如何創建隨機密鑰php mysql？

Question

我需要在MySQL 創建隨機密鑰存儲如果我使用：

<?php echo md5(rand(10000,99999)); ?> 

我在哪裏可以存儲它

<?php 
require 'config.inc.php'; 

foreach($_POST as $k=>$v) 
{ 
    $_POST[$k] = trim($v); 
} 

if(!isset($_POST['produgg_username']) or !isset($_POST['produgg_password']) or !isset($_POST['produgg_email'])) 
{ 
    print "Please use all fields"; 
}elseif(empty($_POST['produgg_username'])){ 
    print "Please choose a username"; 
}elseif(empty($_POST['produgg_password'])){ 
    print "Please choose a password"; 
}elseif(empty($_POST['produgg_email'])){ 
    print "Please enter an email address"; 
}elseif(!filter_var($_POST['produgg_email'], FILTER_VALIDATE_EMAIL)) {  
    print "Please enter a valid email address"; 
}elseif(!preg_match("/^[a-z0-9]+$/i", $_POST['produgg_username'])) { 
    print "Please use only characters and numbers for username"; 
}elseif($usersClass->checkUserExists($_POST['produgg_username'])) { 
    print "Username Taken, please choose another"; 
}else{ 
    if($usersClass->register($_POST['produgg_username'], md5($_POST['produgg_password']), $_POST['produgg_email'])) 
    { 
     print "success"; 
     $toemail = $_POST['produgg_email']; 
     $touser = $_POST['produgg_username']; 
     // Send activation email 
     $to = $toemail; 
     $subject = "Activation"; 
     $headers = "From: support@friendr.co.uk"; 
     $body = "Howdy $touser! 

     To activate your please click on the following link - http://www..co.uk/activateuser.php?email=$toemail"; 

     mail($to, $subject, $body, $headers); 

    }else{ 
     print "Something weird happened and we couldn't setup the account!"; 
    } 
} 

?> 

Answer 1

使用的，而不是用MD5做的uniqid()功能。確保將more_entropy設置爲true。

即

uniqid('prefix', true); 

變化'prefix'到適合您的應用程序的東西。

Answer 2

首先，看來你是使用普通md5()來存儲用戶密碼...... 不這樣做，這是一個安全風險。你讓你的用戶和你自己處於危險之中。使用更強大的哈希算法或bcrypt來加強密鑰。 See this answer for more information。

---

看來你實際上是在試圖爲電子郵件激活產生一個nonce。

如果有什麼，Universally Unique IDentifier (UUID)將完成這項工作。它具有非常低的碰撞變化，並且允許使用3個獨特的值（一旦使用一個值，您可以重複使用它以用於其他用戶）。

您可以使用我寫的這個函數在PHP中生成UUID。你需要的是一個v4 UUID。

function UUIDv4() { 
    $bytes = str_split(crypto_random_bytes(16)); 

    // Set UUID Version Number 
    $bytes[6] = $bytes[6] & "\x0f" | "\x40"; 

    // Set UUID DCE1.1 varient 
    $bytes[8] = $bytes[8] & "\x3f" | "\x80"; 

    $uuid = bin2hex(implode($bytes)); 

    return sprintf('%08s-%04s-%04s-%04s-%12s', 
    // 32 bits for "time_low" 
    substr($uuid, 0, 8), 

    // 16 bits for "time_mid" 
    substr($uuid, 8, 4), 

    // 16 bits for "time_hi_and_version", 
    // four most significant bits holds version number 4 
    substr($uuid, 12, 4), 

    // 16 bits, 8 bits for "clk_seq_hi_res", 
    // 8 bits for "clk_seq_low", 
    // two most significant bits holds zero and one for variant DCE1.1 
    substr($uuid, 16, 4), 

    // 48 bits for "node" 
    substr($uuid, 20, 12) 
); 
} 

function crypto_random_bytes($count) { 
    static $randomState = null; 

    $bytes = ''; 

    if(function_exists('openssl_random_pseudo_bytes') && 
     (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win 
    $bytes = openssl_random_pseudo_bytes($count); 
    } 

    if($bytes === '' && is_readable('/dev/urandom') && 
    ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) { 
    $bytes = fread($hRand, $count); 
    fclose($hRand); 
    } 

    if(strlen($bytes) < $count) { 
    $bytes = ''; 

    if($randomState === null) { 
     $randomState = microtime(); 
     if(function_exists('getmypid')) { 
     $randomState .= getmypid(); 
     } 
    } 

    for($i = 0; $i < $count; $i += 16) { 
     $randomState = md5(microtime() . $randomState); 

     if (PHP_VERSION >= '5') { 
     $bytes .= md5($randomState, true); 
     } else { 
     $bytes .= pack('H*', md5($randomState)); 
     } 
    } 

    $bytes = substr($bytes, 0, $count); 
    } 

    return $bytes; 
}