当前位置: 文江博客话题详情

生成电子邮件确认的确认码

发布于 2024-08-18 06:22:58 字数 360 浏览 12 评论 0原文

使用 PHP,有哪些方法可以生成可以存储在数据库中并用于电子邮件确认的随机确认码?我一辈子都想不出一种方法来生成可以从用户的个人资料中生成的唯一号码。这样我就可以使用一个函数使数字足够小以包含在 URL 中(参见此链接)。请记住,用户必须单击链接来“确认/激活”他/她的帐户。如果我不能使用数字,那么使用字母和数字也没有问题。

话虽如此,我尝试将用户名与“盐”一起进行哈希处理以生成随机代码。我知道一定有更好的方法,所以让我们听听。

原文

Using PHP, what are some ways to generate a random confirmation code that can be stored in a DB and be used for email confirmation? I can't for the life of me think of a way to generate a unique number that can be generated from a user's profile. That way I can use a function to make the number small enough to be included in the URL (see this link). Remember, the user has to click on the link to "confirm/activate" his/her account. If I can't use numbers, I have no problems using both letters and numbers.

With that said, I've tried hashing the username along with a "salt" to generate the random code. I know there has to be a better way, so let's hear it.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

因为看清所以看轻 2024-08-25 06:22:58
$random_hash = md5(uniqid(rand(), true));

这将是 32 个字母数字字符长并且是唯一的。如果您希望它更短,只需使用 substr():

$random_hash = substr(md5(uniqid(rand(), true)), 16, 16); // 16 characters long

生成随机数据的替代方法包括:

$random_hash = md5(openssl_random_pseudo_bytes(32));
$random_hash = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

// New in PHP7
$random_hash = bin2hex(random_bytes(32));

$random_hash = md5(uniqid(rand(), true));

That will be 32 alphanumeric characters long and unique. If you want it to be shorter just use substr():

$random_hash = substr(md5(uniqid(rand(), true)), 16, 16); // 16 characters long

Alternative methods to generate random data include:

$random_hash = md5(openssl_random_pseudo_bytes(32));
$random_hash = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

// New in PHP7
$random_hash = bin2hex(random_bytes(32));
回复 原文
弥繁 2024-08-25 06:22:58

1) 在数据库中创建激活字段

2) 注册后发送电子邮件

3) 创建要包含在电子邮件中的链接,使用唯一标识符
它看起来像这样

欢迎用户名感谢您注册。

请点击下面的链接激活您的帐户

domain.com/register.php?uid=100&activate=1

4) 将激活字段更新为 true

替代文字
(来源:jackborn.com)

$email_encrypt = urlencode($email);
$special_string = 'maybeyourcompanynamereversed?';
$hash = md5($email_encrypt.$special_string);

Here is the link that is sent to the email that was provided:

http://yourdoman.com/confirm.php?hash='.$hash.'

The actual link will look something like this:

http://yourdomain.com/confirm.php?hash=00413297cc003c03d0f1ffe1cc8445f8

1) Create an Activated Field in Database

2) After registration the Email is sent

3) Create a Link to include in Email,Use a Unique identifier
It would look something like this

Welcome Username Thanks for registering.

Please Click on the Link below to activate your account

domain.com/register.php?uid=100&activate=1

4) Update the Activated Field to true

alt text
(source: jackborn.com)

$email_encrypt = urlencode($email);
$special_string = 'maybeyourcompanynamereversed?';
$hash = md5($email_encrypt.$special_string);

Here is the link that is sent to the email that was provided:

http://yourdoman.com/confirm.php?hash='.$hash.'

The actual link will look something like this:

http://yourdomain.com/confirm.php?hash=00413297cc003c03d0f1ffe1cc8445f8
回复 原文
此刻的回忆 2024-08-25 06:22:58

接受的答案建议使用 PHP 的 uniqid() 的哈希值。 uniqid 文档明确警告它不会创建“随机或不可预测的字符串” ”,并强调“此函数不得用于安全目的。

如果担心确认码被猜测的可能性(这就是发出代码的全部意义) )您可能希望使用更随机的生成器,例如 openssl_random_pseudo_bytes()。然后,您可以使用 bin2hex() 将其转换为漂亮的字母数字。以下内容看起来就像约翰·康德(John Conde)答案的输出,但(据说)更加随机且不易猜测:

// generate a 16 byte random hex string
$random_hash = bin2hex(openssl_random_pseudo_bytes(16))

最新附录:正如奥列格·阿布拉扎耶夫(Oleg Abrazzaev)指出的那样,如果您想确保您的系统实际上有能力为了在运行时生成加密的强随机值,openssl_random_pseudo_bytes 接受对 bool 的引用来报告这一点。来自 phpinspectionsea 文档 的代码

$random = openssl_random_pseudo_bytes(32, $isSourceStrong);
if (false === $isSourceStrong || false === $random) {
    throw new \RuntimeException('IV generation failed');
}

:像以前一样使用生成的随机值:

$random_hash = bin2hex($random)

The accepted answer suggests using a hash of PHP's uniqid(). The documentation for uniqid explicitly warns that it does not create "random nor unpredictable strings", and states emphatically that "This function must not be used for security purposes."

If there is any concern over the possibility of a confirmation code being guessed (and that is the whole point of issuing a code) you may wish to use a more random generator such as openssl_random_pseudo_bytes(). You can then use bin2hex() to turn it into a nice alphanumeric. The following looks just like the output of John Conde's answer, but is (supposedly) more random and less guessable:

// generate a 16 byte random hex string
$random_hash = bin2hex(openssl_random_pseudo_bytes(16))

Late addendum: As Oleg Abrazhaev points out, if you want to make sure your system is actually capable of generating cryptographically strong random values at runtime, openssl_random_pseudo_bytes accepts a reference to a bool to report this. Code from phpinspectionsea docs:

$random = openssl_random_pseudo_bytes(32, $isSourceStrong);
if (false === $isSourceStrong || false === $random) {
    throw new \RuntimeException('IV generation failed');
}

Then use the generated random value as before:

$random_hash = bin2hex($random)
回复 原文
听你说爱我 2024-08-25 06:22:58

决定我需要一些更强大和附加功能的东西。这就是我想出的办法。

/**
 * Hash Gen 
 * @author Kyle Coots
 * @version    1.0
 * Allow you to create a unique hash with a maximum value of 32.
 * Hash Gen uses phps substr, md5, uniqid, and rand to generate a unique 
 * id or hash and allow you to have some added functionality.
 * 
 * @see subtr()
 * @see md5()
 * @see uniqid()
 * @see rand()
 *  
 * You can also supply a hash to be prefixed or appened
 * to the hash. hash[optional] is by default appened to the hash 
 * unless the param prefix[optional] is set to prefix[true].     
 * 
 * @param start[optional]
 * @param end[optional]
 * @param hash[optional]
 * @param prefix bool[optional]
 * 
 * @return string a unique string max[32] character
 */
function hash_gen($start = null, $end = 0, $hash = FALSE, $prefix = FALSE){

    // start IS set NO hash
    if( isset($start, $end) && ($hash == FALSE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $md_hash;

    }else //start IS set WITH hash NOT prefixing
    if( isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $md_hash.$hash;

    }else //start NOT set WITH hash NOT prefixing 
    if( !isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){

        $md_hash = md5(uniqid(rand(), true));
        $new_hash = $md_hash.$hash;

    }else //start IS set WITH hash IS prefixing 
    if( isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $hash.$md_hash;

    }else //start NOT set WITH hash IS prefixing
    if( !isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){

        $md_hash = md5(uniqid(rand(), true));
        $new_hash = $hash.$md_hash;

    }else{

        $new_hash = md5(uniqid(rand(), true));

    }

    return $new_hash;

 }

Decided I need something a little more robust and added functionality. So this is what I came up with.

/**
 * Hash Gen 
 * @author Kyle Coots
 * @version    1.0
 * Allow you to create a unique hash with a maximum value of 32.
 * Hash Gen uses phps substr, md5, uniqid, and rand to generate a unique 
 * id or hash and allow you to have some added functionality.
 * 
 * @see subtr()
 * @see md5()
 * @see uniqid()
 * @see rand()
 *  
 * You can also supply a hash to be prefixed or appened
 * to the hash. hash[optional] is by default appened to the hash 
 * unless the param prefix[optional] is set to prefix[true].     
 * 
 * @param start[optional]
 * @param end[optional]
 * @param hash[optional]
 * @param prefix bool[optional]
 * 
 * @return string a unique string max[32] character
 */
function hash_gen($start = null, $end = 0, $hash = FALSE, $prefix = FALSE){

    // start IS set NO hash
    if( isset($start, $end) && ($hash == FALSE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $md_hash;

    }else //start IS set WITH hash NOT prefixing
    if( isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $md_hash.$hash;

    }else //start NOT set WITH hash NOT prefixing 
    if( !isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){

        $md_hash = md5(uniqid(rand(), true));
        $new_hash = $md_hash.$hash;

    }else //start IS set WITH hash IS prefixing 
    if( isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){

        $md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
        $new_hash = $hash.$md_hash;

    }else //start NOT set WITH hash IS prefixing
    if( !isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){

        $md_hash = md5(uniqid(rand(), true));
        $new_hash = $hash.$md_hash;

    }else{

        $new_hash = md5(uniqid(rand(), true));

    }

    return $new_hash;

 }
回复 原文
债姬 2024-08-25 06:22:58
  private  function generateCodeSecurity()
  {
    list($usec, $sec) = explode(" ", microtime());
    $micro = usec + $sec;

    $hoy = date("Y-m-d");  
    $str = str_replace('-','',$hoy); 

    return  rand($str,  $micro);

  }

使用这段小代码,您可以生成一个随机数,范围为 7 到 11 个数字。

使用php函数:

Rand ();
Microtime ()



$hoy = date("Y-m-d");  
$str = str_replace('-','',$hoy); 

echo $str; 
result date: 20170217



 list($usec, $sec) = explode(" ", microtime());
 $micro = usec + $sec;


echo $micro;
result  micro varaible: 1487340849

在这个函数中传递参数:rand();

 rand($str,  $micro);

并返回;

示例:

 list($usec, $sec) = explode(" ", microtime());
    $micro = usec + $sec;

    $hoy = date("Y-m-d");  
    $str = str_replace('-','',$hoy); 

   $finalresult = rand($str,  $micro);

echo $finalresult;

结果:1297793555

我认为很难重复这个数字,因为它永远不会是同一天、同一小时或同一毫秒时间。

  private  function generateCodeSecurity()
  {
    list($usec, $sec) = explode(" ", microtime());
    $micro = usec + $sec;

    $hoy = date("Y-m-d");  
    $str = str_replace('-','',$hoy); 

    return  rand($str,  $micro);

  }

With this little code, you can generate a random number, with a range of 7 to 11 numbers.

Using php functions:

Rand ();
Microtime ()



$hoy = date("Y-m-d");  
$str = str_replace('-','',$hoy); 

echo $str; 
result date: 20170217



 list($usec, $sec) = explode(" ", microtime());
 $micro = usec + $sec;


echo $micro;
result  micro varaible: 1487340849

Passing parameters in this function:rand ();

 rand($str,  $micro);

and return;

example:

 list($usec, $sec) = explode(" ", microtime());
    $micro = usec + $sec;

    $hoy = date("Y-m-d");  
    $str = str_replace('-','',$hoy); 

   $finalresult = rand($str,  $micro);

echo $finalresult;

result: 1297793555

I think it is difficult to repeat this number, for the reason it will never be the same day, nor the same hour, nor the same milliseconds of time.

回复 原文
~没有更多了~

关于作者

请别遗忘我

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文