如何创建随机密钥php mysql？

Question

我需要在MySQL 创建随机密钥存储如果我使用：

<?php echo md5(rand(10000,99999)); ?> 

我在哪里可以存储它

<?php 
require 'config.inc.php'; 

foreach($_POST as $k=>$v) 
{ 
    $_POST[$k] = trim($v); 
} 

if(!isset($_POST['produgg_username']) or !isset($_POST['produgg_password']) or !isset($_POST['produgg_email'])) 
{ 
    print "Please use all fields"; 
}elseif(empty($_POST['produgg_username'])){ 
    print "Please choose a username"; 
}elseif(empty($_POST['produgg_password'])){ 
    print "Please choose a password"; 
}elseif(empty($_POST['produgg_email'])){ 
    print "Please enter an email address"; 
}elseif(!filter_var($_POST['produgg_email'], FILTER_VALIDATE_EMAIL)) {  
    print "Please enter a valid email address"; 
}elseif(!preg_match("/^[a-z0-9]+$/i", $_POST['produgg_username'])) { 
    print "Please use only characters and numbers for username"; 
}elseif($usersClass->checkUserExists($_POST['produgg_username'])) { 
    print "Username Taken, please choose another"; 
}else{ 
    if($usersClass->register($_POST['produgg_username'], md5($_POST['produgg_password']), $_POST['produgg_email'])) 
    { 
     print "success"; 
     $toemail = $_POST['produgg_email']; 
     $touser = $_POST['produgg_username']; 
     // Send activation email 
     $to = $toemail; 
     $subject = "Activation"; 
     $headers = "From: support@friendr.co.uk"; 
     $body = "Howdy $touser! 

     To activate your please click on the following link - http://www..co.uk/activateuser.php?email=$toemail"; 

     mail($to, $subject, $body, $headers); 

    }else{ 
     print "Something weird happened and we couldn't setup the account!"; 
    } 
} 

?> 

Answer 1

使用的，而不是用MD5做的uniqid()功能。确保将more_entropy设置为true。

即

uniqid('prefix', true); 

变化'prefix'到适合您的应用程序的东西。

Answer 2

首先，看来你是使用普通md5()来存储用户密码...... 不这样做，这是一个安全风险。你让你的用户和你自己处于危险之中。使用更强大的哈希算法或bcrypt来加强密钥。 See this answer for more information。

---

看来你实际上是在试图为电子邮件激活产生一个nonce。

如果有什么，Universally Unique IDentifier (UUID)将完成这项工作。它具有非常低的碰撞变化，并且允许使用3个独特的值（一旦使用一个值，您可以重复使用它以用于其他用户）。

您可以使用我写的这个函数在PHP中生成UUID。你需要的是一个v4 UUID。

function UUIDv4() { 
    $bytes = str_split(crypto_random_bytes(16)); 

    // Set UUID Version Number 
    $bytes[6] = $bytes[6] & "\x0f" | "\x40"; 

    // Set UUID DCE1.1 varient 
    $bytes[8] = $bytes[8] & "\x3f" | "\x80"; 

    $uuid = bin2hex(implode($bytes)); 

    return sprintf('%08s-%04s-%04s-%04s-%12s', 
    // 32 bits for "time_low" 
    substr($uuid, 0, 8), 

    // 16 bits for "time_mid" 
    substr($uuid, 8, 4), 

    // 16 bits for "time_hi_and_version", 
    // four most significant bits holds version number 4 
    substr($uuid, 12, 4), 

    // 16 bits, 8 bits for "clk_seq_hi_res", 
    // 8 bits for "clk_seq_low", 
    // two most significant bits holds zero and one for variant DCE1.1 
    substr($uuid, 16, 4), 

    // 48 bits for "node" 
    substr($uuid, 20, 12) 
); 
} 

function crypto_random_bytes($count) { 
    static $randomState = null; 

    $bytes = ''; 

    if(function_exists('openssl_random_pseudo_bytes') && 
     (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win 
    $bytes = openssl_random_pseudo_bytes($count); 
    } 

    if($bytes === '' && is_readable('/dev/urandom') && 
    ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) { 
    $bytes = fread($hRand, $count); 
    fclose($hRand); 
    } 

    if(strlen($bytes) < $count) { 
    $bytes = ''; 

    if($randomState === null) { 
     $randomState = microtime(); 
     if(function_exists('getmypid')) { 
     $randomState .= getmypid(); 
     } 
    } 

    for($i = 0; $i < $count; $i += 16) { 
     $randomState = md5(microtime() . $randomState); 

     if (PHP_VERSION >= '5') { 
     $bytes .= md5($randomState, true); 
     } else { 
     $bytes .= pack('H*', md5($randomState)); 
     } 
    } 

    $bytes = substr($bytes, 0, $count); 
    } 

    return $bytes; 
}