On 16/07/12 17:32, Alex Aulbach wrote: > I like it. I've looked in some code and found about 8 > password-generation-functions. 4 of them have more or less the same > idea behind. > > The rest generates more complicated password. E.g. "minimum one > digit", "First letter must be alphabetic". This is easy to implement. > Some generate passwords from syllables (don't ask, no one does that > anymore). > > > Three suggestions: > > > 1a) If you want to support character classes, you can do it with pcre: > http://www.php.net/manual/en/regexp.reference.character-classes.php > (...) > -- "look like RE consisting of just one character-class" : something > like "/^\/\[.*\]\/[^/]*$/s" - not tested this, but explained: search > for "/[...]/...". Some cases here are untested ([, ] and so on), needs > more thinking, when I have time, but will be enough for prove of > concept. Making it easier is always possible. > -- $charset : The chars from 0 to 255. > > With this you can avoid to parse or define the character-classes > yourself and it is normally fast enough. If you want to have it faster > see suggestion 3. That's more or less what I have thought. If it's a string surrounded by square brackets, it's a character class, else treat as a literal list of characters. ] and - can be provided with the old trick of provide "] as first character", "make - the first or last one".
Quite easy to implement, however you can get into problems when dealing with multiple locales. For instance, if the string is in utf-8, you don't want to randomly choose the first byte and then an ascii character. Maybe there should be a parameter for string encoding. Having to detect character limits makes it uglier. > 1b) And it has some more functionality: For germans the alphabet > constists out of 30 chars. PCRE normally considers this! [:alpha:] for > german locals differs from [:alpha:] for english. > > Is this wanted? I think, the localisation should be by default off; > nobody really needs to generate passwords with umlauts. Not something to use as default. You don't want to provide users passwords with characters they can't type. About supporting POSIX classes, that could be cool. But you then need a way to enumerate them. Note that isalpha() will be provided by the C library, so you can't count on having its data. It's possible that PCRE, which we bundle, contains the needed unicode tables. > 3. Because generating a string from character-classes is very handy in > general for some other things (many string functions have it), I > suggest that it is not part of random_string(). Make a new function > str_from_character_class(), or if you use pcre like above > pcre_str_from_character_class()? How would you use such function? If you want to make a string out of them, you would use this new str_random(). If you want to verify if a given character matches a class, you have preg_match(). If you want one arbitrary character from that class, just call str_random() with a length of 1. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
