vendredi 5 février 2016

Random string generated characters not in original string

I use the following script to generate a temporary password.

before I get a lecture, I AM aware that this isn't crypto secure, and that I should use something like openssl_random_pseudo_bytes. But my question is not regarding 'being secure'.

function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!£$%^&*()?';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
         $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

I used PHPMailer connected to gmail SMTP to email the password to the user. The problem I have is that when my boss did a demonstration of this whilst in another country, the following characters were sent as the temp pw:

New Password: Il%KÂUyÂ?F

notice the accented A's are not in my string of selectable chars. This has only happened once, however shouldn't happen at all. As a result of this - the relevant hashes didn't match either, and so the temporary password didn't work. I'm using password_hash($string, PASSWORD_DEFAULT) with field length of 255.

Surely the fact that he was in a different country when he tested the function shouldn't have any bearing on the chars sent seeing as they are generated from the server, which obviously has a static location.

$key = generateRandomString();
$msg.="New Password: ".$key."<br><br>";
$mail->Body = $msg;




Aucun commentaire:

Enregistrer un commentaire