I like it. I've looked in some code and found about 8
password-generation-functions. 4 of them have more or less the same
idea behind.

The rest generates more complicated password. E.g. "minimum one
digit", "First letter must be alphabetic". This is easy to implement.
Some generate passwords from syllables (don't ask, no one does that
anymore).


Three suggestions:


1a) If you want to support character classes, you can do it with pcre:
http://www.php.net/manual/en/regexp.reference.character-classes.php

The idea is the following:

pseudofunction random_string($len, $characters)
{
....
$set = '';
if ($characters "look like a RE consisting of just one character-class") {
  foreach ($charset as $char) {
     // If the regex matches one of the chars, it is in the character class!
     if (preg_match($characters, $char)) {
         // add char to $set
         $set .= $char;
     }
  }
} else {
  $set = $characters;
}
....


-- "look like RE consisting of just one character-class" : something
like "/^\/\[.*\]\/[^/]*$/s" - not tested this, but explained: search
for "/[...]/...". Some cases here are untested ([, ] and so on), needs
more thinking, when I have time, but will be enough for prove of
concept. Making it easier is always possible.
-- $charset : The chars from 0 to 255.

With this you can avoid to parse or define the character-classes
yourself and it is normally fast enough. If you want to have it faster
see suggestion 3.


1b) And it has some more functionality: For germans the alphabet
constists out of 30 chars. PCRE normally considers this! [:alpha:] for
german locals differs from [:alpha:] for english.

Is this wanted? I think, the localisation should be by default off;
nobody really needs to generate passwords with umlauts.


1c) For the standard cases like "a-zA-Z0-9" etc. constants could be useful.



2. Whats about Unicode? Do Japanese people want to have japanese passwords?


3. Because generating a string from character-classes is very handy in
general for some other things (many string functions have it), I
suggest that it is not part of random_string(). Make a new function
str_from_character_class(), or if you use pcre like above
pcre_str_from_character_class()?


-- 
Alex Aulbach

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to