How to generate php token? Analysis of token generation in PHP

The content shared with you in this article is about the analysis of token generation in PHP. It has certain reference value. Friends in need can refer to it.

Background

Many times we need to use tokens as some identifiers, such as: the authentication identifier after a user logs in.

Implementation Method

md5 method:

$v = 1; // 自己定义的 需要hash 的value 值
$key = mt_rand(); // 这里用 随机串作为key
$hash = md5($key . $v . mt_rand() . time());
echo $hash;

Execution result: b63426a38f86b726ce0d327d48e47376 It doesn’t look very comfortable, and as an obsessive-compulsive disorder, I can’t stand it.

md5 base64 method

$v = 1;
$key = mt_rand();
$hash = md5($key . $v . mt_rand() . time());
$token = base64_encode($hash);
echo $token;

Execution result: MWQyMjE2NmI3NDA1MmRjZTQwOTQzZDZjMWU1OTE5OGU= It looks a little more comfortable, but not good enough. On the other hand, WeChat’s openid generally does not have the = sign

Optimization

$v = 1;
$key = mt_rand();
$hash = md5($key . $v . mt_rand() . time());
$token = str_replace('=', '', base64_encode($hash));
echo $token;

Execution results: Yzg4MWU0OTQ0MTRiZTI0YWYwMDJjOTYyODBkNjFmMTM There is no = number now, which is more comfortable, but it is too long. WeChat’s openid is not that long

Change the hash and try

sha1 base64 method

$v = 1;
$key = mt_rand();
$hash = hash_hmac("sha1", $v . mt_rand() . time(), $key, true);
$token = str_replace('=', '', base64_encode($hash));
echo $token;

Execution result: 7pn0pWzO /TOoISNtDaewa4CyuXw It is shorter, but there is a / sign in it, in many cases When passing by get, it will be urlcoded. After urlcode, it will be like this7pn0pWzO+/TOoISNtDaewa4CyuXw, which is obviously not what we want

Continue to optimize

$v = 1;
$key = mt_rand();
$hash = hash_hmac("sha1", $v . mt_rand() . time(), $key, true);
$token = str_replace('=', '', strtr(base64_encode($hash), '+/', '-_'));
echo $token;

Execution results: JM9AkY7SAIROrJ7fhjIU2ApbMsI I don’t know how to urlcode now, and it looks more comfortable. This is what I use now...

But is this the best solution?

I haven’t found any better solution so far, I just mentioned what I think is a better solution

Related recommendations:

php queue processing: php message Queue implementation principle (picture and text)

How to understand abstract classes and abstract methods in PHP? (with code)

The above is the detailed content of How to generate php token? Analysis of token generation in PHP. For more information, please follow other related articles on the PHP Chinese website!