str_random 在 Laravel 中是唯一的吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27018695/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
is str_random unique in laravel?
提问by Erik
I use str_random(60)function to generate a password reset code. my question is what about if thousand of people asked for resetting password is this code unique or it could be duplicated?
我使用str_random(60)函数来生成密码重置代码。我的问题是,如果成千上万的人要求重置密码,这个代码是唯一的还是可以复制的呢?
public function postForgotPassword(){
$validator = Validator::make(Input::all(), array('email'=>'required|email'));
if($validator->fails()){
return Redirect::route('account-forgot-password')->withErrors($validator)->withInput();
}else{
$user= User::where('email', '=', Input::get('email'));
if($user->count()){
$user = $user->first();
$code = str_random(60);
$password = str_random(10);
$user->code = $code;
$user->password_temp = Hash::make($password);
if($user->save()){
Mail::send('emails.auth.forgot', array('link'=>URL::route('account-recover', $code), 'username'=>$user->username,'password'=>$password), function($message) use($user)
{$message->to($user->email, $user->username)->subject('your new pass');
});
return Redirect::route('home')->with('global', 'we have sent you an new password');
}
}
}
return Redirect::route('account-change-password')->with('global', 'could not reset password');
}
public function getRecover($code){
$user = User::where('code', '=', $code)->where('password_temp', '!=', '');
if($user->count()){
$user = $user->first();
$user->password = $user->password_temp;
$user->password_temp = '';
$user->code = '';
if($user->save()){
return Redirect::route('home')->with('global', 'your account has been recoverd');
}
}
return Redirect::route('home')->with('global','could not recover you password');
}
回答by Bowersbros
There shouldn't be an issue, since a password reset code should be tied to a user account anyway, making it a composite key, and therefore unique.
应该没有问题,因为密码重置代码无论如何都应该与用户帐户相关联,使其成为复合密钥,因此是唯一的。
All it needs to be is random, not a unique string, since the user should have to enter their email address as well as the password reset code in order for it to work. So if Bob and James both has the reset string of 12345, then them entering it would not be a conflict, since bob would enter [email protected] 12345 and james would enter [email protected] 12345; therefore they are both unique.
它需要是随机的,而不是唯一的字符串,因为用户必须输入他们的电子邮件地址以及密码重置代码才能使其工作。所以如果 Bob 和 James 都有 12345 的重置字符串,那么他们输入它就不会发生冲突,因为 bob 会输入 [email protected] 12345,而 james 会输入 [email protected] 12345;因此它们都是独一无二的。
That is not to say that you shouldn't have random strings, you certainly should. The string should never be guessable. But as to whether it is completely unique, it does not matter.
这并不是说你不应该有随机字符串,你当然应该。该字符串不应该是可猜到的。但至于是否完全独一无二,则无所谓。
回答by Erik
If it's generating random output then it will occasionally recreate the same result. With a 60 character random string, the odds of that are ridiculously small, though.
如果它生成随机输出,那么它偶尔会重新创建相同的结果。但是,对于 60 个字符的随机字符串,这种可能性非常小。
回答by Sam Dark
First, it's not unique by definition as was already mentioned in another answers.
首先,正如其他答案中已经提到的那样,它的定义并不是唯一的。
Second, it could be not random enough for the purpose even if OpenSSL is in the place. There was a bug in PHP implementation of OpenSSLgiving tons of collisions which is fixed in the following versions:
其次,即使有 OpenSSL,它也可能不够随机。OpenSSL 的 PHP 实现中存在一个错误,导致大量冲突,已在以下版本中修复:
= 5.4.44
= 5.5.28
= 5.6.13
= 7.0.0
= 5.4.44
= 5.5.28
= 5.6.13
= 7.0.0
So I advice not using it for security-related purpose.
所以我建议不要将它用于与安全相关的目的。
