teelou teelou - 10 months ago 39
PHP Question

PHP: Options to generate an unique user key

After a few days researching on hashing, generating random numbers or unique keys, I am a bit confusing now.

I have one last thing that I want to get it right which is the user key. I want to store an unique key for each member/ user who registers at my website. So this key must be unique and not duplicate. I am thinking to use the user email and hash it with timedate or something...

Then I wonder which is the best way to create such a key -

Can I use hash_hmac() to do this for me?

I have a couple of things don't understand about hash_hmac() though - as in this example from the php.net

hash_hmac('ripemd160', 'The quick brown fox jumped over the lazy dog.', 'secret');


So what is 'secret' - can I put anything different instead, like a timedate?
I assume that I can replace 'The quick brown fox jumped over the lazy dog.' with the email address?

or maybe I can use Portable PHP password hashing framework to do this?

the only thing is that it produces
.
,
$
, and
/
which I need to remove them otherwise I will get errors when I request the key from the URL.

so I might do this -

$hash = $phpass -> HashPassword('me@example.com'.$timedate)
$key = preg_replace("/[^a-zA-Z0-9]+/", "", $hash);


Please let me know if you have any better suggestions.

Answer

I have one last thing that I want to get it right which is the user key. I want to store an unique key for each member/ user who registers at my website. So this key must be unique and not duplicate. I am thinking to use the user email and hash it with timedate or something

  • I would just let your database handle this for you using autoincrement
  • You could also use uniqid for this: md5(uniqid(rand(), TRUE));

index.php:

for ($i=0;$i<10;$i++) {
    echo md5(uniqid(rand(), TRUE)) . "\n";
}

output:

php index.php 
ba0d9aad1ff0ceadf4b25f101099b91e
b5a6db5e174b426061d3d3835a6fcaea
54be6d3a03e0590917ed20b097442e3a
6e208a61eae8cfd102d4a41decf0f64e
2cafac5402815af87e8299e5e67016bd
95e839097a566471c70fe357e5a101d2
c6908532bda6f926debdda754b02f931
aac7adf999dd4dd009f208b176ea90d0
1ed7779229e57b05adc088b375582cfb
e016a684564d5cdb89201ebab1038609

They are all unique and you can just use them. You should NOT have to do anything else?