't find out the passwords.
But what if a user forgets his password? The soultion to this question is to Generate a new password and send an email with it to the user (we can't send him his forgotten password, since it's encrypted).
The next class will help us Generate random password. Next options are available:
- Length of the password
- Include numbers
- Include lower letters
- Include upper letters
Our class contains 4 methods:
- makeSeed - make seed
- generateNumber - generates number
- generateLetter - generates lower case or upper case letter
- generatePassword - main method
Generate Password Class
<?php
/**
* generate random password
*
*/
class GeneratePassword
{
/**
*
* @param integer $number_of_chars
* @param integer $include_number,
* 1 - include numbers , 0 - do not include numbers
* @param integer $include_lower_letter,
* 1 - include lower letter, 0 - do not include lower letter
* @param integer $include_upper_letter,
* 1 - include upper letter, 0 - do not include upper letter
* @return string
*/
function Generate(
$number_of_chars = 12, $include_number = 1,
$include_lower_letter=1, $include_upper_letter=1 )
{
//init password
$pswd = "";
$last_character = '';
//while password length < number of characters
while( strlen( $pswd ) < $number_of_chars )
{
//seed the random number generator
srand( $this->makeSeed() );
$ch_type = (rand() % 2);
$character = '';
//if ch_type == 0 generate number
if( $ch_type == 0 && $include_number == 1 )
{
$character = $this->generateNumber();
}
//generate letter
else
{
mt_srand( $this->makeSeed() );
$letter_type = mt_rand( 0,9);
$letter_type = $letter_type % 2;
//generate upper case letter
if(
( $letter_type == 0 &&
$include_upper_letter == 1 )
||
( $include_lower_letter == 0 &&
$include_upper_letter == 1 )
)
{
$character = $this->generateLetter( 0 );
}
//generate lower case letter
if( ( $letter_type == 1
&& $include_lower_letter == 1 )||
( $include_lower_letter == 1
&& $include_upper_letter == 0 ) )
{
$character = $this->generateLetter( 1 );
}
//include number = 0,
//include upper = 0, include lower = 0
if( $character == ''
&& $include_number == 0 )
{
$character = $this->generateLetter( $letter_type );
}
}
if( $character != '' )
{
$pswd .= $character;
}
}
return $pswd;
}
//end generatePassword method
/**
* generate number
*
* @return character 0-9
*/
function generateNumber()
{
mt_srand( $this->makeSeed() );
$character = mt_rand( 0,9);
return $character;
}
//end generateNumber method
/**
* generate lower or upper case letter
*
* @param integer_type $letter_type,
* 0 - upper case, 1 - lower case, 2 - random
* @return character a-zA-Z
*/
function generateLetter( $letter_type = '2')
{
//make seed
mt_srand( $this->makeSeed() );
//if letter_type == '2', either lower case or upper case
if( $letter_type == '2' )
{
$letter_type = mt_rand( 0,9);
$letter_type = $letter_type % 2;
}
//generate lower case letter
if( $letter_type == 1 )
{
mt_srand( $this->makeSeed());
$character = mt_rand( 97,122);
}
//generate upper case letter
if( $letter_type == 0 )
{
mt_srand( $this->makeSeed());
$character = mt_rand( 65,90);
}
$character = chr( $character );
return $character;
}
//end generateLetter method
/**
* makeSeed
*
* @return float
*/
function makeSeed()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
//end makeSeed method
}
?>
|
This is how you use it:
<?php
//include generate password class
include_once( 'GeneratePassword.php' );
//create object generator
$generator = new GeneratePassword();
//generate a 12 characters password,
//with lower and upper case letters, and no numbers
$new_password_1 = $generator->Generate( 12, 0, 1, 1 );
//generate only numbers
$new_password_2 = $generator->Generate( 12, 1, 0, 0 );
//generate numbers and letters
$new_password_2 = $generator->Generate( 12, 1, 1, 1 );
?>
|
Now the only thing left to do, is to update the new encrypted password into database, and send new password to the user.
To encrypt the password into database, use MySQL's PASSWORD() function. This encryption is one way, which means is not reversible. Here is an example.
INSERT INTO users( name, pass )
VALUES( '$name', PASSWORD( $new_password ) )
|
|
