Generate Password Function In PHP

17th November 2008 - 3 minutes read time

I have talked about generating random passwords before. Although that function generated some nice passwords, they perhaps aren't as unique as they ought to be.

This function, take from Webtoolkit creates passwords of different length with varying levels of complexity.

function generatePassword($length=9, $strength=0) {
  $vowels = 'aeiu';
  $consonants = 'bdghjmnpqrstvxyz';
  if ( $strength & 1 ) {
    $consonants .= 'BDGHJLMNPQRSTVWXYZ';
  if ( $strength & 2 ) {
    $vowels .= 'AEU';
  if ( $strength & 4 ) {
    $consonants .= '23456789';
  if ( $strength & 8 ) {
    $consonants .= '@#$%';
  $password = '';
  $alt = time() % 2;
  for ($i = 0; $i < $length; $i++) {
    if ($alt == 1) {
      $password .= $consonants[(rand() % strlen($consonants))];
      $alt = 0;
    } else {
      $password .= $vowels[(rand() % strlen($vowels))];
      $alt = 1;
  return $password;

The first parameter is the number of characters that the function should return. The second parameter is a number up to 8 which converts into complexity. The least complex password consists of only lower case consonants. The most complex password consists of upper and lower case letters, as well as numbers and symbols.

You might notice that some of the letters and numbers are missing, this is deliberate. When passwords are generated many of the characters can be very similar. Zero can look like an upper case O and I can look like the number one or a lower case L. Removing these letters stops people getting their passwords wrong and having to reapply for them in the future. Also, many people write down their passwords, even though you shouldn't, and in doing this many characters can also look the same. For example, in a mix of upper and lowercase letters it is difficult to see the difference between an upper and lower case W.

You can run the function like this.

echo generatePassword(8,1); // LareSuSy
echo generatePassword(8,2); // hUsuserU
echo generatePassword(8,3); // MEdEgYze
echo generatePassword(8,4); // tanapa3a
echo generatePassword(8,5); // ary2ugeR
echo generatePassword(8,6); // uqUtebyq
echo generatePassword(8,7); // yRysuNEV
echo generatePassword(8,8); // ygyqyha%

This is just the output that I got from these parameters, a different password is run each time. You should be using level 8 for any system administrator passwords.

Add new comment

The content of this field is kept private and will not be shown publicly.