Skip to content

Instantly share code, notes, and snippets.

@darkterminal
Forked from compermisos/strong-passwords.php
Created September 24, 2022 07:33
Show Gist options
  • Save darkterminal/b64c0d5af6f277c63d7f3de22e1f79da to your computer and use it in GitHub Desktop.
Save darkterminal/b64c0d5af6f277c63d7f3de22e1f79da to your computer and use it in GitHub Desktop.
A user friendly, strong password generator PHP function.
#!/usr/bin/php
<?PHP
// Generates a strong password of N length containing at least one lower case letter,
// one uppercase letter, one digit, and one special character. The remaining characters
// in the password are chosen at random from those four sets.
//
// The available characters in each set are user friendly - there are no ambiguous
// characters such as i, l, 1, o, 0, etc. This, coupled with the $add_dashes option,
// makes it much easier for users to manually type or speak their passwords.
//
// Note: the $add_dashes option will increase the length of the password by
// floor(sqrt(N)) characters.
function generateStrongPassword($length = 15, $add_dashes = false, $available_sets = 'luds')
{
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
$sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
{
$password .= $set[tweak_array_rand(str_split($set))];
$all .= $set;
}
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[tweak_array_rand($all)];
$password = str_shuffle($password);
if(!$add_dashes)
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
{
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
}
$dash_str .= $password;
return $dash_str;
}
//take a array and get random index, same function of array_rand, only diference is
// intent use secure random algoritn on fail use mersene twistter, and on fail use defaul array_rand
function tweak_array_rand($array){
if (function_exists('random_int')) {
return random_int(0, count($array) - 1);
} elseif(function_exists('mt_rand')) {
return mt_rand(0, count($array) - 1);
} else {
return array_rand($array);
}
}
echo generateStrongPassword();
echo "\n";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment