HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Password generator

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
generatorpasswordstackoverflow

Problem

I am playing around with CSS/HTML/PHP and created a password generator:

[]{}";
$chars = "";
$password ="";

function generatePassword($length, $chars){

    $charsArray = str_split($chars);

    for($i = 0; $i Your generated password is:';

}

if(isset($_POST['generate_password'])){

    if(isset($_POST['symbols'])){
        $chars .= $symbols;
    }

    if(isset($_POST['numbers'])){
        $chars .= $numbers;
    }

    if(isset($_POST['lowercase_characters'])){
        $chars .= $lowercase_characters;
    }

    if(isset($_POST['uppercase_characters'])){
        $chars .= $uppercase_characters;
    }

    generatePassword(htmlspecialchars($_POST['p_length']), $chars);

}

?>

    
        
            Password Generator
        

        
            
                
                    Password Lenght:
                    
                
                
                    Include Symbols:
                     (e.g. @#$%)
                
                
                    Include Numbers:
                     (e.g. 123456)
                
                
                    Include Lowercase Characters:
                     (e.g. abcdefg)
                
                
                    Include Uppercase Characters:
                     (e.g. ABCDEFG)
                
                
                    
                    
                
            
        

    


It would be great if I could get some feedback on the code that I wrote, how to improve it and if there are any safety issues.

Solution

The answer of rolfl should be the accepted one. It handles nearly everything. I just want to add some remarks:
Bugs

If none of the $_POST variables are set. Something will break...
Security

Your password generator is not secure.

Shuffle internally uses the same 'randomness' as rand(). More info here.
This means that your 'random' password is not random when talking security. It will seem random for the human eye, but a computer will quickly burst that bubble.

A much better an easier way of generating a random password is using openssl_random_pseudo_bytes.

Context

StackExchange Code Review Q#77044, answer score: 6

Revisions (0)

No revisions yet.