Function to create simple or advanced passwords based on different schemes. Fast, reliable and highly configurable.

Updates, ideas and words of wisdom most welcome

By : Lars Jensen

<?php
/*
File : password_lib.php
Version : 1.0
Author : Lars B. Jensen, lars.jensen@ljweb.com
*/

# Seed the random generator - consider doing this in a config file once for the entire site
mt_srand((double)microtime()*1000000);

/* PUBLIC */
function password_generate($nice = 1, $length=0, $allowchars = "") {
# Find random password length
if (!$length) $length = mt_rand(5, 9);

# pronouncable password
if ($nice == 1) return password_generate_pronouncable($length);
# lowercase only, fix similar
else if ($nice == 2) return password_generate_advanced($length, 0, 1, 0, 0, 1, $allowchars);
# lowercase and numbers only, fix similar
else if ($nice == 3) return password_generate_advanced($length, 0, 1, 1, 0, 1, $allowchars);
# both lower and uppercase chars and numbers , fix similar
else if ($nice == 4) return password_generate_advanced($length, 1, 1, 1, 0, 1, $allowchars);
# all types of letters, including special chars, fix similar
else if ($nice == 5) return password_generate_advanced($length, 1, 1, 1, 1, 1, $allowchars);
# oh my :) the real deal - get it all and dont fix similars
else if ($nice == 6) return password_generate_advanced($length, 1, 1, 1, 1, 0, $allowchars);

# $nice contained illegal value, go for the easy 3
else return password_generate_advanced($length, 1, 1, 1, 0, 1);
}


/* PRIVATE */
function password_generate_advanced($length = 8, $allow_uppercase = 1, $allow_lowercase = 1, $allow_numbers = 1, $allow_special = 1, $fix_similar = 0, $valid_charset = "") {
# Create a list of usable chars based upon the parameters
if (!$valid_charset) {
if ($allow_uppercase) $valid_charset .= 'ABCDEFGHIJKLMNOPQRSTUVXYZ';
if ($allow_lowercase) $valid_charset .= 'abcdefghijklmnopqrstuvxyz';
if ($allow_numbers) $valid_charset .= '0123456789';
if ($allow_special) $valid_charset .= '!#$%&()*+-./;<=>@\_';
}
# Find the charset length
$charset_length = strlen($valid_charset);

# If no chars is allowed, return false
if ($charset_length == 0) return false;

# Initialize the password and loop till we have all
$password = "";
while(strlen($password) < $length) {
# Pull out a random char
$char = $valid_charset[mt_rand(0, ($charset_length-1))];

# If similar is true, check if string contains mistakeable chars, add if accepted
if (($fix_similar && !strpos('O01lI5S', $char)) || !$fix_similar) $password .= $char;
}


# Return password
return $password;
}


function password_generate_pronouncable($length = 8) {
# Initialize valid char lists
$valid_consonant = 'bcdfghjkmnprstv';
$valid_vowel = 'aeiouy';
$valid_numbers = '0123456789';

# Find the charset length
$consonant_length = strlen($valid_consonant);
$vowel_length = strlen($valid_vowel);
$numbers_length = strlen($valid_numbers);

# Initialize the password and loop till we have all
$password = "";
while(strlen($password) < $length) {
# Pull out a random set of pronouncable chars
if (mt_rand(0, 2) != 1) $password .= $valid_consonant[mt_rand(0, ($consonant_length-1))].$valid_vowel[mt_rand(0, ($vowel_length-1))].$valid_consonant[mt_rand(0, ($consonant_length-1))];
else $password .= $valid_numbers[mt_rand(0, ($numbers_length-1))];
}

return substr($password, 0, $length);
}
?>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Miscellaneous Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base. FREE! Go There Now!

NEW! Application Development Tools for the Mainframe Developer You probably have thousands of lines of COBOL code loaded with business intelligence and being used to run your business, along with an army of developers maintaining these applications. Learn how to prepare your applications and developers so you can keep that competitive edge and move to a service-oriented architecture with the IBM Rational Enterprise Modernization solutions. Replay is available for 9 months. FREE! Go There Now!

NEW! Applying lean thinking to the governance of software development Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations. FREE! Go There Now!

NEW! Download a free trial of WebSphere Business Modeler Advanced V6.1.1 Visit IBM developerWorks to download a free trial version of WebSphere Business Modeler Advanced V6.1.1, IBM’s premier business process modeling and analysis tool for business users that offers process modeling, simulation, and analysis capabilities. IBM WebSphere Business Modeler helps you visualize, understand, and document business processes for continuous improvement. FREE! Go There Now!

NEW! Rational Asset Manager eKit Learn how to do more with your reusable assets with the free Rational Asset Manager eKit. The eKit includes demos on how Rational Asset Manager tracks and audits your assets in order to utilize them for reuse. Plus you’ll find white papers and a Webcast that discuss the challenges of a Service Oriented Architecture and how Rational Asset Manager can provide quick and effective solutions. FREE! Go There Now!

NEW! Try IBM Rational Asset Manager V7.0 online! You can now evaluate IBM Rational Asset Manager V7.0 online without installing or configuring it on your own system! Rational Asset Manager helps create, modify, govern, find, and reuse any type of development assets, including SOA and systems development assets. Rational Asset Manager helps you reduce software development costs and improve quality by facilitating the reuse of all types of software development-related assets. Visit developerWorks to learn more about this product and register to explore its capabilities online. FREE! Go There Now!

NEW! Try the IBM SOA Sandbox for Connectivity Visit IBM developerWorks to try the IBM SOA Sandbox for connectivity. The SOA Sandbox for connectivity provides a trial environment with the tooling and components to help you explore how to effectively connect your infrastructure and integrate all of the people, processes and information in your company. Use the hosted sandbox to explore SOA techniques that streamline connecting existing IT assets together, as well as learn how to connect them to new business logic. FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

NEW! Webcast: Extreme transaction processing with WebSphere Extended Deployment In this webcast, you'll get an introduction to the eXtreme Transaction Processing (XTP) features of WebSphere Extended Deployment and the common architectural traits required by XTP applications. See how WebSphere Extended Deployment's ObjectGrid feature provides a state-of-the-art infrastructure for hosting XTP applications. FREE! Go There Now!

NEW! Whitepaper: Delivering SOA solutions: service lifecycle management The unprecedented scope of a service-oriented architecture (SOA) initiative brings to the forefront a number of management and governance issues that were sidestepped in the past. The key to a successful SOA implementation is managing and governing activities throughout the entire SOA delivery lifecycle by ensuring that services conform to the needs of all of the business’s stakeholders. Learn how service lifecycle management allows the business to ensure that the process by which services are defined, created, tested, deployed, optimized and retired is manageable, repeatable and auditable. FREE! Go There Now!

All FREE IBM® developerWorks Tools!