php 为电子邮件确认生成确认代码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2088969/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Generating confirmation code for an email confirmation
提问by luckytaxi
Using PHP, what are some ways to generate a random confirmation code that can be stored in a DB and be used for email confirmation? I can't for the life of me think of a way to generate a unique number that can be generated from a user's profile. That way I can use a function to make the number small enough to be included in the URL (see this link). Remember, the user has to click on the link to "confirm/activate" his/her account. If I can't use numbers, I have no problems using both letters and numbers.
使用PHP,有哪些方法可以生成可以存储在数据库中并用于电子邮件确认的随机确认码?我一生都无法想出一种方法来生成可以从用户个人资料中生成的唯一编号。这样我就可以使用函数使数字足够小以包含在 URL 中(请参阅此链接)。请记住,用户必须单击链接以“确认/激活”他/她的帐户。如果我不能使用数字,那么使用字母和数字都没有问题。
With that said, I've tried hashing the username along with a "salt" to generate the random code. I know there has to be a better way, so let's hear it.
话虽如此,我已经尝试将用户名与“盐”一起散列以生成随机代码。我知道必须有更好的方法,所以让我们听听。
回答by John Conde
$random_hash = md5(uniqid(rand(), true));
That will be 32 alphanumeric characters long and unique. If you want it to be shorter just use substr():
这将是 32 个字母数字字符长且唯一。如果您希望它更短,只需使用 substr():
$random_hash = substr(md5(uniqid(rand(), true)), 16, 16); // 16 characters long
Alternative methods to generate random data include:
生成随机数据的替代方法包括:
$random_hash = md5(openssl_random_pseudo_bytes(32));
$random_hash = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
// New in PHP7
$random_hash = bin2hex(random_bytes(32));
回答by streetparade
1) Create an Activated Field in Database
1) 在数据库中创建一个激活字段
2) After registration the Email is sent
2) 注册后发送电子邮件
3) Create a Link to include in Email,Use a Unique identifier It would look something like this
3)创建一个链接以包含在电子邮件中,使用唯一标识符它看起来像这样
Welcome UsernameThanks for registering.
欢迎用户名感谢您注册。
Please Click on the Link below to activate your account
请点击下面的链接激活您的帐户
domain.com/register.php?uid=100&activate=1
4) Update the Activated Field to true
4) 将 Activated Field 更新为 true
(source: Hymanborn.com)
(来源:Hymanborn.com)
$email_encrypt = urlencode($email);
$special_string = 'maybeyourcompanynamereversed?';
$hash = md5($email_encrypt.$special_string);
Here is the link that is sent to the email that was provided:
http://yourdoman.com/confirm.php?hash='.$hash.'
The actual link will look something like this:
http://yourdomain.com/confirm.php?hash=00413297cc003c03d0f1ffe1cc8445f8
回答by Robert
The accepted answer suggests using a hash of PHP's uniqid(). The documentation for uniqidexplicitly warns that it does not create "random nor unpredictable strings", and states emphatically that "This function must not be used for security purposes."
接受的答案建议使用 PHP 的uniqid(). uniqid的文档明确警告它不会创建“随机或不可预测的字符串”,并强调“不得将此函数用于安全目的。”
If there is any concern over the possibility of a confirmation code being guessed (and that is the whole point of issuing a code) you may wish to use a more random generator such as openssl_random_pseudo_bytes(). You can then use bin2hex()to turn it into a nice alphanumeric. The following looks just like the output of John Conde's answer, but is (supposedly) more random and less guessable:
如果对猜测确认码的可能性有任何担忧(这就是发布代码的全部意义),您可能希望使用更随机的生成器,例如openssl_random_pseudo_bytes(). 然后,您可以使用bin2hex()将其转换为漂亮的字母数字。以下看起来就像 John Conde 的答案的输出,但(据说)更随机且更不易猜测:
// generate a 16 byte random hex string
$random_hash = bin2hex(openssl_random_pseudo_bytes(16))
Late addendum:As Oleg Abrazhaev points out, if you want to make sure your system is actually capable of generating cryptographically strong random values at runtime, openssl_random_pseudo_bytesaccepts a reference to a bool to report this. Code from phpinspectionsea docs:
后期附录:正如 Oleg Abrazhaev 指出的那样,如果您想确保您的系统实际上能够在运行时生成加密强随机值,请openssl_random_pseudo_bytes接受对 bool 的引用来报告这一点。来自phpinspectionsea 文档的代码:
$random = openssl_random_pseudo_bytes(32, $isSourceStrong);
if (false === $isSourceStrong || false === $random) {
throw new \RuntimeException('IV generation failed');
}
Then use the generated random value as before:
然后像以前一样使用生成的随机值:
$random_hash = bin2hex($random)
回答by Kyle Coots
Decided I need something a little more robust and added functionality. So this is what I came up with.
决定我需要一些更强大和附加功能的东西。所以这就是我想出的。
/**
* Hash Gen
* @author Kyle Coots
* @version 1.0
* Allow you to create a unique hash with a maximum value of 32.
* Hash Gen uses phps substr, md5, uniqid, and rand to generate a unique
* id or hash and allow you to have some added functionality.
*
* @see subtr()
* @see md5()
* @see uniqid()
* @see rand()
*
* You can also supply a hash to be prefixed or appened
* to the hash. hash[optional] is by default appened to the hash
* unless the param prefix[optional] is set to prefix[true].
*
* @param start[optional]
* @param end[optional]
* @param hash[optional]
* @param prefix bool[optional]
*
* @return string a unique string max[32] character
*/
function hash_gen($start = null, $end = 0, $hash = FALSE, $prefix = FALSE){
// start IS set NO hash
if( isset($start, $end) && ($hash == FALSE) ){
$md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
$new_hash = $md_hash;
}else //start IS set WITH hash NOT prefixing
if( isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){
$md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
$new_hash = $md_hash.$hash;
}else //start NOT set WITH hash NOT prefixing
if( !isset($start, $end) && ($hash != FALSE) && ($prefix == FALSE) ){
$md_hash = md5(uniqid(rand(), true));
$new_hash = $md_hash.$hash;
}else //start IS set WITH hash IS prefixing
if( isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){
$md_hash = substr(md5(uniqid(rand(), true)), $start, $end);
$new_hash = $hash.$md_hash;
}else //start NOT set WITH hash IS prefixing
if( !isset($start, $end) && ($hash != FALSE) && ($prefix == TRUE) ){
$md_hash = md5(uniqid(rand(), true));
$new_hash = $hash.$md_hash;
}else{
$new_hash = md5(uniqid(rand(), true));
}
return $new_hash;
}
回答by SPC ANGEL
private function generateCodeSecurity()
{
list($usec, $sec) = explode(" ", microtime());
$micro = usec + $sec;
$hoy = date("Y-m-d");
$str = str_replace('-','',$hoy);
return rand($str, $micro);
}
With this little code, you can generate a random number, with a range of 7 to 11 numbers.
使用这个小代码,您可以生成一个随机数,范围为 7 到 11 个数字。
Using php functions:
使用php函数:
Rand ();
Microtime ()
$hoy = date("Y-m-d");
$str = str_replace('-','',$hoy);
echo $str;
result date: 20170217
list($usec, $sec) = explode(" ", microtime());
$micro = usec + $sec;
echo $micro;
result micro varaible: 1487340849
Passing parameters in this function:rand ();
在这个函数中传递参数:rand ();
rand($str, $micro);
and return;
并返回;
example:
例子:
list($usec, $sec) = explode(" ", microtime());
$micro = usec + $sec;
$hoy = date("Y-m-d");
$str = str_replace('-','',$hoy);
$finalresult = rand($str, $micro);
echo $finalresult;
result:1297793555
结果:1297793555
I think it is difficult to repeat this number, for the reason it will never be the same day, nor the same hour, nor the same milliseconds of time.
我认为很难重复这个数字,因为它永远不会是同一天、同一小时或同一毫秒的时间。
