Re: [PHP] Generating PINs

Tue, 14 May 2002 06:22:13 -0700 

Hi,

Thanks to everyone for help on this matter. Combined with some SQL insert 
statements and loops, it works great. Now to get the numbers to a printer...

As usual, this list ROCKS!!!!

@lvin

At 03:23 PM 5/14/02, Miguel Cruz wrote:
>On Tue, 14 May 2002, Alvin Tan wrote:
> > This is not really a PHP question, but seeing that the final application
> > will be in PHP, I figured this'll be the best place to start.
> >
> > I have a client who wants to release a unique PIN for each product they
> > sell which works as a key to get more goodies on the website. How/where
> > can I get a large number of PINs, much like a software key (e.g.
> > 3HH5R-E59VB-7SX99 or similar)?
>
>The easiest is probably something like this...
>
>Generating PINs:
>
>   $randnum = strval(rand(10000000, 99999999));
>   $secretword = 'purple%chicken^';
>   $hash = md5($randnum . $secretword);
>   $PIN = substr($randnum, 0, 4)
>     . substr($hash, 0, 2) . '-'
>     . substr($hash, 2, 6) . '-'
>     . substr($hash, 8, 2)
>     . substr($randnum, 4);
>
>This will generate PINs in a format like 8087a5-6b09eb-a65859.
>
>Verifying PINs:
>
>   $PIN = str_replace('-', '', $PIN);
>   $secretword = 'purple%chicken^';
>   $randnum = substr($PIN, 0, 4) . substr($PIN, 14, 4);
>   $hash = substr($PIN, 4, 10);
>   if (substr(md5($randnum . $secretword), 0, 10) == $hash)
>     print "PIN is valid";
>   else
>     print "PIN invalid";
>
>As long as you can keep the secret word ($secretword) confidential, this
>will let you generate an infinite supply (okay, several million anyway) of
>PINs that can be validated with the simple code above, yet which are
>very difficult to fake.
>
>Obviously, if you need to locate the validation code on someone else's
>machine, this is not a good approach. And, like most things, it is
>susceptible to brute-force attacks unless you put in something to throttle
>repeated attempts at guessing PINs.
>
>miguel
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to