This sounds very useful. To make it easier to use, why not also add some string constants, something like CHARS_HEX, CHARS_BASE64, CHARS_DECIMAL, etc? Then you could just do `random_string(24, CHARS_HEX);` to get a 24-char hex string.
On 16 July 2012 14:54, Nikita Popov <nikita....@gmail.com> wrote: > Hi all, > > I just want to throw a quick thought in here: > > The password API proposal includes a function called > password_make_salt(), that basically creates a random string, either > in raw binary form, or in the bcrypt salt format. Personally I don't > see much use for the function in the salt context as the password API > already generates the salt all by itself, but I do see a lot of use > for a random string function in general. People commonly want to > create random strings according to some format. Like CSRF tokens, ids, > etc. > > So my thought was to drop password_make_salt() and instead add some > kind of generalized random_string() function: > > // this is a 20 byte random binary string > $str = random_string(20); > > // ten random hex characters > $str = random_string(10, "0123456789ABCDEF"); > > // 15 characters from the bcrypt alphabet 0-9a-zA-Z./ > $str = random_string(15, > "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"); > > // if it's not too hard to implement, one could support this kind > of shortcut: > $str = random_string(15, "0-9a-zA-Z./"); > > Thoughts? > > Nikita > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- Andrew Faulds (AJF) http://ajf.me/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
