Generate a token for email verification in CodeIgniter 3

Question

I'm building a login/reg system in CI3 and I have a doubt. Instead of use:

$key=md5(uniqid());

for sending key for email activation...can I use another method? I don't know, using database (mysql)? hash with SHA1 maybe? I don't want the most secure way, just a solution that is not fake as uniqid() is. 'Cause I know that id generated by uniqid() is not really random, so there is no reason to hash to md5 is simply...stupid.

Thank you in advance.

Answer 1

Actually email verification/password generation should be

1. easy to understand
2. easy to get back

It means if you send md5 what happen is user get an word length of 32. Its very bad sign.

MD5 example

8b1a9953c4611296a827abf8c47804d7

---

what I Suggest you is

In codeigniter there is an helper call String. Use that.

There is 5 different choices to pick you

1. alpha
2. alnum
3. basic
4. numeric
5. nozero

---

How to use this?

Load helper in controller

$this->load->helper('string');

Then just add this

random_string([$type [, $len]]) ;

Example :

random_string('alnum', 8);

---

How these diff with each other ??

Assume : length is 8 in these scenario.

alpha

This will just print String with UPPER Case
Example AKTHDOGK

alnum

This will print String with UPPER and LOWER Case
Example JdKsPeeU

basic

This will print random number using mt_rand() in php.
Example 12756079

numeric

This will print Numeric string.
Example 01234567 (Not used. So not sure)

nozero

This will print and number. But there is no zero Example 12345678 (Not used. So not sure)

---

FYI: I never used numeric and nozero. So i have no idea about the example. But all other function are i used.