Usually for user activation tokens I need good entropy in my randomness. Solutions based upon:
- str_shuffle
- shuffle
- rand
Use time-based randomness therefore, any random slug for user activation can be predictable. On the other hand solutions based upon openssl_random_pseudo_bytes
offer better randomness.
So, using the following pieces of code can be useful:
Example 1:
Just a random string:
// Set appropriate length
$length = 10;
$token = substr(base64_encode(openssl_random_pseudo_bytes(100)),0,$length);
Example 2
Random alphanumeric string:
// Set appropriate length
$length = 10;
$pool = base64_encode(openssl_random_pseudo_bytes(100));
// If no need for numbers use '/[^a-zA-Z]/' instead
$pool = preg_replace('/[^a-zA-Z0-9]/',"",$pool);
$token = substr($pool,0,$length);
Top comments (0)