I’m getting the following password error. I have PHP 7.2 variant(to php version 5.5 does not appear to me this problem ), the following code :
function make_key($length) { $valid_chars = 'abcdefghijkilmnoprstwxyzABCDEFGHIJKMNOPRSTWXYZIL0123456789'; $random_string = ""; $num_valid_chars = strlen($valid_chars); for ($i = 0; $i < $length; $i++) { $random_pick = mt_rand(1, $num_valid_chars); $random_char = $valid_chars[$random_pick-1]; $random_string .= $random_char; } return $random_string; } /** * Generate random coupon code * @param int $length * @return string */ function generate_code($length=6) { // Generate array range $range = array_merge(range('A', 'Z'), range(0, 9)); $keyCount = count($range) - 1; $code = ''; for ($i = 0; $i < $length; $i++) { $rand = mt_rand(0, $keyCount); $code .= $range[$rand]; } return $code; } /** * Generates a random SHA-256 salt ($5$) * @return string */ function generate_salt() { return '$5$'.substr(crypt(uniqid()), 3, 13); }i eperire appears to : return ‘$5$’.substr(crypt(unigid()), 3, 13);
, can you help me how I can strengthen this code so I don’t have any more problems?
Thanks
Answer
The salt parameter is optional. However, crypt() creates a weak hash without the salt, and raises an E_NOTICE error without it. Make sure to specify a strong enough salt for better security.
function generate_salt($len = 8) {
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`~!@#$%^&*()-=_+';
$l = strlen($chars) - 1;
$str = '';
for ($i = 0; $i<$len; ++$i) {
$str .= $chars[rand(0, $l)];
}
return $str;
}
$generate_salt = generate_salt($len = 8);
$str = “$5$” . $generate_salt . “$”;
$c = crypt(uniqid(), $str);
echo $c; // $5$ot6wbbf+$wtwWCC8wmE01cNeHGGLMGqkWqiDWyHWfdXQvEOLI7.5
This is correct way to generate salt for crypt function.
Attribution
Source : Link , Question Author : Andrei Constantin , Answer Author : Eugenio
