Welcome to WebmasterWorld Guest from 54.162.155.183

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

How to create unique 10-digit random alphanumeric codes?

such as 87i6se3Hfs or 7Gjg668dOh, etc

     
5:06 pm on Aug 28, 2004 (gmt 0)



How can I create unique 10-digit random alphanumeric codes, such as 87i6se3Hfs or 7Gjg668dOh, etc?

I know I probably could have a loop that runs 10 times to get this code, but how can I be sure it's unique everytime? And it should have some kind of a security that keeps people from changing one of two digits/letters to get another valid code. It's like a checksum on your credit card number, I guess.

Thanks.

5:27 pm on Aug 28, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sounds like a job for uniqid() [fr.php.net]
6:51 pm on Aug 28, 2004 (gmt 0)

10+ Year Member



Sounds like a job for uniqid()

Thank's that's something I can use.
8:58 pm on Aug 28, 2004 (gmt 0)



Thanks.

But does it have a security feature in it? Can someone change one or two characters arbitraly to get soneone else's valid code?

I'm planning to give the ID to the users but I don't want them to change it and get another user's ID. It's just like your credit card number. Changing the number does'nt get you someone else's credit card right away. The number has a rule that it has to follow in order to be valid.

10:49 pm on Aug 28, 2004 (gmt 0)

WebmasterWorld Senior Member dreamcatcher is a WebmasterWorld Top Contributor of All Time 10+ Year Member



This is what I use to generate alphanumeric codes:


function randomPrefix($length)
{
$random= "";

srand((double)microtime()*1000000);

$data = "AbcDE123IJKLMN67QRSTUVWXYZ";
$data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
$data .= "0FGH45OP89";

for($i = 0; $i < $length; $i++)
{
$random .= substr($data, (rand()%(strlen($data))), 1);
}

return $random;
}

randomPrefix(10);

:)

11:11 pm on Aug 28, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



What you really need is encryption. Generate incrmental numbers, i.e. numbers that follow on on the next. these are your internal IDs. Now, when you hand them out you encrypt them. If you use strong enough encryption, they should not be guessable or incremental anymore, as well as beeign able to be converted back into the real ID.

SN

12:00 am on Aug 29, 2004 (gmt 0)

10+ Year Member



Or, use a check-digit scheme if you want a measure of security. If you randomly generate a 9 digit alphanumeric, you can use the final digit for the check digit.

You can re-use the credit card check digit scheme for this (google, PHP implementations are everywhere).

Just generate your 9 character A-Z, 0-9 string, convert it from base36 to base 10 (base_convert('7JDA2N4G4', 36, 10)), run that number through the check digit routine and tack the result onto the end. Presto, 10 digit random alphanumeric with a check digit.

12:44 am on Aug 29, 2004 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



If you have 50 users and used a two-digit code, then 50% of the possible permutations would be valid at any one time. You need to make the number long enough such that only a very few of the possible combinations are valid at any one time.

If you use a random number, then they will not be unique. It is possible for a number to be repeated exactly the same after a small interval. Some of the suggestions above do look useful though.

12:52 am on Aug 29, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Generate incrmental numbers, i.e. numbers that follow on on the next. these are your internal IDs. Now, when you hand them out you encrypt them. If you use strong enough encryption, they should not be guessable or incremental anymore, as well as beeign able to be converted back into the real ID.

You really need one way hash here, ie MD5. However be careful because if you use obvious things like consequtive numbers then you open yourself up for a "known plain text" attack. MD5 hashes are easily recognisable (its most obvious choice and its known to be 128 bit long (256 if in hex code)).

A better way of doing it would be to merge few strings like your internal number, plus time of creation, plus some pseudo-random big number and then MD5 the whole lot. This should be unique as well and if its not then you should contact RSA and get Nobel Prize of the year for discovering multiple collisions of MD5 algo!

4:24 pm on Aug 29, 2004 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




contact RSA and get Nobel Prize of the year

Actually, it's only $10K for the MD5 collision algo and the best you could get is the Turing prize, but it's worth settling for. Let us know when you get the solution ;-)

 

Featured Threads

Hot Threads This Week

Hot Threads This Month