I like it. I've looked in some code and found about 8 password-generation-functions. 4 of them have more or less the same idea behind.
The rest generates more complicated password. E.g. "minimum one digit", "First letter must be alphabetic". This is easy to implement. Some generate passwords from syllables (don't ask, no one does that anymore). Three suggestions: 1a) If you want to support character classes, you can do it with pcre: http://www.php.net/manual/en/regexp.reference.character-classes.php The idea is the following: pseudofunction random_string($len, $characters) { .... $set = ''; if ($characters "look like a RE consisting of just one character-class") { foreach ($charset as $char) { // If the regex matches one of the chars, it is in the character class! if (preg_match($characters, $char)) { // add char to $set $set .= $char; } } } else { $set = $characters; } .... -- "look like RE consisting of just one character-class" : something like "/^\/\[.*\]\/[^/]*$/s" - not tested this, but explained: search for "/[...]/...". Some cases here are untested ([, ] and so on), needs more thinking, when I have time, but will be enough for prove of concept. Making it easier is always possible. -- $charset : The chars from 0 to 255. With this you can avoid to parse or define the character-classes yourself and it is normally fast enough. If you want to have it faster see suggestion 3. 1b) And it has some more functionality: For germans the alphabet constists out of 30 chars. PCRE normally considers this! [:alpha:] for german locals differs from [:alpha:] for english. Is this wanted? I think, the localisation should be by default off; nobody really needs to generate passwords with umlauts. 1c) For the standard cases like "a-zA-Z0-9" etc. constants could be useful. 2. Whats about Unicode? Do Japanese people want to have japanese passwords? 3. Because generating a string from character-classes is very handy in general for some other things (many string functions have it), I suggest that it is not part of random_string(). Make a new function str_from_character_class(), or if you use pcre like above pcre_str_from_character_class()? -- Alex Aulbach -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php