How to generate a random secure password using php
Updated: 09-Nov-2022 / Tags: PHP Tutorials / Views: 3536 - Author: George
Introduction
Hello everyone, in this tutorial we are going to see how to generate a good and strong random password using php. But let's first define a strong password.
Let's say someone writes a script that generates all possible combinations of characters to find your password. This is also called a brute-force attack. Eventually in time the attacker will crack your password. So a strong password is a password that would take a very long time to crack (thousands of years).
If i had to write such a script, i would check for all lowercase combinations first, then i would move to the uppercase letters, then to digits, then to symbols, and last i would mix them all together. And don't forget the password's length. The script has to run against any possible length.
So a strong password is a password that consists of all four sets of characters, lowercase, uppercase, digits, and symbols, and it has to be at least 8 characters long.
So i wrote two functions to generate a strong and secure password.
The first function will return a fixed length password, and the second will return the length that we specify.
Let's see them.
Random password function 1
The first function is creating a password that is eight characters long, and consists of all four character sets.
/**
* The random_password() function creates an eight characters long strong password.
* The password consists of 2 lowercase letters, 2 uppercase letters,
* 2 digits, and 2 symbols.
* @param The function takes no arguments.
* @return string | the random password.
*/
function random_password(){
$random_characters = 2;
$lower_case = "abcdefghijklmnopqrstuvwxyz";
$upper_case = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$numbers = "1234567890";
$symbols = "!@#$%^&*";
$lower_case = str_shuffle($lower_case);
$upper_case = str_shuffle($upper_case);
$numbers = str_shuffle($numbers);
$symbols = str_shuffle($symbols);
$random_password = substr($lower_case, 0, $random_characters);
$random_password .= substr($upper_case, 0, $random_characters);
$random_password .= substr($numbers, 0, $random_characters);
$random_password .= substr($symbols, 0, $random_characters);
return str_shuffle($random_password);
}
Breakdown the function
Let's breakdown the random_password() function, but first let me say, that i could have written the function with less lines of code, but i wanted to make the code simple to understand.
-
In line 8 we define the random_password() function. The function doesn't need any parameters.
function random_password(){
-
In line 9 we creating a variable named $random_characters and we set its value to 2. This means that we are going to take two characters from every character set.
$random_characters = 2;
-
In the next code-block we define some variables and assign the character sets to them.
$lower_case = "abcdefghijklmnopqrstuvwxyz"; $upper_case = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $numbers = "1234567890"; $symbols = "!@#$%^&*";
- In line 11 we assign all lowercase letters to the $lower_case variable.
- In line 12 we take all the uppercase letters and assign them to the $uppercase variable.
- We do the same thing with the numbers in line 13.
- And last in line 14 we have the $symbols variable which will hold our set of special characters.
-
In the next code-block we are going to randomize every character set. To do this we are going to use the str_shuffle() function.
$lower_case = str_shuffle($lower_case); $upper_case = str_shuffle($upper_case); $numbers = str_shuffle($numbers); $symbols = str_shuffle($symbols);
- In line 16, we randomize the lowercase character set and we store the result back to the $lower_case variable.
- We do the same thing with the other three character sets as well in line 17, 18, 19.
-
In the next code-block we take from each character set the first two characters and we add them to the $random_password variable.
$random_password = substr($lower_case, 0, $random_characters); $random_password .= substr($upper_case, 0, $random_characters); $random_password .= substr($numbers, 0, $random_characters); $random_password .= substr($symbols, 0, $random_characters);
-
In line 21 we use the substr() function to get the first two characters of the randomized
lowercase characters set. The substr() function takes three arguments. In the first argument we pass in the string
from which we will extract the characters. In the second argument we define from where we start, in our case
we starting from zero. And in the last argument we define how many characters we want to extract. In our case we want two.
Now our $random_password variable is holding two random lowercase letters. -
In line 22 we do the same thing, but here we extract from the upper case string the two characters that we want,
and adding them to the $random_password variable.
Now our $random_password variable is holding two random lowercase letters, and two random uppercase letters. -
In line 23 we take two random digits from the $numbers character set, and adding them again to the
$random_password variable.
Now our $random_password variable is holding two random lowercase letters, two random uppercase letters, and two digits. -
And last in line 24 we take the first two randomized symbols, and one more time we add them to the
$random_password variable.
Now our $random_password variable is eight characters long and holds two characters of every character set.
-
In line 21 we use the substr() function to get the first two characters of the randomized
lowercase characters set. The substr() function takes three arguments. In the first argument we pass in the string
from which we will extract the characters. In the second argument we define from where we start, in our case
we starting from zero. And in the last argument we define how many characters we want to extract. In our case we want two.
-
And in line 26 we shuffle again the $random_password, and return it.
return str_shuffle($random_password);
-
Now if we run the function ...
echo random_password();
... we will get an eight character long password that consists of lowercase, uppercase, digits, and symbols.
// %G3iA$8w
And this is is strong password. You can check it here Password entropy calculator
Now let's see the second function that i wrote.
Random password function 2
The difference that this function has from the previous one, is that with this function we define how many characters we want from each character set.
/**
* The function will create a random password.
* The length of the password will be determined from the function's parameters.
* @param int $lower [number of lowercase characters]
* @param int $upper [number of uppercase characters]
* @param int $digits [number of digits]
* @param int $special_characters [number of symbols]
* @return string [The generated password]
*/
function random_password($lower, $upper, $digits, $special_characters){
$lower_case = "abcdefghijklmnopqrstuvwxyz";
$upper_case = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$numbers = "1234567890";
$symbols = "!@#$%^&*";
$lower_case = str_shuffle($lower_case);
$upper_case = str_shuffle($upper_case);
$numbers = str_shuffle($numbers);
$symbols = str_shuffle($symbols);
$random_password = substr($lower_case, 0, $lower);
$random_password .= substr($upper_case, 0, $upper);
$random_password .= substr($numbers, 0, $digits);
$random_password .= substr($symbols, 0, $special_characters);
return str_shuffle($random_password);
}
Function breakdown
-
The function takes four parameters, in the first parameter we define the number of lowercase letters, in the second parameter we set the number of uppercase letters, in the third parameter we define the number of digits, and in the fourth parameter we define the number of symbols.
function random_password($lower, $upper, $digits, $special_characters)
-
The second difference is, that in the substr() function we pass-in as the third argument the respective function's parameter.
$random_password = substr($lower_case, 0, $lower); $random_password .= substr($upper_case, 0, $upper); $random_password .= substr($numbers, 0, $digits); $random_password .= substr($symbols, 0, $special_characters);
-
Now if we run the function and pass-in the below arguments ...
echo random_password_2(3, 2, 3, 2);
... we will get a 10 characters long password that has 3 lowercase letters, 2 uppercase letters, 3 digits, and 2 symbols.
// T^tL0b5%4j
Summary
It is very important that we use strong passwords in any account that we create, and also its very important to change our passwords every few months.
AIn this tutorial we saw how to write a function to generate a random secure passwords with php.
I hope you liked it.
Last Words
Thanks for reading, i hope you find the article helpful.
Please leave a comment if you find any error's, so i can update the page with the correct code.
Or you just can say hi.
Source code
You can download the source code and use it in any way you like.
Times downloaded: 172
Comment section
You can leave a comment, it will help me a lot.
Or you can just say hi. 😉