Simple/Basic Password Generation in PHP

Once in awhile every great programmer just needs a little snippet to get the project moving forward. One great snippet that is really useful is one for generating unique passwords. You could use something like this for assigning a generic password to an account (perhaps for a PHP game) that the user then logins with and changes their password or simply for resetting passwords (like in a forgot password feature). We will show you the code and explain the pieces on this entry of the Programmer’s Underground!

Most of my blog entries get pretty long because of the theory behind the topic. It is hard to distill something rather complex in theory down into something digestible for the newbie. This next snippet is not one of those. It is simply a quick little function that shows you a little bit behind ONE technique for generating passwords, even though there are many many ones out there. It is recommended that if you are doing enterprise level applications and such, it might be better to use an industrial strength cipher/hash like MD5/SHA1/Whirlpool or variants on that theme.

This snippet is just to give beginners a look into a simple function and how it can be used to solve an immediate problem. Experienced programmers know that sometimes the simplest function can also be the most effective for solving a bigger problem… especially if you are in a hurry to meet a deadline. This is the reason I have categorized this topic in the “basics” category.

So lets get to the snippet!

// Create a new password that is X characters long (default is 7)
function createNewPassword($length = 7) {
	// Acceptable characters in password
	$chars = "abcdefghijkmnopqrstuvwxyz0123456789";

	// Seed our random number generator using system time

	$pass = '';

	// Pick a random character from our string and add it to our password
	for($i = 0; $i <= $length - 1; $i++) {
	$num = rand() % strlen($chars);
	$pass .= substr($chars, $num, 1);

	return $pass;

We have a few things going on here, but it should be pretty straight forward. The function is named createNewPassword() and it takes an optional argument specifying the length of the password to generate. This simple snippet could potentially generate a password up to several hundreds of characters long if need be but the default is 7. As you can see it shows a list of acceptable characters to include in the password and this list could be modified to include punctuation marks and perhaps even other language sets (I have yet to try it though).

The next important part is the seeding of a random number generator. Here we are using the system’s microtime to create an adequate seed. This will allow our random function to generate different numbers each time the script is ran. The idea is that no two times you run this script will you ever get the same sequence of passwords generated. A password may get generated twice (more unlikely the longer your character string is) but the sequence of passwords generated shouldn’t ever be the same. For instance you may get the password shen43l generated two separate times, but the sequence of shen43l, 34hel21, wx732lg, uy28hgs should never appear in that order at any one time ever. If you didn’t see the random generator, you could potentially get the same passwords generated in the same order in the same list… which is what we don’t often want.

The last main section to his script is the for loop which iterates X number of times and randomly picks out a character from the string using rand and the modulus operator. For those who are not aware of the modulus operator, it simply returns the remainder of an integer division. So 5 % 3 = 2 and 6 % 3 = 0. We use this remainder value in a call to substr() which then picks out a single character from our characters string. It then tacks on the character to our generated password we call $pass.

It returns the value of $pass after the loop is done, resulting in a completed password.

Not too hard right? But understanding something simple like this introduced you to various topics including default parameters (specify a value for $length if it wasn’t provided), random number generation (using srand and rand), string manipulation substr() and control structures (for loops). Pretty good for a simple snippet.

Feel free to use the snippet in any of your projects and extend it anyway you like. Again, if you are going to use this for any commercial products or need something for uncrackable password encryption, it is advised that you go with a cipher or hash. You can checkout my other blog entry on ciphers at the link below…

The Coders Lexicon – Inside the World of Ciphers – Vigenere and Vernam ciphers

Hopefully you have enjoyed this little snippet and my other posts. Thanks for reading. 🙂

About The Author

Martyr2 is the founder of the Coders Lexicon and author of the new ebooks "The Programmers Idea Book" and "Diagnosing the Problem" . He has been a programmer for over 25 years. He works for a hot application development company in Vancouver Canada which service some of the biggest tech companies in the world. He has won numerous awards for his mentoring in software development and contributes regularly to several communities around the web. He is an expert in numerous languages including .NET, PHP, C/C++, Java and more.