patternphpMinor
Password generator
Viewed 0 times
generatorpasswordstackoverflow
Problem
I am playing around with CSS/HTML/PHP and created a password generator:
It would be great if I could get some feedback on the code that I wrote, how to improve it and if there are any safety issues.
[]{}";
$chars = "";
$password ="";
function generatePassword($length, $chars){
$charsArray = str_split($chars);
for($i = 0; $i Your generated password is:';
}
if(isset($_POST['generate_password'])){
if(isset($_POST['symbols'])){
$chars .= $symbols;
}
if(isset($_POST['numbers'])){
$chars .= $numbers;
}
if(isset($_POST['lowercase_characters'])){
$chars .= $lowercase_characters;
}
if(isset($_POST['uppercase_characters'])){
$chars .= $uppercase_characters;
}
generatePassword(htmlspecialchars($_POST['p_length']), $chars);
}
?>
Password Generator
Password Lenght:
Include Symbols:
(e.g. @#$%)
Include Numbers:
(e.g. 123456)
Include Lowercase Characters:
(e.g. abcdefg)
Include Uppercase Characters:
(e.g. ABCDEFG)
It would be great if I could get some feedback on the code that I wrote, how to improve it and if there are any safety issues.
Solution
The answer of rolfl should be the accepted one. It handles nearly everything. I just want to add some remarks:
Bugs
If none of the
Security
Your password generator is not secure.
Shuffle internally uses the same 'randomness' as
This means that your 'random' password is not random when talking security. It will seem random for the human eye, but a computer will quickly burst that bubble.
A much better an easier way of generating a random password is using openssl_random_pseudo_bytes.
Bugs
If none of the
$_POST variables are set. Something will break...Security
Your password generator is not secure.
Shuffle internally uses the same 'randomness' as
rand(). More info here.This means that your 'random' password is not random when talking security. It will seem random for the human eye, but a computer will quickly burst that bubble.
A much better an easier way of generating a random password is using openssl_random_pseudo_bytes.
Context
StackExchange Code Review Q#77044, answer score: 6
Revisions (0)
No revisions yet.