On 16 July 2012 16:32, Alex Aulbach <alex.aulb...@gmail.com> wrote: > I like it. I've looked in some code and found about 8 > password-generation-functions. 4 of them have more or less the same > idea behind. > > The rest generates more complicated password. E.g. "minimum one > digit", "First letter must be alphabetic". This is easy to implement. > Some generate passwords from syllables (don't ask, no one does that > anymore). > > > Three suggestions: > > > 1a) If you want to support character classes, you can do it with pcre: > http://www.php.net/manual/en/regexp.reference.character-classes.php > > The idea is the following: > > pseudofunction random_string($len, $characters) > { > .... > $set = ''; > if ($characters "look like a RE consisting of just one character-class") { > foreach ($charset as $char) { > // If the regex matches one of the chars, it is in the character class! > if (preg_match($characters, $char)) { > // add char to $set > $set .= $char; > } > } > } else { > $set = $characters; > } > .... > > > -- "look like RE consisting of just one character-class" : something > like "/^\/\[.*\]\/[^/]*$/s" - not tested this, but explained: search > for "/[...]/...". Some cases here are untested ([, ] and so on), needs > more thinking, when I have time, but will be enough for prove of > concept. Making it easier is always possible. > -- $charset : The chars from 0 to 255. > > With this you can avoid to parse or define the character-classes > yourself and it is normally fast enough. If you want to have it faster > see suggestion 3. > > > 1b) And it has some more functionality: For germans the alphabet > constists out of 30 chars. PCRE normally considers this! [:alpha:] for > german locals differs from [:alpha:] for english. > > Is this wanted? I think, the localisation should be by default off; > nobody really needs to generate passwords with umlauts. > > > 1c) For the standard cases like "a-zA-Z0-9" etc. constants could be useful. > > > > 2. Whats about Unicode? Do Japanese people want to have japanese passwords? >
No, Japanese and Chinese are entered using IMEs and would be impractical to use in passwords. Russian though, maybe. However I think most passwords are alphanumeric. Besides, this isn't to generate passwords, it's to generate salts and other random strings. > > 3. Because generating a string from character-classes is very handy in > general for some other things (many string functions have it), I > suggest that it is not part of random_string(). Make a new function > str_from_character_class(), or if you use pcre like above > pcre_str_from_character_class()? > > > -- > Alex Aulbach -- Andrew Faulds (AJF) http://ajf.me/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
