Generate Unique Account IDs – PHP – SitePoint Forums

Good morning!

I’m trying to generate two keys for user accounts, a public key (which the client will see) and a private key (for the system).

Currently I just use substr(str_shuffle()) to generate the keys for testing, but for production I need to be 100% sure that no two keys are the same. Also, the private key should be nearly impossible to guess.

Private key generation

My idea was like this: RandomString + Number. Example: “jHudSbE12” with the unique number.

The code I have so far:

$pKeyPartOne = substr(str_shuffle('qwertyuioplkjhgfdsazxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM'),0,10);
$pKeyPartTwo = 0 //I got stuck here
$finalpKey = $pKeyPartOne.$pKeyPartTwo

The final private key is then inserted into the database.

I want the number to be unique (like Auto_Increment), but I couldn’t figure out how to get the Auto_Increment number in code before it was put into the database (I know I could put it into the database, then retrieve the increment id and update, but I don’t want to do that).

Generation of the public key

The public key must consist of 8 unique digits. My original idea was to just generate an 8-digit string with substr(str_shuffle() and check if it already exists in the database, but that could take a long time, especially if the code keeps generating a string that does exist already.

I thought about using the PHP date() or time() function, but either it wouldn’t be unique or it wouldn’t have the right length. I’ve also considered using Auto_Increment (I know you can set a starting value), but I’d prefer random generation. Is there a better way to do this?

My questions

1. How can I get the increment ID of the database entry that will be assigned before the information is entered into the database?
2. How do I generate a 100% unique 8-digit numeric string?

Sorry for the confusion and thanks in advance!

Why do you want to reinvent the wheel?

Just use the RSA key generator

https://www.php.net/manual/en/function.openssl-pkey-new.php

But it’s numbers and letters, I only want numbers, and of a specific length.

Set table column to unique will not impose any duplicates.
You just need a little logic around your INSERT query to check if the execute was successful, and try again with a new key if not.

Your approach is insane.

Either you use a strong key or you use a unique number. If you need a unique number, use the database auto-increment feature and don’t care that the first user will get the number 1.

What is the public key used for? Why can’t it contain characters? An 8-digit number is never a secure key. It’s absurd.

It’s not supposed to be. The 8 digit is the public digit. It’s not supposed to be secure. This is literally why I also have a private ID.

Yeah, that was my original thought. But it has to be 8 numeric digits, and I don’t make them to be in order.

So like:

$Key= //key generation
INSERT DECLARATION
IF(INSERT){
//all good
}other{
$Key = //key generation
INSERT
}

But there has to be a way to loop it so that it continually checks for duplicates, right?

First you will prepare the insert.

$sql = $db->prepare("INSERT INTO table (data1, data2, data3, pubkey) VALUES (?, ?, ?, ?)");

Then you can loop a run.

$e = 1062 ; // Code for duplicate
while($e == 1062){
    $pubkey = makeRand(8, 'num') ; // Get new key from a custom function
    $sql->execute([$data1, $data2, $data3, $pubkey]);   // Try execution
    $e = $sql->errorCode();   // Get error code
}

Not tested, just an idea.

What is the real problem you are trying to solve by doing this?

The terminology is confusing. Private key and public key are software engineering terms. They mean something specific. You shouldn’t refer to what you do using the same terminology. Security aside, it’s just confusing.

This loop needs a counter to force an output after a reasonable number of iterations, if a programming error the random generator fails to produce sufficiently unique values ​​(computers don’t do random things very well) , or most/all combinations are used at the top. If the exit condition is met, you will need to save information about the specific occurrence and configure a message for the user indicating that the operation could not be completed.

Try adding a new user using “ON_DUPLICATE_KEY_UPDATE” and use the generated unique key… which might be hashed.