PHP 随机字符串生成器

2022-01-30 00:00:00 string random php

我正在尝试在 PHP 中创建一个随机字符串,但我绝对没有输出:

I'm trying to create a randomized string in PHP, and I get absolutely no output with this:

<?php
    function RandomString()
    {
        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $randstring = '';
        for ($i = 0; $i < 10; $i++) {
            $randstring = $characters[rand(0, strlen($characters))];
        }
        return $randstring;
    }

    RandomString();
    echo $randstring;

我做错了什么?

推荐答案

这个问题有很多答案,但没有一个利用 加密安全伪随机数生成器 (CSPRNG).

There are a lot of answers to this question, but none of them leverage a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG).

简单、安全、正确的答案是使用 RandomLib 并且不要重新发明轮子.

The simple, secure, and correct answer is to use RandomLib and don't reinvent the wheel.

对于那些坚持发明自己的解决方案的人,PHP 7.0.0 将提供 random_int() 为此目的;如果您仍在使用 PHP 5.x,我们为 random_int() 这样您甚至可以在升级到 PHP 7 之前使用新的 API.

For those of you who insist on inventing your own solution, PHP 7.0.0 will provide random_int() for this purpose; if you're still on PHP 5.x, we wrote a PHP 5 polyfill for random_int() so you can use the new API even before you upgrade to PHP 7.

安全生成随机整数在 PHP 中 不是一项简单的任务.在生产环境中部署本地算法之前,您应该始终与您的常驻 StackExchange 加密专家联系.

Safely generating random integers in PHP isn't a trivial task. You should always check with your resident StackExchange cryptography experts before you deploy a home-grown algorithm in production.

有了安全的整数生成器,使用 CSPRNG 生成随机字符串就像在公园里散步.

With a secure integer generator in place, generating a random string with a CSPRNG is a walk in the park.

/**
 * Generate a random string, using a cryptographically secure 
 * pseudorandom number generator (random_int)
 *
 * This function uses type hints now (PHP 7+ only), but it was originally
 * written for PHP 5 as well.
 * 
 * For PHP 7, random_int is a PHP core function
 * For PHP 5.x, depends on https://github.com/paragonie/random_compat
 * 
 * @param int $length      How many characters do we want?
 * @param string $keyspace A string of all possible characters
 *                         to select from
 * @return string
 */
function random_str(
    int $length = 64,
    string $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
): string {
    if ($length < 1) {
        throw new RangeException("Length must be a positive integer");
    }
    $pieces = [];
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $pieces []= $keyspace[random_int(0, $max)];
    }
    return implode('', $pieces);
}

用法:

$a = random_str(32);
$b = random_str(8, 'abcdefghijklmnopqrstuvwxyz');
$c = random_str();

演示:https://3v4l.org/IMJGF(忽略 PHP5 次失败;它需要 random_compat)

Demo: https://3v4l.org/IMJGF (Ignore the PHP 5 failures; it needs random_compat)

相关文章