melbourne chapter

There are many different ways to generate passwords, and (depending on the requirements) will need to involve both numbers and letters (preferrably additional special characters like !@#$%^ etc). With PHP the generally easiest way to generate a password is to use a random number mapping to a pointer in a string of ‘valid’ characters. A simple example may be as follows:

Generate password using a for loop and random pointer and string of allowed characters

// Generate a password
$password = '';
$len = 6;
$validCharacters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabchefghjkmnpqrstuvwxyz0123456789';
while (strlen($password) < $len) {
  $pointer = rand() % strlen($validCharacters);
  $nextChar = substr($validCharacters, $pointer, 1);
  $password .= $nextChar;
}
print "Your new password is " . $password;

Trying to use a larger set of valid characters and the length of the password will help build the strength of your password. Including special characters into the set will help also.
NOTE: Consider if having issues like i,I,1,l,L,0,O (all different characters) will cause confusion and you may consider stripping some of them out (like done above).

Technically, I am sure a maths person will be able to figure out using probability the chances of the pointer landing on a set of upper case, lower case or number, and be able to better guess at what a likely result would be.

Instead we could re-write the function above to use a array, that allows us to seperate out the character sets, and from there we could better balance the generation. We can also then write a more useful password generation function that will allow us to specify not only length, but strength (based on what sets of characters are included).

Generate a password using a array of allowed character set with 2 random pointers

/**
 * Generate a password based on sets of characters (levels)
 *
 * String getNewPassword(int $length, int $level);
 * Set level higher to include more character sets
 * 1 = lowercase alpha
 * 2 = mixed case alpha
 * 3 = mixed case alphanumeric
 * 4 = mixed case alphanumeric and special characters
 *
 * @param length int Length of password
 * @param level int Sets number of character sets to include
 * @return String New Password based on parameters
 * @author Cameron Manderson <cameronmanderson@gmail.com>
 */
function getNewPassword($length = 8, $level = 3) {
  // Our character Sets
  $characterSets = array();
  $characterSets[] = 'abcdefghijklmnopqrstuvwxyz';
  $characterSets[] = 'ABCDEFGHIJKLMNOPQSRTUVWXYZ';
  $characterSets[] = '01234567890';
  $characterSets[] = '`~!@#$%^&*()-_=+.'/\"';
 
  // Check we have a valid level
  if($level > count($characterSets)) $level = count($characterSets);
  else if($level < 1) $level = 1;
 
  // Generate the password
  $password = ''; // Out new password
  for($i = 0; $i < $length; $i++) {
    $xPointer = rand() % $level; // Get out set pointer
    $yPointer = rand() % strlen($characterSets[$xPointer]);
    $password .= substr($characterSets[$xPointer], $yPointer, 1);
  }

  // Return our new password
    return $password;
}

You will also want to consider how you are going to store your passwords. There are many different algorithms and approaches that can be taken. SHA and MD5 are very common.