PHP生成随机密码的4种方法及性能对比_PHP教程-php教程-PHP中文网

首页

后端开发

php教程

PHP生成随机密码的4种方法及性能对比_PHP教程

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 13, 2016 am 09:54 AM

php

PHP生成随机密码的4种方法及性能对比

使用PHP开发应用程序，尤其是网站程序，常常需要生成随机密码，如用户注册生成随机密码，用户重置密码也需要生成一个随机的密码。随机密码也就是一串固定长度的字符串，这里我收集整理了几种生成随机字符串的方法，以供大家参考。

PHP生成随机密码的4种方法及性能对比

方法一：

1、在 33 – 126 中生成一个随机整数，如 35，

2、将 35 转换成对应的ASCII码字符，如 35 对应 #

3、重复以上 1、2 步骤 n 次，连接成 n 位的密码

该算法主要用到了两个函数，mt_rand ( int $min , int $max )函数用于生成随机整数，其中 $min – $max 为 ASCII 码的范围，这里取 33 -126 ，可以根据需要调整范围，如ASCII码表中 97 – 122 位对应 a – z 的英文字母，具体可参考 ASCII码表； chr ( int $ascii )函数用于将对应整数 $ascii 转换成对应的字符。

view sourceprint?

<ol class="dp-c"><li class="alt"><span><span class="keyword">function</span><span> create_password(</span><span class="vars">$pw_length</span><span> = 8) </span></span></li><li><span>{ </span></li><li class="alt"><span>    <span class="vars">$randpwd</span><span> = </span><span class="string">''</span><span>; </span></span></li><li><span>    <span class="keyword">for</span><span> (</span><span class="vars">$i</span><span> = 0; </span><span class="vars">$i</span><span> < </span><span class="vars">$pw_length</span><span>; </span><span class="vars">$i</span><span>++)  </span></span></li><li class="alt"><span>    { </span></li><li><span>        <span class="vars">$randpwd</span><span> .= </span><span class="func">chr</span><span>(mt_rand(33, 126)); </span></span></li><li class="alt"><span>    } </span></li><li><span>    <span class="keyword">return</span><span> </span><span class="vars">$randpwd</span><span>; </span></span></li><li class="alt"><span>} </span></li><li><span> </span></li><li class="alt"><span><span class="comment">// 调用该函数，传递长度参数$pw_length = 6</span><span> </span></span></li><li><span><span class="func">echo</span><span> create_password(6); </span></span></li></ol>

方法二：

1、预置一个的字符串 $chars ，包括 a – z，A – Z，0 – 9，以及一些特殊字符

2、在 $chars 字符串中随机取一个字符

3、重复第二步 n 次，可得长度为 n 的密码

view sourceprint?

<ol class="dp-c"><li class="alt"><span><span class="keyword">function</span><span> generate_password( </span><span class="vars">$length</span><span> = 8 ) { </span></span></li><li><span>    <span class="comment">// 密码字符集，可任意添加你需要的字符</span><span> </span></span></li><li class="alt"><span>    <span class="vars">$chars</span><span> = </span><span class="string">'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'</span><span>; </span></span></li><li><span> </span></li><li class="alt"><span>    <span class="vars">$password</span><span> = </span><span class="string">''</span><span>; </span></span></li><li><span>    <span class="keyword">for</span><span> ( </span><span class="vars">$i</span><span> = 0; </span><span class="vars">$i</span><span> < </span><span class="vars">$length</span><span>; </span><span class="vars">$i</span><span>++ )  </span></span></li><li class="alt"><span>    { </span></li><li><span>        <span class="comment">// 这里提供两种字符获取方式</span><span> </span></span></li><li class="alt"><span>        <span class="comment">// 第一种是使用 substr 截取$chars中的任意一位字符；</span><span> </span></span></li><li><span>        <span class="comment">// 第二种是取字符数组 $chars 的任意元素</span><span> </span></span></li><li class="alt"><span>        <span class="comment">// $password .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);</span><span> </span></span></li><li><span>        <span class="vars">$password</span><span> .= </span><span class="vars">$chars</span><span>[ mt_rand(0, </span><span class="func">strlen</span><span>(</span><span class="vars">$chars</span><span>) - 1) ]; </span></span></li><li class="alt"><span>    } </span></li><li><span> </span></li><li class="alt"><span>    <span class="keyword">return</span><span> </span><span class="vars">$password</span><span>; </span></span></li><li><span>} </span></li></ol>

方法三：

1、预置一个的字符数组 $chars ，包括 a – z，A – Z，0 – 9，以及一些特殊字符

2、通过array_rand()从数组 $chars 中随机选出 $length 个元素

3、根据已获取的键名数组 $keys，从数组 $chars 取出字符拼接字符串。该方法的缺点是相同的字符不会重复取。

view sourceprint?

<ol class="dp-c"><li class="alt"><span><span class="keyword">function</span><span> make_password( </span><span class="vars">$length</span><span> = 8 ) </span></span></li><li><span>{ </span></li><li class="alt"><span>    <span class="comment">// 密码字符集，可任意添加你需要的字符</span><span> </span></span></li><li><span>    <span class="vars">$chars</span><span> = </span><span class="keyword">array</span><span>(</span><span class="string">'a'</span><span>, </span><span class="string">'b'</span><span>, </span><span class="string">'c'</span><span>, </span><span class="string">'d'</span><span>, </span><span class="string">'e'</span><span>, </span><span class="string">'f'</span><span>, </span><span class="string">'g'</span><span>, </span><span class="string">'h'</span><span>,  </span></span></li><li class="alt"><span>    <span class="string">'i'</span><span>, </span><span class="string">'j'</span><span>, </span><span class="string">'k'</span><span>, </span><span class="string">'l'</span><span>,</span><span class="string">'m'</span><span>, </span><span class="string">'n'</span><span>, </span><span class="string">'o'</span><span>, </span><span class="string">'p'</span><span>, </span><span class="string">'q'</span><span>, </span><span class="string">'r'</span><span>, </span><span class="string">'s'</span><span>,  </span></span></li><li><span>    <span class="string">'t'</span><span>, </span><span class="string">'u'</span><span>, </span><span class="string">'v'</span><span>, </span><span class="string">'w'</span><span>, </span><span class="string">'x'</span><span>, </span><span class="string">'y'</span><span>,</span><span class="string">'z'</span><span>, </span><span class="string">'A'</span><span>, </span><span class="string">'B'</span><span>, </span><span class="string">'C'</span><span>, </span><span class="string">'D'</span><span>,  </span></span></li><li class="alt"><span>    <span class="string">'E'</span><span>, </span><span class="string">'F'</span><span>, </span><span class="string">'G'</span><span>, </span><span class="string">'H'</span><span>, </span><span class="string">'I'</span><span>, </span><span class="string">'J'</span><span>, </span><span class="string">'K'</span><span>, </span><span class="string">'L'</span><span>,</span><span class="string">'M'</span><span>, </span><span class="string">'N'</span><span>, </span><span class="string">'O'</span><span>,  </span></span></li><li><span>    <span class="string">'P'</span><span>, </span><span class="string">'Q'</span><span>, </span><span class="string">'R'</span><span>, </span><span class="string">'S'</span><span>, </span><span class="string">'T'</span><span>, </span><span class="string">'U'</span><span>, </span><span class="string">'V'</span><span>, </span><span class="string">'W'</span><span>, </span><span class="string">'X'</span><span>, </span><span class="string">'Y'</span><span>,</span><span class="string">'Z'</span><span>,  </span></span></li><li class="alt"><span>    <span class="string">'0'</span><span>, </span><span class="string">'1'</span><span>, </span><span class="string">'2'</span><span>, </span><span class="string">'3'</span><span>, </span><span class="string">'4'</span><span>, </span><span class="string">'5'</span><span>, </span><span class="string">'6'</span><span>, </span><span class="string">'7'</span><span>, </span><span class="string">'8'</span><span>, </span><span class="string">'9'</span><span>, </span><span class="string">'!'</span><span>,  </span></span></li><li><span>    <span class="string">'@'</span><span>,</span><span class="string">'#'</span><span>, </span><span class="string">'$'</span><span>, </span><span class="string">'%'</span><span>, </span><span class="string">'^'</span><span>, </span><span class="string">'&'</span><span>, </span><span class="string">'*'</span><span>, </span><span class="string">'('</span><span>, </span><span class="string">')'</span><span>, </span><span class="string">'-'</span><span>, </span><span class="string">'_'</span><span>,  </span></span></li><li class="alt"><span>    <span class="string">'['</span><span>, </span><span class="string">']'</span><span>, </span><span class="string">'{'</span><span>, </span><span class="string">'}'</span><span>, </span><span class="string">'<'</span><span>, </span><span class="string">'>'</span><span>, </span><span class="string">'~'</span><span>, </span><span class="string">'`'</span><span>, </span><span class="string">'+'</span><span>, </span><span class="string">'='</span><span>, </span><span class="string">','</span><span>,  </span></span></li><li><span>    <span class="string">'.'</span><span>, </span><span class="string">';'</span><span>, </span><span class="string">':'</span><span>, </span><span class="string">'/'</span><span>, </span><span class="string">'?'</span><span>, </span><span class="string">'|'</span><span>); </span></span></li><li class="alt"><span> </span></li><li><span>    <span class="comment">// 在 $chars 中随机取 $length 个数组元素键名</span><span> </span></span></li><li class="alt"><span>    <span class="vars">$keys</span><span> = </span><span class="func">array_rand</span><span>(</span><span class="vars">$chars</span><span>, </span><span class="vars">$length</span><span>);  </span></span></li><li><span> </span></li><li class="alt"><span>    <span class="vars">$password</span><span> = </span><span class="string">''</span><span>; </span></span></li><li><span>    <span class="keyword">for</span><span>(</span><span class="vars">$i</span><span> = 0; </span><span class="vars">$i</span><span> < </span><span class="vars">$length</span><span>; </span><span class="vars">$i</span><span>++) </span></span></li><li class="alt"><span>    { </span></li><li><span>        <span class="comment">// 将 $length 个数组元素连接成字符串</span><span> </span></span></li><li class="alt"><span>        <span class="vars">$password</span><span> .= </span><span class="vars">$chars</span><span>[</span><span class="vars">$keys</span><span>[</span><span class="vars">$i</span><span>]]; </span></span></li><li><span>    } </span></li><li class="alt"><span> </span></li><li><span>    <span class="keyword">return</span><span> </span><span class="vars">$password</span><span>; </span></span></li><li class="alt"><span>} </span></li></ol>

方法四：

本方法是本文被蓝色理想转载后，一名网友提供的一个新方法，算法简单，代码简短，只是因为md5()函数的返回值的缘故，生成的密码只包括字母和数字，不过也算是一个不错的方法。算法思想：

1、time() 获取当前的 Unix 时间戳

2、将第一步获取的时间戳进行 md5() 加密

3、将第二步加密的结果，截取 n 位即得想要的密码

view sourceprint?

<ol class="dp-c"><li class="alt"><span><span class="keyword">function</span><span> get_password( </span><span class="vars">$length</span><span> = 8 )  </span></span></li><li><span>{ </span></li><li class="alt"><span>    <span class="vars">$str</span><span> = </span><span class="func">substr</span><span>(md5(time()), 0, 6); </span></span></li><li><span>    <span class="keyword">return</span><span> </span><span class="vars">$str</span><span>; </span></span></li><li class="alt"><span>} </span></li></ol>

时间效率对比

我们使用以下PHP代码，计算上面的 4 个随机密码生成函数生成 6 位密码的运行时间，进而对他们的时间效率进行一个简单的对比。

view sourceprint?

<ol class="dp-c"><li class="alt"><span><span><?php </span></span></li><li><span><span class="keyword">function</span><span> getmicrotime() </span></span></li><li class="alt"><span>{ </span></li><li><span>    list(<span class="vars">$usec</span><span>, </span><span class="vars">$sec</span><span>) = </span><span class="func">explode</span><span>(</span><span class="string">" "</span><span>,microtime()); </span></span></li><li class="alt"><span>    <span class="keyword">return</span><span> ((float)</span><span class="vars">$usec</span><span> + (float)</span><span class="vars">$sec</span><span>); </span></span></li><li><span>} </span></li><li class="alt"><span> </span></li><li><span><span class="comment">// 记录开始时间</span><span> </span></span></li><li class="alt"><span><span class="vars">$time_start</span><span> = getmicrotime(); </span></span></li><li><span> </span></li><li class="alt"><span><span class="comment">// 这里放要执行的PHP代码，如:</span><span> </span></span></li><li><span><span class="comment">// echo create_password(6);</span><span> </span></span></li><li class="alt"><span> </span></li><li><span><span class="comment">// 记录结束时间</span><span> </span></span></li><li class="alt"><span><span class="vars">$time_end</span><span> = getmicrotime(); </span></span></li><li><span><span class="vars">$time</span><span> = </span><span class="vars">$time_end</span><span> - </span><span class="vars">$time_start</span><span>; </span></span></li><li class="alt"><span> </span></li><li><span> <span class="comment">// 输出运行总时间 </span><span> </span></span></li><li class="alt"><span><span class="func">echo</span><span> </span><span class="string">"执行时间 $time seconds"</span><span>; </span></span></li><li><span>?> </span></li></ol>

最终得出的结果是：

方法一：9.8943710327148E-5 秒

方法二：9.6797943115234E-5 秒

方法三：0.00017499923706055 秒

方法四：3.4093856811523E-5 秒

可以看出方法一和方法二的执行时间都差不多，方法四运行时间最短，而方法三的运行时间稍微长点。

声明

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系admin@php.cn

您如何防止与会议有关的跨站点脚本（XSS）攻击？Apr 23, 2025 am 12:16 AM

要保护应用免受与会话相关的XSS攻击，需采取以下措施：1.设置HttpOnly和Secure标志保护会话cookie。2.对所有用户输入进行输出编码。3.实施内容安全策略(CSP)限制脚本来源。通过这些策略，可以有效防护会话相关的XSS攻击，确保用户数据安全。

您如何优化PHP会话性能？Apr 23, 2025 am 12:13 AM

优化PHP会话性能的方法包括：1.延迟会话启动，2.使用数据库存储会话，3.压缩会话数据，4.管理会话生命周期，5.实现会话共享。这些策略能显着提升应用在高并发环境下的效率。

什么是session.gc_maxlifetime配置设置？Apr 23, 2025 am 12:10 AM

thesession.gc_maxlifetimesettinginphpdeterminesthelifespanofsessiondata，setInSeconds.1）它'sconfiguredinphp.iniorviaini_set（）.2）abalanceIsiseededeedeedeedeedeedeedto to to avoidperformance andununununununexpectedLogOgouts.3）

您如何在PHP中配置会话名？Apr 23, 2025 am 12:08 AM

在PHP中，可以使用session_name()函数配置会话名称。具体步骤如下：1.使用session_name()函数设置会话名称，例如session_name("my_session")。2.在设置会话名称后，调用session_start()启动会话。配置会话名称可以避免多应用间的会话数据冲突，并增强安全性，但需注意会话名称的唯一性、安全性、长度和设置时机。

您应该多久再生一次会话ID？Apr 23, 2025 am 12:03 AM

会话ID应在登录时、敏感操作前和每30分钟定期重新生成。1.登录时重新生成会话ID可防会话固定攻击。2.敏感操作前重新生成提高安全性。3.定期重新生成降低长期利用风险，但需权衡用户体验。

如何在PHP中设置会话cookie参数？Apr 22, 2025 pm 05:33 PM

在PHP中设置会话cookie参数可以通过session_set_cookie_params()函数实现。1)使用该函数设置参数，如过期时间、路径、域名、安全标志等；2)调用session_start()使参数生效；3)根据需求动态调整参数，如用户登录状态；4)注意设置secure和httponly标志以提升安全性。