6  

It is generally not possible to generate sequences with both unique and random elements: obviously to be unique the algorithm has to take into account the previously generated elements in the sequence, so the next ones will not really be random.

通常不可能同时生成具有唯一和随机元素的序列:显然，为了惟一，算法必须考虑到序列中先前生成的元素，所以下一个元素不是真正的随机的。

Therefore your best bet would be to detect collisions and just retry (which could be very expensive in your particular case).

因此，最好的方法是检测碰撞，然后重试(在你的特殊情况下，这可能非常昂贵)。

If you are constrained to just 7 chars, there's not much you can do above:

如果你被限制为7个字符，那么你在上面所能做的就不多了:

$allowed_chars = 'abcdefghijklmnopqrstuvwxz';
$allowed_count = strlen($allowed_chars);
$password = null;
$password_length = 7;

while($password === null || already_exists($password)) {
    $password = '';
    for($i = 0; $i < $password_length; ++$i) {
        $password .= $allowed_chars{mt_rand(0, $allowed_count - 1)};
    }
}

This should eventually give you a new password.

这最终会给你一个新的密码。

However, in similar cases I have encountered I usually pick a larger password size which also happens to be the size of the hex representation of a popular hash function (e.g. md5). Then you can make it easier on yourself and less error prone:

但是，在类似的情况下，我通常会选择一个较大的密码大小，它也恰好是一个流行的散列函数(例如md5)的十六进制表示的大小。这样你就可以让自己更轻松，更少出错:

$password = time(); // even better if you have some other "random" input to use here

do {
    $password = md5(time().$password);
}
while (already_exists($password));

This also has the added advantage that the sequence space is larger, hence there will be less collisions. You can pick the size of the hash function according to the expected numbers of passwords you will generate in the future to "guarantee" a low collision probability and thus less calls to the possibly expensive already_exists function.

这还增加了一个优点，即序列空间更大，因此冲突更少。您可以根据未来生成的密码的预期数量来选择哈希函数的大小，以“保证”低碰撞概率，从而减少对可能昂贵的already_exists函数的调用。

1  

Here's a way you could do it without hashes or loops:

这里有一种方法，你可以不使用散列或循环:

$password = sprintf(
    "%04s%03s",
    base_convert(mt_rand(0, pow(36, 4) - 1), 10, 36),
    base_convert(mt_rand(0, pow(36, 3) - 1), 10, 36)
);

As a few others have mentioned, ensuring uniqueness is more complicated, and should be unneeded. The simplest way you could do it would be to add extra characters at the end, incrementing with each password generated.

正如其他一些人所提到的，确保惟一性更为复杂，应该不需要这样做。最简单的方法是在末尾添加额外的字符，每次生成一个密码就增加一个字符。

1  

Here is something that looks random and should be unique and have 7 chars for the times to come:

这里有一些看起来随机的，应该是唯一的，并且有7个字符为未来的时代:

echo base_convert(intval(microtime(true) * 10000), 10, 36);

Or for a little more randomness and less uniqueness (between 1000 and 10000 per second):

或者为了更少的随机性和更少的唯一性(每秒1000到10000):

echo base_convert(mt_rand(1, 9) . intval(microtime(true) * 1000), 10, 36);

Or (uniqueness between 100 and 10000 per second) - this is probably the best option:

或者(每秒100到10000次的唯一性)——这可能是最好的选择:

echo base_convert(mt_rand(10, 99) . intval(microtime(true) * 100), 10, 36);

Or (uniqueness between 10 and 10000 per second):

或(每秒10 ~ 10000次):

echo base_convert(mt_rand(100, 999) . intval(microtime(true) * 10), 10, 36);

You get the idea.

你懂的。

1  

A random alphanumeric (base 36 = 0..9 + a..z) value that has 7 chars has to have a base 10 representation between 2176782336 and 78364164095, the following snippet proves it:

一个随机的字母数字(base 36 = 0..)9 + a.. .z)具有7个字符的值必须具有2176782336和78364164095之间的基数10表示，下面的代码片段证明了这一点:

var_dump(base_convert('1000000', 36, 10));                   //  2176782336
var_dump(base_convert('zzzzzzz', 36, 10));                   // 78364164095

In order for it to be unique we have to rely on a non-repeating factor, the obvious choice is time():

为了使它是唯一的，我们必须依赖一个非重复因子，显然的选择是time():

var_dump(time());                                            //  1273508728
var_dump(microtime(true));                                   //  1273508728.2883

If we only wanted to ensure a minimum uniqueness factor of 1 unique code per second we could do:

如果我们只想确保每秒1个唯一码的最小惟一性因子，我们可以做到:

var_dump(base_convert(time() * 2, 10, 36));                  // 164ff8w
var_dump(base_convert(time() * 2 + 1, 10, 36));              // 164ff8x
var_dump(base_convert(time() * 2 + 2, 10, 36));              // 164ff8y
var_dump(base_convert(time() * 2 + 3, 10, 36));              // 164ff8z

You'll notice that these codes aren't random, you'll also notice that time() (1273508728) is less than 2176782336 (the minimum base 10 representation of a 7 char code), that's why I do time() * 2.

您将注意到这些代码不是随机的，您还将注意到time()(1273508728)小于2176782336(7字符代码的最小基数10表示)，这就是为什么我使用time() * 2。

Now lets do some date math in order to add randomness and increase the uniqueness factor while complying with the integer limitations of older versions of PHP (< 5.0?):

现在让我们进行一些日期计算，以增加随机性和增加惟一性，同时遵守旧版本PHP的整数限制(< 5.0?):

var_dump(1 * 60 * 60);                                       //       3600
var_dump(1 * 60 * 60 * 24);                                  //      86400
var_dump(1 * 60 * 60 * 24 * 366);                            //   31622400
var_dump(1 * 60 * 60 * 24 * 366 * 10);                       //  316224000
var_dump(1 * 60 * 60 * 24 * 366 * 20);                       //  632448000
var_dump(1 * 60 * 60 * 24 * 366 * 30);                       //  948672000
var_dump(1 * 60 * 60 * 24 * 366 * 31);                       //  980294400
var_dump(PHP_INT_MAX);                                       // 2147483647

Regarding PHP_INT_MAX I'm not sure what exactly changed in recent versions of PHP because the following clearly works in PHP 5.3.1, maybe someone could shed some light into this:

关于PHP_INT_MAX，我不确定PHP最新版本中究竟发生了什么变化，因为PHP 5.3.1中显然有以下内容，也许有人可以对此进行说明:

var_dump(base_convert(PHP_INT_MAX, 10, 36));                 // zik0zj
var_dump(base_convert(PHP_INT_MAX + 1, 10, 36));             // zik0zk
var_dump(base_convert(PHP_INT_MAX + 2, 10, 36));             // zik0zl
var_dump(base_convert(PHP_INT_MAX * 2, 10, 36));             // 1z141z2
var_dump(base_convert(PHP_INT_MAX * 2 + 1, 10, 36));         // 1z141z3
var_dump(base_convert(PHP_INT_MAX * 2 + 2, 10, 36));         // 1z141z4

I got kinda lost with my rationalization here and I'm bored so I'll just finish really quick. We can use pretty much the whole base 36 charset and safely generate sequential codes with a minimum guaranteed uniqueness factor of 1 unique code per second for 3.16887646 years using this:

我在这里失去了理性，我觉得很无聊，所以我很快就会讲完。我们几乎可以使用整个base 36字符集，并安全地生成具有最低保证唯一性系数为每秒1个唯一码的序列码，时间为3.16887646年。

base_convert(mt_rand(22, 782) . substr(time(), 2), 10, 36);

I just realized that the above can sometimes return duplicated values due to the first argument of mt_rand(), in order to produce unique results we need to limit a our base 36 charset a little bit:

我刚刚意识到，由于mt_rand()的第一个参数，上面的值有时可以返回重复的值，为了产生唯一的结果，我们需要将基数为36的字符集限定一点:

base_convert(mt_rand(122, 782) . substr(time(), 2), 10, 36);

Remember that the above values are still sequential, in order to make them look random we can use microtime() but we can only ensure a uniqueness factor of 10 codes per second for 3.8 months:

记住，上面的值仍然是连续的，为了使它们看起来更随机，我们可以使用microtime()，但是我们只能保证在3.8个月内每秒10个码的惟一因子:

base_convert(mt_rand(122, 782) . substr(number_format(microtime(true), 1, '', ''), 3), 10, 36);

This proved to be more difficult than I originally antecipated since there are lot of constrains:

事实证明，这比我原来预想的要困难得多，因为有很多限制:

• use the whole base 36 charset
• 使用整个基础36字符集。
• generate random-looking codes
• 生成随机密码
• trade-offs between uniqueness factor per second and durability of uniqueness
• 在每秒的惟一性因子和惟一性的持久性之间进行权衡
• PHP integer limitations
• PHP整数限制

If we can ignore any of the above it would be a lot easier and I'm sure this can be further optimized but like I said: this is boring me. Maybe someone would like to pick this up where I left. =) I'm hungry! =S

如果我们可以忽略上面的任何一个，这将会容易得多，我确信这可以被进一步优化，但是就像我说的:这让我厌烦。也许有人愿意把这个捡起来。=)我饿了!=年代

0  

Given that you mention passwords here, I'll assume you need a secure method (ie: someone shouldn't be able to guess someone else's password based on knowing any other password). You could use the following:

既然您在这里提到了密码，我就假定您需要一个安全的方法(即:某人不应该根据知道其他密码来猜测别人的密码)。你可以用以下方法:

1. Decide on a master password, for example "MasterPassword"
2. 决定主密码，例如“MasterPassword”
3. For each password generated, append to that either a random or sequential nonce, for example "MasterPassword1", "MasterPassword2".
4. 对于所生成的每个密码，将其附加到一个随机或连续的nonce，例如“MasterPassword1”，“MasterPassword2”。
5. Perform a cryptographic hash on that (SHA, MD5, etc) and covert the hash to a hexadecimal representation, eg "ce7f181a44a4a5b7e43fe2b9a0b1f0c1".
6. 对它执行一个密码哈希(SHA, MD5等)并将哈希转换为十六进制表示，如“ce7f181a44a4a5b74fe2b9a0b1f0c1”。
7. Truncate that to as many characters as you need - perhaps seven as you indicated: "ce7f181".
8. 将它截断到您需要的任意多个字符——如您所示:“ce7f181”。
9. Check if that has been assigned before. If not, return that as your password. Otherwise, repeat from 2.
10. 检查是否之前分配过。如果没有，返回作为您的密码。否则,重复从2。

If security is not an issue, steps 1 and 2 by themselves would be sufficient. If security is an issue, it is vital that no one but yourself knows the value of "MasterPassword".

如果安全性不是问题，那么步骤1和步骤2本身就足够了。如果安全性是一个问题，那么至关重要的是，只有您自己知道“MasterPassword”的值。

0  

Here's how I would solve this problem:

下面是我如何解决这个问题:

Consider that the 7 characters can be one of 26 letters (abc..z), or 10 numbers (01...9). This makes 36 possible characters.

考虑这7个字符可以是26个字母(abc..z)中的一个，也可以是10个数字(01…9)。这使得36个字符成为可能。

Each time your application generates a new code, have it increment a global variable. You can turn this unique number into a unique string by using a "Hexatridecimal" converter, and by adding filler characters to make up the rest of the string.

每次应用程序生成新代码时，都要增加一个全局变量。您可以使用“十六进制十进制”转换器将这个唯一的数字转换为唯一的字符串，并通过添加填充字符来组成字符串的其余部分。

Take a look at this link. I think this guy had the same problem as you: http://www.codemaxima.com/2010/04/the-hexatridecimal-numbering-system/

看看这个链接。我觉得这家伙和你有同样的问题:http://www.codemaxima.com/2010/04/the hexatridecimal-numbering-system/

0  

$random = substr(hash('md5',openssl_random_pseudo_bytes(32)),0,7);

0  

+1 to @Michael Haren's comment. If the passwords on your site should not have a constraint to be unique.

+1到@Michael Haren的评论。如果站点上的密码不应该有唯一的约束。

If I try to use a given password and I get an error that I can't use it because it's already in use, then I know some user on the system has that password. If there are 1000 users I only need to try a max of 1000 other accounts before I find the one who has that password.

如果我尝试使用一个给定的密码，却发现一个错误，我不能使用它，因为它已经在使用，那么我知道系统上的某个用户有这个密码。如果有1000个用户，我只需要尝试最多1000个其他帐户，就可以找到那个有密码的人。

Not really answering your question, but more than a comment. So I'm marking this CW.

不是真的回答你的问题，而是更多的评论。我标记这个CW。

0  

md5( microtime() );

0  

this is my favorite way to do it.

这是我最喜欢的方法。

$pretrimmedrandom = md5(uniqid(mt_rand(),true));
$trimmed =  substr($pretrimmedrandom ,0,7);

uniqid uses the current time to generate a very unique random string. results look like "3f456yg".

uniqid使用当前时间生成一个非常独特的随机字符串。结果看起来像“3 f456yg”。

0  

Galen's answer allows only one use of each character in the password. Not much information in that string. A simple change though:

盖伦的回答只允许在密码中使用每个字符。字符串中没有太多信息。一个简单的改变:

$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
$passwordlength = 7;
for ($x = 1; $x <= $passwordlength; $x++) {
  $charlist .= $chars;
}
$temp_pw = substr( str_shuffle( $charlist ), 0, $passwordlength );

0  

substr(str_shuffle(md5(microtime())),rand(0,21),7);

0  

try this

试试这个

echo $unique_key = substr(md5(rand(0, 1000000)), 0, 5);

it will give string with length 5.

它会给出长度为5的字符串。

-1  

Use Kohana text,

使用Kohana文本,

http://docs.kohanaphp.com/helpers/text

http://docs.kohanaphp.com/helpers/text

For example,

例如,

   $prod_id = text::random('alpha', 7);

If you don't want use the framework, you can simply copy the code. You will find lots of goodies there.

如果您不想使用框架，可以简单地复制代码。你会发现那里有很多好吃的。

-1  

Heres a very simple way

这里有一个非常简单的方法

$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
$temp_pw = substr( str_shuffle( $chars ), 0, 7 );
if ( check_unique( $temp_pw ) ) {
    $pw = $temp_pw;
}

You'll have to implement your own check_unique function. That part should be easy.

您必须实现自己的check_unique函数。那部分应该很容易。